harmony 鸿蒙@ohos.userIAM.userAuth (User Authentication)

2025-06-12
浏览 (5)

@ohos.userIAM.userAuth (User Authentication)

The userAuth module provides APIs for user authentication, which applies to scenarios such as device unlocking, payment, and application login.

NOTE
The initial APIs of this module are supported since API version 6. Newly added APIs will be marked with a superscript to indicate their earliest API version.

Modules to Import

import { userAuth } from '@kit.UserAuthenticationKit';

Constant

Name	Value	Description
MAX_ALLOWABLE_REUSE_DURATION¹²⁺	300000	Maximum reuse duration of the authentication result, in milliseconds. The value is 300000. System capability: SystemCapability.UserIAM.UserAuth.Core Atomic service API: This API can be used in atomic services since API version 12.

EnrolledState¹²⁺

Represents the state of a credential enrolled.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Readable	Writable	Description
credentialDigest	number	Yes	No	Credential digest, which is randomly generated when a credential is added.
credentialCount	number	Yes	No	Number of enrolled credentials.

ReuseMode¹²⁺

Enumerates the modes for reusing authentication results.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
AUTH_TYPE_RELEVANT	1	The device unlock authentication result can be reused within the validity period if the authentication type matches any of the authentication types specified for this authentication. Atomic service API: This API can be used in atomic services since API version 12.
AUTH_TYPE_IRRELEVANT	2	The device unlock authentication result can be reused within the validity period regardless of the authentication type. Atomic service API: This API can be used in atomic services since API version 12.
CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT¹⁴⁺	3	Any identity authentication result (including device unlock authentication result) can be reused within the validity period if the authentication type matches any of the authentication types specified for this authentication. Atomic service API: This API can be used in atomic services since API version 14.
CALLER_IRRELEVANT_AUTH_TYPE_IRRELEVANT¹⁴⁺	4	Any identity authentication result (including device unlock authentication result) can be reused within the validity period regardless of the authentication type. Atomic service API: This API can be used in atomic services since API version 14.

ReuseUnlockResult¹²⁺

Represents information about the authentication result reuse. > NOTE > > If the credential changes within the reuse duration after a successful identity authentication (including device unlock authentication), the authentication result can still be reused and the actual EnrolledState is returned in the authentication result. > > If the credential used for the previous authentication has been deleted when the authentication result is used:
- If the deleted credential is face or fingerprint, the authentication result can still be reused, but credentialCount and credentialDigest in the EnrolledState returned are both 0.
- If the deleted credential is a lock screen password, the reuse will fail.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
reuseMode	ReuseMode	Yes	Authentication result reuse mode.
reuseDuration	number	Yes	Period for which the authentication result can be reused. The value must be greater than 0 and less than MAX_ALLOWABLE_REUSE_DURATION.

userAuth.getEnrolledState¹²⁺

getEnrolledState(authType : UserAuthType): EnrolledState

Obtains the credential state.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
authType	UserAuthType	Yes	Authentication type.

Return value

Type	Description
EnrolledState	Credential state obtained if the operation is successful.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters. Possible causes: 1.Mandatory parameters are left unspecified.
12500002	General operation error.
12500005	The authentication type is not supported.
12500010	The type of credential has not been enrolled.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

try {
  let enrolledState = userAuth.getEnrolledState(userAuth.UserAuthType.FACE);
  console.info(`get current enrolled state success, enrolledState = ${JSON.stringify(enrolledState)}`);
} catch (error) {
  console.error(`get current enrolled state failed, error = ${JSON.stringify(error)}`);
}

AuthParam¹⁰⁺

Defines the user authentication parameters.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
challenge	Uint8Array	Yes	Random challenge value, which can be used to prevent replay attacks. It cannot exceed 32 bytes and can be passed in Uint8Array([]) format.
authType	UserAuthType[]	Yes	Authentication type list, which specifies the types of authentication provided on the user authentication page.
authTrustLevel	AuthTrustLevel	Yes	Authentication trust level. For details, see Principles for Classifying Biometric Authentication Trust Levels.
reuseUnlockResult¹²⁺	ReuseUnlockResult	No	Information about the authentication result reuse.

WidgetParam¹⁰⁺

Represents the information presented on the user authentication page.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
title	string	Yes	Title of the user authentication page. It cannot exceed 500 characters. Atomic service API: This API can be used in atomic services since API version 12.
navigationButtonText	string	No	Text on the navigation button. It cannot exceed 60 characters. It is supported in single fingerprint or facial authentication before API version 18. Since API version 18, it is also supported in combined facial and fingerprint authentication. Atomic service API: This API can be used in atomic services since API version 12.
uiContext¹⁸⁺	Context	No	Whether to display the authentication dialog box in modal application mode. This mode is applicable only to 2-in-1 devices. If this mode is not used or other types of devices are used, the authentication dialog box is displayed in modal system mode. Atomic service API: This API can be used in atomic services since API version 18.

UserAuthResult¹⁰⁺

Represents the user authentication result. If the authentication is successful, the authentication type and token information are returned.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
result	number	Yes	User authentication result. If the authentication is successful, SUCCESS is returned. Otherwise, an error code is returned. For details, see UserAuthResultCode.
token	Uint8Array	No	Authentication token information.
authType	UserAuthType	No	Authentication type.
enrolledState¹²⁺	EnrolledState	No	Credential state.

