BiometricPrompt
public class BiometricPrompt
A class that manages a system-provided biometric prompt. On devices running Android 9.0 (API 28) and above, this will show a system-provided authentication prompt, using one of the device's supported biometric modalities (fingerprint, iris, face, etc) with Class 2 or Class 3 strength. Prior to Android 9.0, this will instead show a custom fingerprint authentication dialog. The prompt will persist across configuration changes unless explicitly canceled. For security reasons, the prompt will be dismissed when the client application is no longer in the foreground.
To persist authentication across configuration changes, developers should (re)create the prompt every time the activity/fragment is created. Instantiating the prompt with a new callback early in the fragment/activity lifecycle (e.g. in onCreate()) will allow the ongoing authentication session's callbacks to be received by the new fragment/activity instance. Note that cancelAuthentication() should not be called, and authenticate() does not need to be invoked during activity/fragment creation.
Note that if multiple instances of BiometricPrompt are created within a single Fragment or Activity, only the callback registered with the last created instance will be saved and receive authentication results. This behavior can lead to unexpected results if multiple independent biometric authentication flows are attempted within the same Fragment or Activity. It is highly recommended to avoid creating multiple BiometricPrompt instances in this scenario.
Summary
Nested types |
|---|
public abstract class BiometricPrompt.AuthenticationCallbackA collection of methods that may be invoked by |
public class BiometricPrompt.AuthenticationResultA container for data passed to |
public class BiometricPrompt.CryptoObjectA wrapper class for the crypto objects supported by |
public class BiometricPrompt.PromptInfoA set of configurable options for how the |
public class BiometricPrompt.PromptInfo.BuilderA builder used to set individual options for the |
Constants |
|
|---|---|
static final int |
Authentication type reported by |
static final int |
Authentication type reported by |
static final int |
Authentication type reported by |
static final int |
ERROR_CANCELED = 5The operation was canceled because the biometric sensor is unavailable. |
static final int |
The user pressed the more options button on |
static final int |
ERROR_HW_NOT_PRESENT = 12The device does not have the required authentication hardware. |
static final int |
The hardware is unavailable. |
static final int |
Identity Check is currently not active. |
static final int |
ERROR_LOCKOUT = 7The operation was canceled because the API is locked out due to too many attempts. |
static final int |
The operation was canceled because |
static final int |
The user pressed the negative button. |
static final int |
ERROR_NO_BIOMETRICS = 11The user does not have any biometrics enrolled. |
static final int |
The device does not have pin, pattern, or password set up. |
static final int |
ERROR_NO_SPACE = 4The operation can't be completed because there is not enough device storage remaining. |
static final int |
A security vulnerability has been discovered with one or more hardware sensors. |
static final int |
ERROR_TIMEOUT = 3The current operation has been running too long and has timed out. |
static final int |
The sensor was unable to process the current image. |
static final int |
ERROR_USER_CANCELED = 10The user canceled the operation. |
static final int |
ERROR_VENDOR = 8The operation failed due to a vendor-specific error. |
Public constructors |
|---|
BiometricPrompt(Constructs a |
BiometricPrompt(Constructs a |
BiometricPrompt(Constructs a |
BiometricPrompt(Constructs a |
Public methods |
|
|---|---|
void |
Shows the biometric prompt to the user. |
void |
authenticate(Shows the biometric prompt to the user. |
void |
Cancels the ongoing authentication session and dismisses the prompt. |
Constants
AUTHENTICATION_RESULT_TYPE_BIOMETRIC
public static final int AUTHENTICATION_RESULT_TYPE_BIOMETRIC = 2
Authentication type reported by AuthenticationResult when the user authenticated by presenting some form of biometric (e.g. fingerprint or face).
AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL
public static final int AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL = 1
Authentication type reported by AuthenticationResult when the user authenticated by entering their device PIN, pattern, or password.
AUTHENTICATION_RESULT_TYPE_UNKNOWN
public static final int AUTHENTICATION_RESULT_TYPE_UNKNOWN = -1
Authentication type reported by AuthenticationResult when the user authenticated via an unknown method.
