isBeginGetPublicKeyCredentialOption->{// ... other logicpopulatePasskeyData(origin,option,responseBuilder,autoSelectEnabled,allowedAuthenticator)// ... other logic as needed}
valcreateRequest=PendingIntentHandler.retrieveProviderCreateCredentialRequest(intent)if(createRequest==null){Log.i(TAG,"request is null")setUpFailureResponseAndFinish("Unable to extract request from intent")return}// Other logic...valbiometricPromptResult=createRequest.biometricPromptResult// Add your logic based on what needs to be done// after getting biometricsif(createRequest.callingRequestisCreatePublicKeyCredentialRequest){valpublicKeyRequest:CreatePublicKeyCredentialRequest=createRequest.callingRequestasCreatePublicKeyCredentialRequestif(biometricPromptResult==null){// Do your own authentication flow, if needed}elseif(biometricPromptResult.isSuccessful){createPasskey(publicKeyRequest.requestJson,createRequest.callingAppInfo,publicKeyRequest.clientDataHash,accountId)}else{valerror=biometricPromptResult.authenticationError// Process the error}// Other logic...}
同样,在 retrieveProviderGetCredentialRequest 期间提取元数据。
检查您的生物识别流程是否为 null。如果支持,请配置您自己的生物识别信息以进行身份验证。这类似于 get 操作的插桩方式:
valgetRequest=PendingIntentHandler.retrieveProviderGetCredentialRequest(intent)if(getRequest==null){Log.i(TAG,"request is null")setUpFailureResponseAndFinish("Unable to extract request from intent")return}// Other logic...valbiometricPromptResult=getRequest.biometricPromptResult// Add your logic based on what needs to be done// after getting biometricsif(biometricPromptResult==null){// Do your own authentication flow, if necessary}elseif(biometricPromptResult.isSuccessful){Log.i(TAG,"The response from the biometricPromptResult was ${biometricPromptResult.authenticationResult?.authenticationType}")validatePasskey(publicKeyRequest.requestJson,origin,packageName,uid,passkey.username,credId,privateKey)}else{valerror=biometricPromptResult.authenticationError// Process the error}// Other logic...
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-27。"],[],[],null,["# Integrate single tap passkey creation and sign-in with biometric prompts\n\nOn Android 15, Credential Manager supports a single tap flow for credential\ncreation and retrieval. In this flow, the information of the credential being\ncreated, or being used, is displayed directly in the Biometric Prompt, along\nwith an entrypoint to more options. This simplified process creates a more\nefficient and streamlined credential creation and retrieval process.\n\n**Requirements:**\n\n- Biometrics have been set up on the user's device and the user allows them for authentication into applications.\n- For sign-in flows, this feature is enabled for single account scenarios only, even if there's multiple credentials (such as passkey and password) available for that account.\n\nEnable single tap on passkey creation flows\n-------------------------------------------\n\nThis method's creation steps match the [existing credential creation\nprocess](/identity/sign-in/credential-provider#handle-passkey-creation). Within your `BeginCreatePublicKeyCredentialRequest`, use\n`handleCreatePasskeyQuery()` to process the request if it is for a passkey. \n\n is BeginCreatePublicKeyCredentialRequest -\u003e {\n Log.i(TAG, \"Request is passkey type\")\n return handleCreatePasskeyQuery(request, passwordCount, passkeyCount)\n }\n\nIn your `handleCreatePasskeyQuery()`, include [`BiometricPromptData`](/reference/kotlin/androidx/credentials/provider/BiometricPromptData) with\nthe `CreateEntry` class: \n\n val createEntry = CreateEntry(\n // Additional properties...\n biometricPromptData = BiometricPromptData(\n allowedAuthenticators = allowedAuthenticator\n ),\n )\n\nCredential providers should explicitly set the `allowedAuthenticator` property\nin the `BiometricPromptData` instance. If this property is not set, the value\ndefaults to `DEVICE_WEAK`. Set the optional `cryptoObject` property if needed\nfor your use case.\n| **Note:** If the device is configured to use `DEVICE_CREDENTIALS` to require a PIN or passcode for authentication---regardless of whether biometrics are available or enabled---the standard credential manager flow will be used instead of the single-tap flow. This means the provider will always receive a `null` value for `biometricPromptResult` in these scenarios.