IAuthCallback¹⁰⁺

Provides callbacks to return the authentication result.

onResult¹⁰⁺

onResult(result: UserAuthResult): void

Called to return the authentication result. If the authentication is successful, UserAuthResult contains the token information.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
result	UserAuthResult	Yes	Authentication result.

Example 1

Initiate a lock screen password authentication request at ATL3 or higher.

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };

  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  // The authentication result is returned by onResult only after the authentication is started by start() of UserAuthInstance.
  userAuthInstance.on('result', {
    onResult (result) {
      console.info(`userAuthInstance callback result = ${JSON.stringify(result)}`);
    }
  });
  console.info('auth on success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

Example 2

Initiate a lock screen password authentication request at ATL3 or higher, and enable the authentication result to be reused for the same type of authentication within the specified time.

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

let reuseUnlockResult: userAuth.ReuseUnlockResult = {
  reuseMode: userAuth.ReuseMode.AUTH_TYPE_RELEVANT,
  reuseDuration: userAuth.MAX_ALLOWABLE_REUSE_DURATION,
}
try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
    reuseUnlockResult: reuseUnlockResult,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  // The authentication result is returned by onResult only after the authentication is started by start() of UserAuthInstance.
  userAuthInstance.on('result', {
    onResult (result) {
      console.info(`userAuthInstance callback result = ${JSON.stringify(result)}`);
    }
  });
  console.info('auth on success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

Example 3

Initiate a lock screen authentication request at ATL3 or higher, and enable the authentication result to be reused for any type of authentication within the maximum reuse duration of any application.

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

let reuseUnlockResult: userAuth.ReuseUnlockResult = {
  reuseMode: userAuth.ReuseMode.CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT,
  reuseDuration: userAuth.MAX_ALLOWABLE_REUSE_DURATION,
}
try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
    reuseUnlockResult: reuseUnlockResult,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  // The authentication result is returned by onResult only after the authentication is started by start() of UserAuthInstance.
  userAuthInstance.on('result', {
    onResult (result) {
      console.info(`userAuthInstance callback result = ${JSON.stringify(result)}`);
    }
  });
  console.info('auth on success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

UserAuthInstance¹⁰⁺

Provides APIs for user authentication. The user authentication widget is supported. Before using the APIs of UserAuthInstance, you must obtain a UserAuthInstance instance by using getUserAuthInstance.

on¹⁰⁺

on(type: ‘result’, callback: IAuthCallback): void

Subscribes to the user authentication result.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
type	‘result’	Yes	Event type. The value is result, which indicates the authentication result.
callback	IAuthCallback	Yes	Callback used to return the user authentication result.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters. Possible causes: 1.Mandatory parameters are left unspecified. 2.Incorrect parameter types. 3.Parameter verification failed.
12500002	General operation error.

Example 1

Perform user identity authentication in modal system mode.

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  // The authentication result is returned by onResult only after the authentication is started by start() of UserAuthInstance.
  userAuthInstance.on('result', {
    onResult (result) {
      console.info(`userAuthInstance callback result = ${JSON.stringify(result)}`);
    }
  });
  console.info('auth on success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

Example 2

Perform user identity authentication in modal application mode.

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

@Entry
@Component
struct Index {
  modelApplicationAuth(): void {
    try {
      const rand = cryptoFramework.createRandom();
      const len: number = 16;
      const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
      const authParam: userAuth.AuthParam = {
        challenge: randData,
        authType: [userAuth.UserAuthType.PIN],
        authTrustLevel: userAuth.AuthTrustLevel.ATL3,
      };
      const uiContext: UIContext = this.getUIContext();
      const context: Context|undefined = uiContext.getHostContext();
      const widgetParam: userAuth.WidgetParam = {
        title:'Enter password',
        uiContext: context,
      };
      const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
      console.info('get userAuth instance success');
      // The authentication result is returned by onResult only after the authentication is started by start() of UserAuthInstance.
      userAuthInstance.on('result', {
        onResult (result) {
          console.info(`userAuthInstance callback result = ${JSON.stringify(result)}`);
        }
      });
      console.info('auth on success');
    } catch (error) {
      const err: BusinessError = error as BusinessError;
      console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
    }
  }

  build() {
    Column() {
      Button('start auth')
        .onClick(() => {
          this.modelApplicationAuth();
        })
    }
  }
}

off¹⁰⁺

off(type: ‘result’, callback?: IAuthCallback): void

Unsubscribes from the user authentication result.

NOTE

The UserAuthInstance instance used to invoke this API must be the one used to subscribe to the event.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
type	‘result’	Yes	Event type. The value is result, which indicates the authentication result.
callback	IAuthCallback	No	Callback to unregister.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters. Possible causes: 1.Mandatory parameters are left unspecified. 2.Incorrect parameter types. 3.Parameter verification failed.
12500002	General operation error.

Example

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  userAuthInstance.off('result', {
    onResult (result) {
      console.info(`auth off result = ${JSON.stringify(result)}`);
    }
  });
  console.info('auth off success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

start¹⁰⁺

start(): void

Starts authentication.

NOTE
Each UserAuthInstance can be used for authentication only once.

Required permissions: ohos.permission.ACCESS_BIOMETRIC or ohos.permission.USER_AUTH_FROM_BACKGROUND (available only for system applications)

Starting from API version 20, only system applications can apply for the ohos.permission.USER_AUTH_FROM_BACKGROUND permission.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters. Possible causes: 1.Incorrect parameter types.
12500001	Authentication failed.
12500002	General operation error.
12500003	Authentication canceled.
12500004	Authentication timeout.
12500005	The authentication type is not supported.
12500006	The authentication trust level is not supported.
12500007	Authentication service is busy.
12500009	Authentication is locked out.
12500010	The type of credential has not been enrolled.
12500011	Switched to the custom authentication process.
12500013	Operation failed because of PIN expired.