This value may be returned on older Android versions due to partial incompatibility with a newer API. It does NOT necessarily imply that the user authenticated with a method other than those represented by AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL and AUTHENTICATION_RESULT_TYPE_BIOMETRIC.
ERROR_CANCELED
public static final int ERROR_CANCELED = 5
The operation was canceled because the biometric sensor is unavailable. This may happen when the user is switched, the device is locked, or another pending operation prevents it.
ERROR_CONTENT_VIEW_MORE_OPTIONS_BUTTON
public static final int ERROR_CONTENT_VIEW_MORE_OPTIONS_BUTTON = 22
The user pressed the more options button on PromptContentViewWithMoreOptionsButton set by setContentView
ERROR_HW_NOT_PRESENT
public static final int ERROR_HW_NOT_PRESENT = 12
The device does not have the required authentication hardware.
ERROR_HW_UNAVAILABLE
public static final int ERROR_HW_UNAVAILABLE = 1
The hardware is unavailable. Try again later.
ERROR_IDENTITY_CHECK_NOT_ACTIVE
public static final int ERROR_IDENTITY_CHECK_NOT_ACTIVE = 20
Identity Check is currently not active. This device either doesn't have this feature enabled, or it's not considered in a high-risk environment that requires extra security measures for accessing sensitive data.
ERROR_LOCKOUT
public static final int ERROR_LOCKOUT = 7
The operation was canceled because the API is locked out due to too many attempts. This occurs after 5 failed attempts, and lasts for 30 seconds.
ERROR_LOCKOUT_PERMANENT
public static final int ERROR_LOCKOUT_PERMANENT = 9
The operation was canceled because ERROR_LOCKOUT occurred too many times. Biometric authentication is disabled until the user unlocks with their device credential (i.e. PIN, pattern, or password).
ERROR_NEGATIVE_BUTTON
public static final int ERROR_NEGATIVE_BUTTON = 13
The user pressed the negative button.
ERROR_NO_BIOMETRICS
public static final int ERROR_NO_BIOMETRICS = 11
The user does not have any biometrics enrolled.
ERROR_NO_DEVICE_CREDENTIAL
public static final int ERROR_NO_DEVICE_CREDENTIAL = 14
The device does not have pin, pattern, or password set up.
ERROR_NO_SPACE
public static final int ERROR_NO_SPACE = 4
The operation can't be completed because there is not enough device storage remaining.
ERROR_SECURITY_UPDATE_REQUIRED
public static final int ERROR_SECURITY_UPDATE_REQUIRED = 15
A security vulnerability has been discovered with one or more hardware sensors. The affected sensor(s) are unavailable until a security update has addressed the issue.
ERROR_TIMEOUT
public static final int ERROR_TIMEOUT = 3
The current operation has been running too long and has timed out.
This is intended to prevent programs from waiting for the biometric sensor indefinitely. The timeout is platform and sensor-specific, but is generally on the order of ~30 seconds.
ERROR_UNABLE_TO_PROCESS
public static final int ERROR_UNABLE_TO_PROCESS = 2
The sensor was unable to process the current image.
ERROR_USER_CANCELED
public static final int ERROR_USER_CANCELED = 10
The user canceled the operation.
Upon receiving this, applications should use alternate authentication, such as a password. The application should also provide the user a way of returning to biometric authentication, such as a button.
ERROR_VENDOR
public static final int ERROR_VENDOR = 8
The operation failed due to a vendor-specific error.
This error code may be used by hardware vendors to extend this list to cover errors that don't fall under one of the other predefined categories. Vendors are responsible for providing the strings for these errors.
These messages are typically reserved for internal operations such as enrollment but may be used to express any error that is not otherwise covered. In this case, applications are expected to show the error message, but they are advised not to rely on the message ID, since this may vary by vendor and device.
Public constructors
BiometricPrompt
public BiometricPrompt(
@NonNull FragmentActivity activity,
@NonNull BiometricPrompt.AuthenticationCallback callback
)
Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.