\n\nEnable single tap on sign-in passkey flows\n------------------------------------------\n\nSimilar to the passkey creation flow, this will follow the existing setup for\n[handling user sign-in](/identity/sign-in/credential-provider#handle-user-sign-in). Under the `BeginGetPublicKeyCredentialOption`, use\n`populatePasskeyData()` to gather the relevant information about the\nauthentication request: \n\n is BeginGetPublicKeyCredentialOption -\u003e {\n // ... other logic\n\n populatePasskeyData(\n origin,\n option,\n responseBuilder,\n autoSelectEnabled,\n allowedAuthenticator\n )\n\n // ... other logic as needed\n }\n\nSimilar to `CreateEntry`, a `BiometricPromptData` instance is set to the\n`PublicKeyCredentialEntry` instance. If not explicitly set,\n`allowedAuthenticator` defaults to `BIOMETRIC_WEAK`. \n\n PublicKeyCredentialEntry(\n // other properties...\n\n biometricPromptData = BiometricPromptData(\n allowedAuthenticators = allowedAuthenticator\n )\n )\n\n| **Note:** The user is presented with a biometric authentication option if their device supports it and they have granted permission for its use. The code is similar to the previous example, with the addition of a [`cryptoObject`](/reference/androidx/biometric/BiometricPrompt.CryptoObject).\n\nHandle credential entry selection\n---------------------------------\n\nWhile handling the credential entry selection for [passkey creation](/identity/sign-in/credential-provider#handle-passkey-credential) or\n[passkey selection during sign in](/identity/sign-in/credential-provider#passkeys-implement), call the `PendingIntentHandler's\nretrieveProviderCreateCredentialRequest`, or\n`retrieveProviderGetCredentialRequest`, as appropriate. These return objects\nthat contain the metadata needed for the provider. For example, when handling\npasskey creation entry selection, update your code as shown: \n\n val createRequest = PendingIntentHandler.retrieveProviderCreateCredentialRequest(intent)\n if (createRequest == null) {\n Log.i(TAG, \"request is null\")\n setUpFailureResponseAndFinish(\"Unable to extract request from intent\")\n return\n }\n // Other logic...\n\n val biometricPromptResult = createRequest.biometricPromptResult\n\n // Add your logic based on what needs to be done\n // after getting biometrics\n\n if (createRequest.callingRequest is CreatePublicKeyCredentialRequest) {\n val publicKeyRequest: CreatePublicKeyCredentialRequest =\n createRequest.callingRequest as CreatePublicKeyCredentialRequest\n\n if (biometricPromptResult == null) {\n // Do your own authentication flow, if needed\n } else if (biometricPromptResult.isSuccessful) {\n createPasskey(\n publicKeyRequest.requestJson,\n createRequest.callingAppInfo,\n publicKeyRequest.clientDataHash,\n accountId\n )\n } else {\n val error = biometricPromptResult.authenticationError\n // Process the error\n }\n\n // Other logic...\n }\n\nThis example contains information about the biometric flow's success. It also\ncontains other information about the credential. If the flow fails, use the\nerror code under `biometricPromptResult.authenticationError` to make decisions.\nThe error codes returned as part of\n`biometricPromptResult.authenticationError.errorCode` are the same error codes\ndefined in the androidx.biometric library, such as\n[androidx.biometric.BiometricPrompt.NO_SPACE](/reference/androidx/biometric/BiometricPrompt#ERROR_NO_SPACE()),\n[androidx.biometric.BiometricPrompt.UNABLE_TO_PROCESS](/identity/sign-in/androidx.biometric.BiometricPrompt.NO_SPACE),\n[androidx.biometric.BiometricPrompt.ERROR_TIMEOUT](/reference/androidx/biometric/BiometricPrompt#ERROR_TIMEOUT()), and similar. The\n`authenticationError` will also contain an error message associated with the\n`errorCode` that can be displayed on a UI.\n\nSimilarly, extract metadata during the `retrieveProviderGetCredentialRequest`.\nCheck if your biometric flow is `null`. If yes, configure your own biometrics to\nauthenticate. This is similar to how the [get operation](/identity/sign-in/credential-provider#passkeys-implement) is instrumented: \n\n val getRequest =\n PendingIntentHandler.retrieveProviderGetCredentialRequest(intent)\n\n if (getRequest == null) {\n Log.i(TAG, \"request is null\")\n setUpFailureResponseAndFinish(\"Unable to extract request from intent\")\n return\n }\n\n // Other logic...\n\n val biometricPromptResult = getRequest.biometricPromptResult\n\n // Add your logic based on what needs to be done\n // after getting biometrics\n\n if (biometricPromptResult == null) {\n // Do your own authentication flow, if necessary\n } else if (biometricPromptResult.isSuccessful) {\n\n Log.i(TAG, \"The response from the biometricPromptResult was ${biometricPromptResult.authenticationResult?.authenticationType}\")\n\n validatePasskey(\n publicKeyRequest.requestJson,\n origin,\n packageName,\n uid,\n passkey.username,\n credId,\n privateKey\n )\n } else {\n val error = biometricPromptResult.authenticationError\n // Process the error\n }\n\n // Other logic..."]]