Example

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  userAuthInstance.start();
  console.info('auth start success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

cancel¹⁰⁺

cancel(): void

Cancels this authentication.

NOTE

UserAuthInstance must be the instance being authenticated.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Error codes

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters. Possible causes: 1.Incorrect parameter types.
12500002	General operation error.

Example

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam : userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  const userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
  // The cancel() API can be called only after the authentication is started by start() of UserAuthInstance.
  userAuthInstance.cancel();
  console.info('auth cancel success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

userAuth.getUserAuthInstance¹⁰⁺

getUserAuthInstance(authParam: AuthParam, widgetParam: WidgetParam): UserAuthInstance

Obtains a UserAuthInstance instance for user authentication. The user authentication widget is also supported.

NOTE
Each UserAuthInstance can be used for authentication only once.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
authParam	AuthParam	Yes	User authentication parameters.
widgetParam	WidgetParam	Yes	Parameters on the user authentication page.

Return value

Type	Description
UserAuthInstance	UserAuthInstance instance that supports UI.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters. Possible causes: 1.Mandatory parameters are left unspecified. 2.Incorrect parameter types. 3.Parameter verification failed.
12500002	General operation error.
12500005	The authentication type is not supported.
12500006	The authentication trust level is not supported.

Example

import { BusinessError } from '@kit.BasicServicesKit';
import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { userAuth } from '@kit.UserAuthenticationKit';

try {
  const rand = cryptoFramework.createRandom();
  const len: number = 16;
  const randData: Uint8Array = rand?.generateRandomSync(len)?.data;
  const authParam: userAuth.AuthParam = {
    challenge: randData,
    authType: [userAuth.UserAuthType.PIN],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  const widgetParam: userAuth.WidgetParam = {
    title:'Enter password',
  };
  let userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);
  console.info('get userAuth instance success');
} catch (error) {
  const err: BusinessError = error as BusinessError;
  console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
}

AuthResultInfo^(deprecated)

Represents the authentication result.

NOTE
This API is supported since API version 9 and deprecated since API version 11.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
result	number	Yes	Authentication result.
token	Uint8Array	No	Token that has passed the user identity authentication.
remainAttempts	number	No	Number of remaining authentication attempts.
lockoutDuration	number	No	Lock duration of the authentication operation, in ms.

TipInfo^(deprecated)

Represents the tip information displayed during the authentication, which is used to provide feedback during the authentication process.

NOTE
This API is supported since API version 9 and deprecated since API version 11.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
module	number	Yes	ID of the module that sends the tip information.
tip	number	Yes	Tip to be given during the authentication process.

EventInfo^(deprecated)

type EventInfo = AuthResultInfo|TipInfo

Enumerates the authentication event information types.

The event information type consists of the fields in Type in the following table.

NOTE
This parameter is supported since API version 9 and deprecated since API version 11. Use UserAuthResult instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Type	Description
AuthResultInfo	Authentication result.
TipInfo	Authentication tip information.

AuthEventKey^(deprecated)

type AuthEventKey = ‘result’|‘tip’

Defines the keyword of the authentication event type. It is used as a parameter of on.

It consists of the fields in Type in the following table.

NOTE
This API is supported since API version 9 and deprecated since API version 11.

System capability: SystemCapability.UserIAM.UserAuth.Core

Type	Description
‘result’	If the first parameter of on is result, the callback returns the authentication result.
‘tip’	If the first parameter of on is tip, the callback returns the authentication tip information.

AuthEvent^(deprecated)

Provides an asynchronous callback to return the authentication event information.

NOTE
This API is supported since API version 9 and deprecated since API version 11. Use IAuthCallback instead.

callback^(deprecated)

callback(result : EventInfo) : void

Called to return the authentication result or authentication tip information.

NOTE
This API is supported since API version 9 and deprecated since API version 11. Use onResult instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
result	EventInfo	Yes	Authentication result or tip information.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;
// Obtain the authentication result via a callback.
try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  auth.on('result', {
    callback: (result: userAuth.AuthResultInfo) => {
      console.info(`authV9 result ${result.result}`);
      console.info(`authV9 token ${result.token}`);
      console.info(`authV9 remainAttempts ${result.remainAttempts}`);
      console.info(`authV9 lockoutDuration ${result.lockoutDuration}`);
    }
  } as userAuth.AuthEvent);
  auth.start();
  console.info('authV9 start success');
} catch (error) {
  console.error(`authV9 error = ${error}`);
  // Handle error.
}
// Obtain the authentication tip information via a callback.
try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  auth.on('tip', {
    callback : (result : userAuth.TipInfo) => {
      switch (result.tip) {
        case userAuth.FaceTips.FACE_AUTH_TIP_TOO_BRIGHT:
          // Do something.
        case userAuth.FaceTips.FACE_AUTH_TIP_TOO_DARK:
          // Do something.
        default:
          // Do others.
      }
    }
  } as userAuth.AuthEvent);
  auth.start();
  console.info('authV9 start success');
} catch (error) {
  console.error(`authV9 error = ${error}`);
  // Handle error.
}

AuthInstance^(deprecated)

Implements user authentication.

