Package 

Interface FidoClient

  • 
public interface FidoClient

    A client for performing FIDO2/WebAuthn operations using a hardware security key.

    This interface provides the primary API for creating and asserting WebAuthn credentials using a YubiKey or other FIDO2-compatible authenticator. It handles the full lifecycle of FIDO operations including user interaction, PIN entry, and NFC/USB device communication.

    Usage:

    Create an instance from a Fragment or ComponentActivity:

    val fidoClient = FidoClient(this)

    Then use makeCredential for registration or getAssertion for authentication:

    val result = fidoClient.makeCredential(origin, requestJson, null)
result.onSuccess { credentialJson -> /* handle success */}
result.onFailure { error -> /* handle error */}

    Threading:

    All operations are suspending functions and must be called from the main thread (e.g., using Dispatchers.Main, lifecycleScope, or viewLifecycleOwner.lifecycleScope). Only one FIDO request can be in progress at a time; attempting to start a new request while one is pending will throw an IllegalStateException.

    Extensions:

    Optional FIDO extensions (e.g., largeBlob, PRF) can be provided at construction time or configured globally via FidoConfigManager.setExtensions.

    Lifecycle:

    The client uses Android's Activity Result API internally. It must be created during the initialization phase of the Fragment or ComponentActivity (before onStart()).

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      public class FidoClient.Companion

    • Method Summary

      Modifier and Type Method Description
      abstract Result<String> makeCredential(Origin origin, String request, String clientDataHash) Creates a new WebAuthn credential (registration).
      abstract Result<String> getAssertion(Origin origin, String request, String clientDataHash) Asserts an existing WebAuthn credential (authentication).

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • makeCredential

        @MainThread() abstract Result<String> makeCredential(Origin origin, String request, String clientDataHash)

        Creates a new WebAuthn credential (registration).

        This corresponds to the navigator.credentials.create() WebAuthn API call. Launches a FIDO activity that presents UI for the user to interact with their security key, handle PIN entry if required, and complete the registration ceremony.

        Parameters:
        origin - The Origin of the request, identifying the relying party.
        request - JSON string containing the PublicKeyCredentialCreationOptions as defined by the WebAuthn specification.
        clientDataHash - Optional pre-computed SHA-256 hash of the client data (hex-encoded).

      • getAssertion

        @MainThread() abstract Result<String> getAssertion(Origin origin, String request, String clientDataHash)

        Asserts an existing WebAuthn credential (authentication).

        This corresponds to the navigator.credentials.get() WebAuthn API call. Launches a FIDO activity that presents UI for the user to interact with their security key, handle PIN entry if required, and complete the authentication ceremony.

        Parameters:
        origin - The Origin of the request, identifying the relying party.
        request - JSON string containing the PublicKeyCredentialRequestOptions as defined by the WebAuthn specification.
        clientDataHash - Optional pre-computed SHA-256 hash of the client data (hex-encoded).