isBeginGetPublicKeyCredentialOption->{// ... other logicpopulatePasskeyData(origin,option,responseBuilder,autoSelectEnabled,allowedAuthenticator)// ... other logic as needed}
valcreateRequest=PendingIntentHandler.retrieveProviderCreateCredentialRequest(intent)if(createRequest==null){Log.i(TAG,"request is null")setUpFailureResponseAndFinish("Unable to extract request from intent")return}// Other logic...valbiometricPromptResult=createRequest.biometricPromptResult// Add your logic based on what needs to be done// after getting biometricsif(createRequest.callingRequestisCreatePublicKeyCredentialRequest){valpublicKeyRequest:CreatePublicKeyCredentialRequest=createRequest.callingRequestasCreatePublicKeyCredentialRequestif(biometricPromptResult==null){// Do your own authentication flow, if needed}elseif(biometricPromptResult.isSuccessful){createPasskey(publicKeyRequest.requestJson,createRequest.callingAppInfo,publicKeyRequest.clientDataHash,accountId)}else{valerror=biometricPromptResult.authenticationError// Process the error}// Other logic...}
同樣地,請在 retrieveProviderGetCredentialRequest 期間擷取中繼資料。
檢查生物特徵辨識流程是否為 null。如果是,請設定自己的生物辨識驗證方式。這與 get 作業的檢測方式類似:
valgetRequest=PendingIntentHandler.retrieveProviderGetCredentialRequest(intent)if(getRequest==null){Log.i(TAG,"request is null")setUpFailureResponseAndFinish("Unable to extract request from intent")return}// Other logic...valbiometricPromptResult=getRequest.biometricPromptResult// Add your logic based on what needs to be done// after getting biometricsif(biometricPromptResult==null){// Do your own authentication flow, if necessary}elseif(biometricPromptResult.isSuccessful){Log.i(TAG,"The response from the biometricPromptResult was ${biometricPromptResult.authenticationResult?.authenticationType}")validatePasskey(publicKeyRequest.requestJson,origin,packageName,uid,passkey.username,credId,privateKey)}else{valerror=biometricPromptResult.authenticationError// Process the error}// Other logic...
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["缺少我需要的資訊","missingTheInformationINeed","thumb-down"],["過於複雜/步驟過多","tooComplicatedTooManySteps","thumb-down"],["過時","outOfDate","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["示例/程式碼問題","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-27 (世界標準時間)。"],[],[],null,["# Integrate single tap passkey creation and sign-in with biometric prompts\n\nOn Android 15, Credential Manager supports a single tap flow for credential\ncreation and retrieval. In this flow, the information of the credential being\ncreated, or being used, is displayed directly in the Biometric Prompt, along\nwith an entrypoint to more options. This simplified process creates a more\nefficient and streamlined credential creation and retrieval process.\n\n**Requirements:**\n\n- Biometrics have been set up on the user's device and the user allows them for authentication into applications.\n- For sign-in flows, this feature is enabled for single account scenarios only, even if there's multiple credentials (such as passkey and password) available for that account.\n\nEnable single tap on passkey creation flows\n-------------------------------------------\n\nThis method's creation steps match the [existing credential creation\nprocess](/identity/sign-in/credential-provider#handle-passkey-creation). Within your `BeginCreatePublicKeyCredentialRequest`, use\n`handleCreatePasskeyQuery()` to process the request if it is for a passkey. \n\n is BeginCreatePublicKeyCredentialRequest -\u003e {\n Log.i(TAG, \"Request is passkey type\")\n return handleCreatePasskeyQuery(request, passwordCount, passkeyCount)\n }\n\nIn your `handleCreatePasskeyQuery()`, include [`BiometricPromptData`](/reference/kotlin/androidx/credentials/provider/BiometricPromptData) with\nthe `CreateEntry` class: \n\n val createEntry = CreateEntry(\n // Additional properties...\n biometricPromptData = BiometricPromptData(\n allowedAuthenticators = allowedAuthenticator\n ),\n )\n\nCredential providers should explicitly set the `allowedAuthenticator` property\nin the `BiometricPromptData` instance. If this property is not set, the value\ndefaults to `DEVICE_WEAK`. Set the optional `cryptoObject` property if needed\nfor your use case.\n| **Note:** If the device is configured to use `DEVICE_CREDENTIALS` to require a PIN or passcode for authentication---regardless of whether biometrics are available or enabled---the standard credential manager flow will be used instead of the single-tap flow. This means the provider will always receive a `null` value for `biometricPromptResult` in these scenarios.