NOTE
This API is supported since API version 9 and deprecated since API version 10. Use UserAuthInstance instead.

on^(deprecated)

on : (name : AuthEventKey, callback : AuthEvent) => void

Subscribes to the user authentication events of the specified type.

NOTE
- This API is supported since API version 9 and deprecated since API version 10. - Use the AuthInstance instance obtained to call this API.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
name	AuthEventKey	Yes	Authentication event type. If the value is result, the callback returns the authentication result. If the value is tip, the callback returns the authentication tip information.
callback	AuthEvent	Yes	Callback used to return the authentication result or tip information.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters.
12500002	General operation error.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;
try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  // Subscribe to the authentication result.
  auth.on('result', {
    callback: (result: userAuth.AuthResultInfo) => {
      console.info(`authV9 result ${result.result}`);
      console.info(`authV9 token ${result.token}`);
      console.info(`authV9 remainAttempts ${result.remainAttempts}`);
      console.info(`authV9 lockoutDuration ${result.lockoutDuration}`);
    }
  });
  // Subscribe to authentication tip information.
  auth.on('tip', {
    callback : (result : userAuth.TipInfo) => {
      switch (result.tip) {
        case userAuth.FaceTips.FACE_AUTH_TIP_TOO_BRIGHT:
          // Do something.
        case userAuth.FaceTips.FACE_AUTH_TIP_TOO_DARK:
          // Do something.
        default:
          // Do others.
      }
    }
  } as userAuth.AuthEvent);
  auth.start();
  console.info('authV9 start success');
} catch (error) {
  console.error(`authV9 error = ${error}`);
  // Handle error.
}

off^(deprecated)

off : (name : AuthEventKey) => void

Unsubscribes from the user authentication events of the specific type.

NOTE
- This API is supported since API version 9 and deprecated since API version 10. - The AuthInstance instance used to call this API must be the one used to subscribe to the events.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
name	AuthEventKey	Yes	Authentication event type. If the value is result, the authentication result is unsubscribed from. If the value is tip, the authentication tip information is unsubscribed from.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters.
12500002	General operation error.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;
try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  // Subscribe to the authentication result.
  auth.on('result', {
    callback: (result: userAuth.AuthResultInfo) => {
      console.info(`authV9 result ${result.result}`);
      console.info(`authV9 token ${result.token}`);
      console.info(`authV9 remainAttempts ${result.remainAttempts}`);
      console.info(`authV9 lockoutDuration ${result.lockoutDuration}`);
    }
  });
  // Unsubscribe from the authentication result.
  auth.off('result');
  console.info('cancel subscribe authentication event success');
} catch (error) {
  console.error(`cancel subscribe authentication event failed, error = ${error}`);
  // do error.
}

start^(deprecated)

start : () => void

Starts authentication.

NOTE
- This API is supported since API version 9 and deprecated since API version 10. - Use the AuthInstance instance obtained to call this API.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters.
12500001	Authentication failed.
12500002	General operation error.
12500003	The operation is canceled.
12500004	The operation is time-out.
12500005	The authentication type is not supported.
12500006	The authentication trust level is not supported.
12500007	The authentication task is busy.
12500009	The authenticator is locked.
12500010	The type of credential has not been enrolled.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;

try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  auth.start();
  console.info('authV9 start auth success');
} catch (error) {
  console.error(`authV9 start auth failed, error = ${error}`);
}

cancel^(deprecated)

cancel : () => void

Cancels this authentication.

NOTE

This API is supported since API version 9 and deprecated since API version 10.

Use the AuthInstance instance obtained to call this API. The AuthInstance instance must be the instance being authenticated.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters.
12500002	General operation error.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;

try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  auth.cancel();
  console.info('cancel auth success');
} catch (error) {
  console.error(`cancel auth failed, error = ${error}`);
}

userAuth.getAuthInstance^(deprecated)

getAuthInstance(challenge : Uint8Array, authType : UserAuthType, authTrustLevel : AuthTrustLevel): AuthInstance

Obtains an AuthInstance instance for user authentication.

NOTE

This API is supported since API version 9 and deprecated since API version 10. Use getUserAuthInstance instead.

An AuthInstance instance can be used for authentication only once.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
challenge	Uint8Array	Yes	Challenge value. It cannot exceed 32 bytes and can be passed in Uint8Array([]) format.
authType	UserAuthType	Yes	Authentication type. Currently, FACE and FINGERPRINT are supported.
authTrustLevel	AuthTrustLevel	Yes	Authentication trust level.

Return value

Type	Description
AuthInstance	AuthInstance instance obtained.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
401	Incorrect parameters.
12500002	General operation error.
12500005	The authentication type is not supported.
12500006	The authentication trust level is not supported.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
let authType = userAuth.UserAuthType.FACE;
let authTrustLevel = userAuth.AuthTrustLevel.ATL1;

try {
  let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
  console.info('let auth instance success');
} catch (error) {
  console.error(`get auth instance success failed, error = ${error}`);
}

userAuth.getAvailableStatus⁹⁺

getAvailableStatus(authType : UserAuthType, authTrustLevel : AuthTrustLevel): void

Checks whether the specified authentication capability is supported.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
authType	UserAuthType	Yes	Authentication type. PIN is supported since API version 11.
authTrustLevel	AuthTrustLevel	Yes	Authentication trust level.