If authentication is in progress, calling this constructor to recreate the prompt will also update the AuthenticationCallback for the current session. Thus, this method should be called by the client activity each time the configuration changes (e.g. in onCreate()).
| Parameters | |
|---|---|
@NonNull FragmentActivity activity |
The activity of the client application that will host the prompt. |
@NonNull BiometricPrompt.AuthenticationCallback callback |
The object that will receive and process authentication events. |
BiometricPrompt
public BiometricPrompt(
@NonNull Fragment fragment,
@NonNull BiometricPrompt.AuthenticationCallback callback
)
Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.
If authentication is in progress, calling this constructor to recreate the prompt will also update the AuthenticationCallback for the current session. Thus, this method should be called by the client fragment each time the configuration changes (e.g. in onCreate()).
| Parameters | |
|---|---|
@NonNull Fragment fragment |
The fragment of the client application that will host the prompt. |
@NonNull BiometricPrompt.AuthenticationCallback callback |
The object that will receive and process authentication events. |
BiometricPrompt
public BiometricPrompt(
@NonNull FragmentActivity activity,
@NonNull Executor executor,
@NonNull BiometricPrompt.AuthenticationCallback callback
)
Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.
If authentication is in progress, calling this constructor to recreate the prompt will also update the Executor and AuthenticationCallback for the current session. Thus, this method should be called by the client activity each time the configuration changes (e.g. in onCreate()).
| Parameters | |
|---|---|
@NonNull FragmentActivity activity |
The activity of the client application that will host the prompt. |
@NonNull Executor executor |
The executor that will be used to run |
@NonNull BiometricPrompt.AuthenticationCallback callback |
The object that will receive and process authentication events. |
BiometricPrompt
public BiometricPrompt(
@NonNull Fragment fragment,
@NonNull Executor executor,
@NonNull BiometricPrompt.AuthenticationCallback callback
)
Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.
If authentication is in progress, calling this constructor to recreate the prompt will also update the Executor and AuthenticationCallback for the current session. Thus, this method should be called by the client fragment each time the configuration changes (e.g. in onCreate()).
| Parameters | |
|---|---|
@NonNull Fragment fragment |
The fragment of the client application that will host the prompt. |
@NonNull Executor executor |
The executor that will be used to run |
@NonNull BiometricPrompt.AuthenticationCallback callback |
The object that will receive and process authentication events. |
Public methods
authenticate
public void authenticate(@NonNull BiometricPrompt.PromptInfo info)
Shows the biometric prompt to the user. The prompt survives lifecycle changes by default. To cancel authentication and dismiss the prompt, use cancelAuthentication.
| Parameters | |
|---|---|
@NonNull BiometricPrompt.PromptInfo info |
An object describing the appearance and behavior of the prompt. |
| See also | |
|---|---|
authenticate |
authenticate
public void authenticate(
@NonNull BiometricPrompt.PromptInfo info,
@NonNull BiometricPrompt.CryptoObject crypto
)
Shows the biometric prompt to the user. The prompt survives lifecycle changes by default. To cancel authentication and dismiss the prompt, use cancelAuthentication.
Calling this method invokes crypto-based authentication, which is incompatible with Class 2 (formerly Weak) biometrics and (prior to Android 11) device credential. Therefore, it is an error for info to explicitly allow any of these authenticator types on an incompatible Android version.
| Parameters | |
|---|---|
@NonNull BiometricPrompt.PromptInfo info |
An object describing the appearance and behavior of the prompt. |
@NonNull BiometricPrompt.CryptoObject crypto |
A crypto object to be associated with this authentication. |
| Throws | |
|---|---|
java.lang.IllegalArgumentException |
If any of the allowed authenticator types specified by |
| See also | |
|---|---|
authenticate |
|
setAllowedAuthenticators |
cancelAuthentication
public void cancelAuthentication()
Cancels the ongoing authentication session and dismisses the prompt.
On versions prior to Android 10 (API 29), calling this method while the user is authenticating with their device credential will NOT work as expected. See setDeviceCredentialAllowed for more details.