\n\nEnable single tap on sign-in passkey flows\n------------------------------------------\n\nSimilar to the passkey creation flow, this will follow the existing setup for\n[handling user sign-in](/identity/sign-in/credential-provider#handle-user-sign-in). Under the `BeginGetPublicKeyCredentialOption`, use\n`populatePasskeyData()` to gather the relevant information about the\nauthentication request: \n\n is BeginGetPublicKeyCredentialOption -\u003e {\n // ... other logic\n\n populatePasskeyData(\n origin,\n option,\n responseBuilder,\n autoSelectEnabled,\n allowedAuthenticator\n )\n\n // ... other logic as needed\n }\n\nSimilar to `CreateEntry`, a `BiometricPromptData` instance is set to the\n`PublicKeyCredentialEntry` instance. If not explicitly set,\n`allowedAuthenticator` defaults to `BIOMETRIC_WEAK`. \n\n PublicKeyCredentialEntry(\n // other properties...\n\n biometricPromptData = BiometricPromptData(\n allowedAuthenticators = allowedAuthenticator\n )\n )\n\n| **Note:** The user is presented with a biometric authentication option if their device supports it and they have granted permission for its use. The code is similar to the previous example, with the addition of a [`cryptoObject`](/reference/androidx/biometric/BiometricPrompt.CryptoObject).\n\nHandle credential entry selection\n---------------------------------\n\nWhile handling the credential entry selection for [passkey creation](/identity/sign-in/credential-provider#handle-passkey-credential) or\n[passkey selection during sign in](/identity/sign-in/credential-provider#passkeys-implement), call the `PendingIntentHandler's\nretrieveProviderCreateCredentialRequest`, or\n`retrieveProviderGetCredentialRequest`, as appropriate. These return objects\nthat contain the metadata needed for the provider. For example, when handling\npasskey creation entry selection, update your code as shown: \n\n val createRequest = PendingIntentHandler.retrieveProviderCreateCredentialRequest(intent)\n if (createRequest == null) {\n Log.i(TAG, \"request is null\")\n setUpFailureResponseAndFinish(\"Unable to extract request from intent\")\n return\n }\n // Other logic...\n\n val biometricPromptResult = createRequest.biometricPromptResult\n\n // Add your logic based on what needs to be done\n // after getting biometrics\n\n if (createRequest.callingRequest is CreatePublicKeyCredentialRequest) {\n val publicKeyRequest: CreatePublicKeyCredentialRequest =\n createRequest.callingRequest as CreatePublicKeyCredentialRequest\n\n if (biometricPromptResult == null) {\n // Do your own authentication flow, if needed\n } else if (biometricPromptResult.isSuccessful) {\n createPasskey(\n publicKeyRequest.requestJson,\n createRequest.callingAppInfo,\n publicKeyRequest.clientDataHash,\n accountId\n )\n } else {\n val error = biometricPromptResult.authenticationError\n // Process the error\n }\n\n // Other logic...\n }\n\nThis example contains information about the biometric flow's success. It also\ncontains other information about the credential. If the flow fails, use the\nerror code under `biometricPromptResult.authenticationError` to make decisions.\nThe error codes returned as part of\n`biometricPromptResult.authenticationError.errorCode` are the same error codes\ndefined in the androidx.biometric library, such as\n[androidx.biometric.BiometricPrompt.NO_SPACE](/reference/androidx/biometric/BiometricPrompt#ERROR_NO_SPACE()),\n[androidx.biometric.BiometricPrompt.UNABLE_TO_PROCESS](/identity/sign-in/androidx.biometric.BiometricPrompt.NO_SPACE),\n[androidx.biometric.BiometricPrompt.ERROR_TIMEOUT](/reference/androidx/biometric/BiometricPrompt#ERROR_TIMEOUT()), and similar. The\n`authenticationError` will also contain an error message associated with the\n`errorCode` that can be displayed on a UI.\n\nSimilarly, extract metadata during the `retrieveProviderGetCredentialRequest`.\nCheck if your biometric flow is `null`. If yes, configure your own biometrics to\nauthenticate. This is similar to how the [get operation](/identity/sign-in/credential-provider#passkeys-implement) is instrumented: \n\n val getRequest =\n PendingIntentHandler.retrieveProviderGetCredentialRequest(intent)\n\n if (getRequest == null) {\n Log.i(TAG, \"request is null\")\n setUpFailureResponseAndFinish(\"Unable to extract request from intent\")\n return\n }\n\n // Other logic...\n\n val biometricPromptResult = getRequest.biometricPromptResult\n\n // Add your logic based on what needs to be done\n // after getting biometrics\n\n if (biometricPromptResult == null) {\n // Do your own authentication flow, if necessary\n } else if (biometricPromptResult.isSuccessful) {\n\n Log.i(TAG, \"The response from the biometricPromptResult was ${biometricPromptResult.authenticationResult?.authenticationType}\")\n\n validatePasskey(\n publicKeyRequest.requestJson,\n origin,\n packageName,\n uid,\n passkey.username,\n credId,\n privateKey\n )\n } else {\n val error = biometricPromptResult.authenticationError\n // Process the error\n }\n\n // Other logic..."]]