The mechanism for returning the error code is as follows:

Error code 12500005 is returned if the authentication executor is not registered and the specified authentication capability is not supported.

Error code 12500006 is returned if the authentication executor has been registered, the authentication functionality is not disabled, but the authentication trust level is lower than that specified by the service.

Error code 12500010 is returned if the authentication executor has been registered, the authentication functionality is not disabled, but the user has not enrolled credential.

Error code 12500013 is returned if the authentication executor has been registered, the authentication functionality is not disabled, but the password has expired.

NOTE

If getAvailableStatus is called to check whether lock screen password authentication at ATL4 is supported for a user who has enrolled a 4-digit PIN as the lock screen password (the authentication trust level is ATL3), error code 12500010 will be returned.

Error codes

For details about the error codes, see User Authentication Error Codes.

ID	Error Message
201	Permission verification failed.
401	Incorrect parameters. Possible causes: 1.Mandatory parameters are left unspecified.
12500002	General operation error.
12500005	The authentication type is not supported.
12500006	The authentication trust level is not supported.
12500010	The type of credential has not been enrolled.
12500013	Operation failed because of PIN expired.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

try {
  userAuth.getAvailableStatus(userAuth.UserAuthType.FACE, userAuth.AuthTrustLevel.ATL1);
  console.info('current auth trust level is supported');
} catch (error) {
  console.error(`current auth trust level is not supported, error = ${error}`);
}

UserAuthResultCode⁹⁺

Enumerates the authentication result codes.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
SUCCESS	12500000	The authentication is successful.
FAIL	12500001	The authentication failed.
GENERAL_ERROR	12500002	A general operation error occurred.
CANCELED	12500003	The authentication is canceled.
TIMEOUT	12500004	The authentication has timed out.
TYPE_NOT_SUPPORT	12500005	The authentication type is not supported.
TRUST_LEVEL_NOT_SUPPORT	12500006	The authentication trust level is not supported.
BUSY	12500007	The system does not respond.
LOCKED	12500009	The authentication executor is locked.
NOT_ENROLLED	12500010	The user has not enrolled the specified system identity authentication credential.
CANCELED_FROM_WIDGET¹⁰⁺	12500011	The user cancels the system authentication and selects a custom authentication of the application. The caller needs to launch the custom authentication page.
PIN_EXPIRED¹²⁺	12500013	The authentication failed because the lock screen password has expired.

UserAuth^(deprecated)

Provides APIs for managing the user authentication executor.

constructor^(deprecated)

constructor()

A constructor used to create a UserAuth instance.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use getAuthInstance instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();

getVersion^(deprecated)

getVersion() : number

Obtains the version of this authenticator.

NOTE
This API is supported since API version 8 and deprecated since API version 9.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Return value

Type	Description
number	Authenticator version obtained.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();
let version = auth.getVersion();
console.info(`auth version = ${version}`);

getAvailableStatus^(deprecated)

getAvailableStatus(authType : UserAuthType, authTrustLevel : AuthTrustLevel) : number

Checks whether the specified authentication capability is supported.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use getAvailableStatus instead.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
authType	UserAuthType	Yes	Authentication type. Currently, FACE and FINGERPRINT are supported.
authTrustLevel	AuthTrustLevel	Yes	Authentication trust level.

Return value

Type	Description
number	Query result. If the authentication capability is supported, SUCCESS is returned. Otherwise, a ResultCode is returned.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();
let checkCode = auth.getAvailableStatus(userAuth.UserAuthType.FACE, userAuth.AuthTrustLevel.ATL1);
if (checkCode == userAuth.ResultCode.SUCCESS) {
  console.info('check auth support success');
} else {
  console.error(`check auth support fail, code = ${checkCode}`);
}

auth^(deprecated)

auth(challenge: Uint8Array, authType: UserAuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array

Starts user authentication. This API uses a callback to return the result.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use start instead.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
challenge	Uint8Array	Yes	Challenge value, which can be passed in Uint8Array([]) format.
authType	UserAuthType	Yes	Authentication type. Currently, FACE and FINGERPRINT are supported.
authTrustLevel	AuthTrustLevel	Yes	Authentication trust level.
callback	IUserAuthCallback	Yes	Callback used to return the result.

Return value

Type	Description
Uint8Array	Context ID, which is used as the input parameter of cancelAuth.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();
let challenge = new Uint8Array([]);
auth.auth(challenge, userAuth.UserAuthType.FACE, userAuth.AuthTrustLevel.ATL1, {
  onResult: (result, extraInfo) => {
    try {
      console.info(`auth onResult result = ${result}`);
      console.info(`auth onResult extraInfo = ${JSON.stringify(extraInfo)}`);
      if (result == userAuth.ResultCode.SUCCESS) {
        // Add the logic to be executed when the authentication is successful.
      } else {
        // Add the logic to be executed when the authentication fails.
      }
    } catch (error) {
      console.error(`auth onResult error = ${error}`);
    }
  }
});

cancelAuth^(deprecated)

cancelAuth(contextID : Uint8Array) : number

Cancels the authentication based on the context ID.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use cancel instead.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
contextID	Uint8Array	Yes	Context ID, which is obtained by auth.

