harmony 鸿蒙User Authentication Development

  • 2022-08-09
  • 浏览 (739)

User Authentication Development

NOTE

This guide applies to the SDK for API version 10.

When to Use

OpenHarmony supports PIN authentication, facial authentication, and fingerprint authentication, which can be used in identity authentication scenarios such as device unlocking, app login, and payment.

Available APIs

The userIAM_userAuth module provides APIs for user authentication, including querying authentication capabilities, and initiating or canceling authentication. Users can use biometric feature information, such as facial and fingerprints, to perform authentications. For more details about the APIs, see User Authentication.

Before authentication, you must specify the authentication type and authentication trust level to check whether the device supports the authentication capabilities.

Table 1 APIs of user authentication

API Description
getAvailableStatus(authType : UserAuthType, authTrustLevel : AuthTrustLevel): void Checks whether the device supports the specified authentication type and level.
getUserAuthInstance(authParam: AuthParam, widgetParam: WidgetParam): UserAuthInstance Obtains a UserAuthInstance instance for user authentication. The user authentication widget is supported.
on(type: ‘result’, callback: IAuthCallback): void Subscribes to the user authentication result.
off(type: ‘result’, callback?: IAuthCallback): void Unsubscribes from the user authentication result.
start(): void Starts user authentication.
cancel(): void Cancels this user authentication.

Table 2 Authentication trust levels

Authentication Trust Level Metrics Description and Example Typical Service Scenario
ATL4 When FRR = 10%, FAR ≤ 0.003%, SAR ≤ 3% The authentication can accurately identify individual users and provides powerful liveness detection capabilities. For example, PIN authentication with a secure keyboard and fingerprint and 3D facial authentication with special security enhancement. Small-amount payment
ATL3 When FRR = 10%, FAR ≤ 0.002%, SAR ≤ 7% The authentication can accurately identify individual users and provides strong liveness detection capabilities. For example, 2D facial authentication with special security enhancement. Device unlocking
ATL2 When FRR = 10%, FAR ≤ 0.002%, 7% < SAR ≤ 20% The authentication can accurately identify individual users and provides regular liveness detection capabilities. For example, using a watch based on common ranging as a trusted holder to unlock a device. Logins to apps and keeping a device unlocked
ATL1 When FRR = 10%, FAR ≤ 1%, 7% < SAR ≤ 20% The authentication can identify individual users and provides limited liveness detection capabilities. For example, voiceprint authentication. Service risk control, query of general personal data, targeted recommendations, and personalized services

NOTE

  • FRR: False Reject Rate
  • FAR: False Acceptance Rate
  • SAR: Spoof Acceptance Rate

Checking Authentication Capabilities Supported by a Device

How to Develop

  1. Apply for the permission.
    Configure the ohos.permission.ACCESS_BIOMETRIC permission in requestPermissions in the module.json5 file. For more information, see module.json5.

  2. Specify the authentication type and authentication trust level, and call getAvailableStatus to check whether the current device supports the authentication capabilities.

    import userIAM_userAuth from '@ohos.userIAM.userAuth';
    
    
    // Check whether the authentication capabilities are supported.
    try {
        userIAM_userAuth.getAvailableStatus(userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1);
        console.info('current auth trust level is supported');
    } catch (error) {
        console.info('current auth trust level is not supported, error = ' + error);
    }
    

Performing Authentication and Subscribing to the Authentication Result

How to Develop

  1. Apply for the permission.
    Configure the ohos.permission.ACCESS_BIOMETRIC permission in requestPermissions in the module.json5 file. For more information, see module.json5.

  2. Specify the challenge, authentication type, and authentication trust level to obtain an authentication object.

  3. Call on to subscribe to the authentication result.

  4. Call start to start authentication and return the authentication result through the callback.

    import userIAM_userAuth from '@ohos.userIAM.userAuth';
    
    
    const authParam : userIAM_userAuth.AuthParam = {
      challenge: new Uint8Array([49, 49, 49, 49, 49, 49]),
      authType: [userIAM_userAuth.UserAuthType.PIN],
      authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1,
    };
    const widgetParam : userIAM_userAuth.WidgetParam = {
      title:'Enter password',
    };
    try {
      // Obtain an authentication object.
      let userAuthInstance = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam);
      console.log('get userAuth instance success');
      // Subscribe to the authentication result.
      userAuthInstance.on('result', {
        onResult (result) {
          console.log('userAuthInstance callback result = ' + JSON.stringify(result));
        }
      });
      console.log('auth on success');
      userAuthInstance.start();
      console.log('auth start success');
    } catch (error) {
      console.log('auth catch error: ' + JSON.stringify(error));
    }
    
  5. Call off for the UserAuthInstance object to unsubscribe from the authentication result.

   import userIAM_userAuth from '@ohos.userIAM.userAuth';
   
   const authParam : userIAM_userAuth.AuthParam = {
     challenge: new Uint8Array([49, 49, 49, 49, 49, 49]),
     authType: [userIAM_userAuth.UserAuthType.PIN],
     authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1,
   };
   const widgetParam : userIAM_userAuth.WidgetParam = {
     title:'Enter password',
   };
   try {
     // Obtain an authentication object.
     let userAuthInstance = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam);
     console.log('get userAuth instance success');
     // Unsubscribe from the authentication result.
     userAuthInstance.off('result', {
       onResult (result) {
         console.log('auth off result: ' + JSON.stringify(result));
       }
     });
     console.log('auth off success');
   } catch (error) {
     console.log('auth catch error: ' + JSON.stringify(error));
   }

Canceling User Authentication

How to Develop

  1. Apply for the permission.
    Configure the ohos.permission.ACCESS_BIOMETRIC permission in requestPermissions in the module.json5 file. For more information, see module.json5.

  2. Specify the challenge, authentication type, and authentication trust level to obtain an authentication object.

  3. Call start to start authentication.

  4. Call cancel for the UserAuthInstance object to cancel this authentication.

    import userIAM_userAuth from '@ohos.userIAM.userAuth';
    
    
    const authParam : userIAM_userAuth.AuthParam = {
      challenge: new Uint8Array([49, 49, 49, 49, 49, 49]),
      authType: [userIAM_userAuth.UserAuthType.PIN],
      authTrustLevel: userIAM_userAuth.AuthTrustLevel.ATL1,
    };
    const widgetParam : userIAM_userAuth.WidgetParam = {
      title:'Enter password',
    };
    try {
      // Obtain an authentication object.
      let userAuthInstance = userIAM_userAuth.getUserAuthInstance(authParam, widgetParam);
      console.log('get userAuth instance success');
      // Start user authentication.
      userAuthInstance.start();
      console.log('auth start success');
      // Cancel the authentication.
      userAuthInstance.cancel();
      console.log('auth cancel success');
    } catch (error) {
      console.log('auth catch error: ' + JSON.stringify(error));
    }
    

你可能感兴趣的鸿蒙文章

harmony 鸿蒙Security

harmony 鸿蒙Applying for Permissions

harmony 鸿蒙Access Control (Permission) Overview

harmony 鸿蒙HarmonyAppProvision Configuration File

harmony 鸿蒙Certificate Development

harmony 鸿蒙Certificate Overview

harmony 鸿蒙Crypto Framework Development

harmony 鸿蒙Crypto Framework Overview

harmony 鸿蒙DLP Development

harmony 鸿蒙DLP Overview

0  赞