Return value

Type	Description
number	Returns SUCCESS if the cancellation is successful. Returns a ResultCode otherwise.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

// contextId can be obtained via auth(). In this example, it is defined here.
let contextId = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7]);
let auth = new userAuth.UserAuth();
let cancelCode = auth.cancelAuth(contextId);
if (cancelCode == userAuth.ResultCode.SUCCESS) {
  console.info('cancel auth success');
} else {
  console.error('cancel auth fail');
}

IUserAuthCallback^(deprecated)

Provides callbacks to return the authentication result.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use AuthEvent instead.

onResult^(deprecated)

onResult: (result : number, extraInfo : AuthResult) => void

Called to return the authentication result.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use callback instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
result	number	Yes	Authentication result. For details, see ResultCode.
extraInfo	AuthResult	Yes	Extended information, which varies depending on the authentication result. If the authentication is successful, the user authentication token will be returned in extraInfo. If the authentication fails, the remaining number of authentication times will be returned in extraInfo. If the authentication executor is locked, the freeze time will be returned in extraInfo.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();
let challenge = new Uint8Array([]);
auth.auth(challenge, userAuth.UserAuthType.FACE, userAuth.AuthTrustLevel.ATL1, {
  onResult: (result, extraInfo) => {
    try {
      console.info(`auth onResult result = ${result}`);
      console.info(`auth onResult extraInfo = ${JSON.stringify(extraInfo)}`);
      if (result == userAuth.ResultCode.SUCCESS) {
        // Add the logic to be executed when the authentication is successful.
      }  else {
        // Add the logic to be executed when the authentication fails.
      }
    } catch (error) {
      console.error(`auth onResult error = ${error}`);
    }
  }
});

onAcquireInfo^(deprecated)

onAcquireInfo ?: (module : number, acquire : number, extraInfo : any) => void

Called to acquire authentication tip information. This API is optional.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use callback instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
module	number	Yes	ID of the module that sends the tip information.
acquire	number	Yes	Authentication tip information.
extraInfo	any	Yes	Reserved field.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let auth = new userAuth.UserAuth();
let challenge = new Uint8Array([]);
auth.auth(challenge, userAuth.UserAuthType.FACE, userAuth.AuthTrustLevel.ATL1, {
  onResult: (result, extraInfo) => {
    try {
      console.info(`auth onResult result = ${result}`);
      console.info(`auth onResult extraInfo = ${JSON.stringify(extraInfo)}`);
      if (result == userAuth.ResultCode.SUCCESS) {
        // Add the logic to be executed when the authentication is successful.
      }  else {
        // Add the logic to be executed when the authentication fails.
      }
    } catch (error) {
      console.error(`auth onResult error = ${error}`);
    }
  },
  onAcquireInfo: (module, acquire, extraInfo : userAuth.AuthResult) => {
    try {
      console.info(`auth onAcquireInfo module = ${module}`);
      console.info(`auth onAcquireInfo acquire = ${acquire}`);
      console.info(`auth onAcquireInfo extraInfo = ${JSON.stringify(extraInfo)}`);
    } catch (error) {
      console.error(`auth onAcquireInfo error = ${error}`);
    }
  }
});

AuthResult^(deprecated)

Represents the authentication result object.

NOTE
This API is supported since API version 8 and deprecated since API version 9. Use AuthResultInfo instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Type	Mandatory	Description
token	Uint8Array	No	Authentication token information.
remainTimes	number	No	Number of remaining authentication operations.
freezingTime	number	No	Time for which the authentication operation is frozen.

ResultCode^(deprecated)

Enumerates the authentication result codes.

NOTE
This object is deprecated since API version 9. Use UserAuthResultCode instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
SUCCESS	0	The operation is successful.
FAIL	1	The authentication failed.
GENERAL_ERROR	2	A general operation error occurred.
CANCELED	3	The authentication is canceled.
TIMEOUT	4	The authentication timed out.
TYPE_NOT_SUPPORT	5	The authentication type is not supported.
TRUST_LEVEL_NOT_SUPPORT	6	The authentication trust level is not supported.
BUSY	7	Indicates the busy state.
INVALID_PARAMETERS	8	Invalid parameters are detected.
LOCKED	9	The authentication executor is locked.
NOT_ENROLLED	10	The user has not enrolled the authentication information.

FaceTips^(deprecated)

Enumerates the tip codes used during the facial authentication process.

NOTE
This API is supported since API version 8 and deprecated since API version 11.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
FACE_AUTH_TIP_TOO_BRIGHT	1	The obtained facial image is too bright due to high illumination.
FACE_AUTH_TIP_TOO_DARK	2	The obtained facial image is too dark due to low illumination.
FACE_AUTH_TIP_TOO_CLOSE	3	The face is too close to the device.
FACE_AUTH_TIP_TOO_FAR	4	The face is too far away from the device.
FACE_AUTH_TIP_TOO_HIGH	5	Only the upper part of the face is captured because the device is angled too high.
FACE_AUTH_TIP_TOO_LOW	6	Only the lower part of the face is captured because the device is angled too low.
FACE_AUTH_TIP_TOO_RIGHT	7	Only the right part of the face is captured because the device is deviated to the right.
FACE_AUTH_TIP_TOO_LEFT	8	Only the left part of the face is captured because the device is deviated to the left.
FACE_AUTH_TIP_TOO_MUCH_MOTION	9	The face moves too fast during facial information collection.
FACE_AUTH_TIP_POOR_GAZE	10	The face is not facing the camera.
FACE_AUTH_TIP_NOT_DETECTED	11	No face is detected.

FingerprintTips^(deprecated)

Enumerates the tip codes used during the fingerprint authentication process.

NOTE
This API is supported since API version 8 and deprecated since API version 11.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
FINGERPRINT_AUTH_TIP_GOOD	0	The obtained fingerprint image is in good condition.
FINGERPRINT_AUTH_TIP_DIRTY	1	Large fingerprint image noise is detected due to suspicious or detected dirt on the sensor.
FINGERPRINT_AUTH_TIP_INSUFFICIENT	2	The noise of the fingerprint image is too large to be processed.
FINGERPRINT_AUTH_TIP_PARTIAL	3	Incomplete fingerprint image is detected.
FINGERPRINT_AUTH_TIP_TOO_FAST	4	The fingerprint image is incomplete due to fast movement.
FINGERPRINT_AUTH_TIP_TOO_SLOW	5	Failed to obtain the fingerprint image because the finger seldom moves.

UserAuthType⁸⁺

Enumerates the identity authentication types.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
PIN¹⁰⁺	1	Password authentication.
FACE	2	Facial authentication.
FINGERPRINT	4	Fingerprint authentication.

AuthTrustLevel⁸⁺

Enumerates the trust levels of the authentication result.

For details about typical scenarios and examples, see Principles for Classifying Biometric Authentication Trust Levels.

Atomic service API: This API can be used in atomic services since API version 12.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
ATL1	10000	Authentication trust level 1. The authentication of this level can identify individual users and provides limited liveness detection capabilities. It is applicable to scenarios such as service risk control and access to common personal data.
ATL2	20000	Authentication trust level 2. The authentication of this level can accurately identify individual users and provides regular liveness detection capabilities. It is applicable to scenarios such as device unlocking and application login.
ATL3	30000	Authentication trust level 3. The authentication of this level can accurately identify individual users and provides strong liveness detection capabilities. It is applicable to scenarios such as device unlocking.
ATL4	40000	Authentication trust level 4. The authentication of this level can accurately identify individual users and provides powerful liveness detection capabilities. It is applicable to scenarios such as small-amount payment.

SecureLevel^(deprecated)

type SecureLevel = string

Enumerates the authentication security levels.

NOTE
This API is supported since API version 6 and deprecated since API version 8.

System capability: SystemCapability.UserIAM.UserAuth.Core

Type

Description

string

Authentication security level, which can be any of the following:
- S1: authentication trust level 1. The authentication of this level can identify individual users and provides limited liveness detection capabilities. It is usually used in service risk control and query of general personal data.
- S2: authentication trust level 2. The authentication of this level can accurately identify individual users and provides regular liveness detection capabilities. It is usually used in scenarios such as application logins and keeping the unlocking state of a device.
- S3: authentication trust level 3. The authentication of this level can accurately identify individual users and provides strong liveness detection capabilities. It is usually used in scenarios such as unlocking a device.
- S4: authentication trust level 4. The authentication of this level can accurately identify individual users and provides powerful liveness detection capabilities. It is usually used in scenarios such as small-amount payment.

AuthType^(deprecated)

type AuthType = string

Enumerates the authentication types.

NOTE
This API is supported since API version 6 and deprecated since API version 8.

System capability: SystemCapability.UserIAM.UserAuth.Core

Type	Description
string	Authentication type, which can be any of the following: - ALL: reserved and not supported by the current version. - FACE_ONLY: facial authentication.

userAuth.getAuthenticator^(deprecated)

getAuthenticator(): Authenticator

Obtains an Authenticator instance for user authentication.

NOTE
This API is deprecated since API version 8. Use constructor instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Return value

Type	Description
Authenticator	Authenticator instance obtained.

Example

  import { userAuth } from '@kit.UserAuthenticationKit';
  
  let authenticator = userAuth.getAuthenticator();

Authenticator^(deprecated)

Provides APIs for managing the Authenticator object.

NOTE
This API is deprecated since API version 8. Use UserAuth instead.

execute^(deprecated)

execute(type: AuthType, level: SecureLevel, callback: AsyncCallback<number>): void

Starts user authentication. This API uses an asynchronous callback to return the result.

NOTE
This API is deprecated since API version 8. Use auth instead.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
type	AuthType	Yes	Authentication type. Currently, only FACE_ONLY is supported. ALL is reserved and not supported by the current version.
level	SecureLevel	Yes	Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest). Devices capable of 3D facial recognition support S3 and lower-level authentication. Devices capable of 2D facial recognition support S2 and lower-level authentication.
callback	AsyncCallback<number>	Yes	Callback used to return the result. number indicates the AuthenticationResult.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

let authenticator = userAuth.getAuthenticator();
authenticator.execute('FACE_ONLY', 'S2', (error, code)=>{
  if (code === userAuth.ResultCode.SUCCESS) {
    console.info('auth success');
    return;
  }
  console.error(`auth fail, code = ${code}`);
});

execute^(deprecated)

execute(type : AuthType, level : SecureLevel): Promise<number>

Starts user authentication. This API uses a promise to return the result.

NOTE
This API is deprecated since API version 8. Use auth instead.

Required permissions: ohos.permission.ACCESS_BIOMETRIC

System capability: SystemCapability.UserIAM.UserAuth.Core

Parameters

Name	Type	Mandatory	Description
type	AuthType	Yes	Authentication type. Currently, only FACE_ONLY is supported. ALL is reserved and not supported by the current version.
level	SecureLevel	Yes	Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest). Devices capable of 3D facial recognition support S3 and lower-level authentication. Devices capable of 2D facial recognition support S2 and lower-level authentication.

Return value

Type	Description
Promise<number>	Promise used to return the authentication result, which is a number. For details, see AuthenticationResult.

Example

import { userAuth } from '@kit.UserAuthenticationKit';

try {
  let authenticator = userAuth.getAuthenticator();
  authenticator.execute('FACE_ONLY', 'S2').then((code)=>{
    console.info('auth success');
  })
} catch (error) {
  console.error(`auth fail, code = ${error}`);
}

AuthenticationResult^(deprecated)

Enumerates the authentication results.

NOTE
This object is deprecated since API version 8. Use ResultCode instead.

System capability: SystemCapability.UserIAM.UserAuth.Core

Name	Value	Description
NO_SUPPORT	-1	The device does not support the current authentication mode.
SUCCESS	0	The authentication is successful.
COMPARE_FAILURE	1	The feature comparison failed.
CANCELED	2	The authentication was canceled by the user.
TIMEOUT	3	The authentication has timed out.
CAMERA_FAIL	4	The camera failed to start.
BUSY	5	The authentication service is not available. Try again later.
INVALID_PARAMETERS	6	The authentication parameters are invalid.
LOCKED	7	The user account is locked because the number of authentication failures has reached the threshold.
NOT_ENROLLED	8	No authentication credential is registered.
GENERAL_ERROR	100	Other errors.

你可能感兴趣的鸿蒙文章

harmony 鸿蒙User Authentication Kit (User Authentication Service)

harmony 鸿蒙User Authentication Error Codes

harmony 鸿蒙@ohos.userIAM.faceAuth (Facial Authentication) (System API)

harmony 鸿蒙@ohos.userIAM.userAccessCtrl (User Access Control) (System API)

harmony 鸿蒙@ohos.userIAM.userAuth (User Authentication) (System API)

harmony 鸿蒙@ohos.userIAM.userAuthIcon (Embedded User Authentication Widget)

0 赞

所属分类： 后端技术
本文标签：
版权声明： 原创文章如转载，请注明本文链接: https://m.seaxiang.com/blog/6FiTcu

harmony 鸿蒙@ohos.userIAM.userAuth (User Authentication)

@ohos.userIAM.userAuth (User Authentication)

Modules to Import

Constant

EnrolledState12+

ReuseMode12+

ReuseUnlockResult12+

userAuth.getEnrolledState12+

AuthParam10+

WidgetParam10+

UserAuthResult10+

IAuthCallback10+

onResult10+

UserAuthInstance10+

on10+

off10+

start10+

cancel10+

userAuth.getUserAuthInstance10+

AuthResultInfo(deprecated)

TipInfo(deprecated)

EventInfo(deprecated)

AuthEventKey(deprecated)

AuthEvent(deprecated)

callback(deprecated)

AuthInstance(deprecated)

on(deprecated)

off(deprecated)

start(deprecated)

cancel(deprecated)

userAuth.getAuthInstance(deprecated)

userAuth.getAvailableStatus9+

UserAuthResultCode9+

UserAuth(deprecated)

constructor(deprecated)

getVersion(deprecated)

getAvailableStatus(deprecated)

auth(deprecated)

cancelAuth(deprecated)

IUserAuthCallback(deprecated)

onResult(deprecated)

onAcquireInfo(deprecated)

AuthResult(deprecated)

ResultCode(deprecated)

FaceTips(deprecated)

FingerprintTips(deprecated)

UserAuthType8+

AuthTrustLevel8+

SecureLevel(deprecated)

AuthType(deprecated)

userAuth.getAuthenticator(deprecated)

Authenticator(deprecated)

execute(deprecated)

execute(deprecated)

AuthenticationResult(deprecated)

你可能感兴趣的鸿蒙文章

热门推荐

标签云

最新文章

本文目录

EnrolledState¹²⁺

ReuseMode¹²⁺

ReuseUnlockResult¹²⁺

userAuth.getEnrolledState¹²⁺

AuthParam¹⁰⁺

WidgetParam¹⁰⁺

UserAuthResult¹⁰⁺

IAuthCallback¹⁰⁺

onResult¹⁰⁺

UserAuthInstance¹⁰⁺

on¹⁰⁺

off¹⁰⁺

start¹⁰⁺

cancel¹⁰⁺

userAuth.getUserAuthInstance¹⁰⁺

AuthResultInfo^(deprecated)

TipInfo^(deprecated)

EventInfo^(deprecated)

AuthEventKey^(deprecated)

AuthEvent^(deprecated)

callback^(deprecated)

AuthInstance^(deprecated)

on^(deprecated)

off^(deprecated)

start^(deprecated)

cancel^(deprecated)

userAuth.getAuthInstance^(deprecated)

userAuth.getAvailableStatus⁹⁺

UserAuthResultCode⁹⁺

UserAuth^(deprecated)

constructor^(deprecated)

getVersion^(deprecated)

getAvailableStatus^(deprecated)

auth^(deprecated)

cancelAuth^(deprecated)

IUserAuthCallback^(deprecated)

onResult^(deprecated)

onAcquireInfo^(deprecated)

AuthResult^(deprecated)

ResultCode^(deprecated)

FaceTips^(deprecated)

FingerprintTips^(deprecated)

UserAuthType⁸⁺

AuthTrustLevel⁸⁺

SecureLevel^(deprecated)

AuthType^(deprecated)

userAuth.getAuthenticator^(deprecated)

Authenticator^(deprecated)

execute^(deprecated)

execute^(deprecated)

AuthenticationResult^(deprecated)