Android Sample Applications

Follwing is an Android sample applications demonstrating both client-direct and backend-proxied FIDO2 authentication patterns. These examples are useful for developers building Android applications that integrate with the Arculus FIDO2 Server.

Minimal Examples

These minimal examples show the essential code to register and authenticate a user without any UI scaffolding or error handling.

Minimal Client-Direct Example

import co.arculus.fido.android.ArculusFidoAsync;
import co.arculus.fido.ArculusFidoServer;
import co.arculus.android.ArculusFidoResultCallback;

ArculusFidoAsync arculusFido = ArculusFidoAsync.createInstance(context, callback);

// Registration
ArculusFidoServer fidoServer = new ArculusFidoServer("fido.example.com");
fidoServer.setBeginRegistrationPath("fidoapi/certify/attestation/options", null);
fidoServer.setCompleteRegistrationPath("fidoapi/certify/attestation/result", null);

arculusFido.register(
    fidoServer,
    "123456",                    // pin
    "[email protected]",          // username
    "My Device",                 // displayname
    "example.com",               // relyingParty
    false,                       // resetDevice
    null                         // registrationInfo
);

// Authentication
fidoServer.setBeginAuthorizationPath("fidoapi/certify/assertion/options", null);
fidoServer.setCompleteAuthorizationPath("fidoapi/certify/assertion/result", null);

arculusFido.authenticate(
    fidoServer,
    "123456",                    // pin
    "[email protected]",          // username
    "My Device",                 // displayname
    "example.com"                // relyingParty
);

// Callback implementation
@Override
public void registerResult(String response) {
    Log.d("FIDO", "Registration: " + response);
}

@Override
public void authenticateResult(String response) {
    Log.d("FIDO", "Authentication: " + response);
}

Minimal Backend-Proxied Example

import co.arculus.fido.android.ArculusFidoAsync;
import co.arculus.fido.ArculusFidoOptionsAuthorizationResponse;
import co.arculus.android.ArculusFidoResultCallback;

ArculusFidoAsync arculusFido = ArculusFidoAsync.createInstance(context, callback);

// Registration (3-phase flow)
public void register() throws Exception {
    // Phase 1: Get challenge from backend
    JsonObject beginResponse = backendClient.registerBegin("[email protected]", "My Device", "example.com");
    String challenge = beginResponse.getAsJsonObject("fidoServerResponse").get("challenge").getAsString();
    String rpId = beginResponse.getAsJsonObject("fidoServerResponse").get("rp").getAsJsonObject("id").getAsString();
    
    // Phase 2: Card operations only
    String cardResponse = arculusFido.registerCardOnly(
        "123456",                    // pin
        "[email protected]",          // username
        "My Device",                 // displayName
        rpId,                        // rpId
        challenge,                   // challenge
        "https://example.com"        // origin
    );
    
    // Phase 3: Complete with backend
    JsonObject cardResponseData = JsonParser.parseString(cardResponse).getAsJsonObject();
    JsonObject completeResponse = backendClient.registerComplete("[email protected]", cardResponseData);
    Log.d("FIDO", "Registration: " + completeResponse);
}

// Authentication (3-phase flow)
public void authenticate() throws Exception {
    // Phase 1: Get challenge from backend
    JsonObject beginResponse = backendClient.authenticateBegin("[email protected]", "example.com");
    ArculusFidoOptionsAuthorizationResponse optionsResponse = 
        FidoOptionsHelper.createFromBackendResponse(beginResponse);
    
    // Phase 2: Card operations only
    String cardResponse = arculusFido.authenticateCardOnly(
        "123456",                    // pin
        "[email protected]",          // username
        "example.com",               // rpId
        optionsResponse              // optionsResponse
    );
    
    // Phase 3: Complete with backend
    JsonObject cardResponseData = JsonParser.parseString(cardResponse).getAsJsonObject();
    JsonObject completeResponse = backendClient.authenticateComplete("[email protected]", cardResponseData);
    Log.d("FIDO", "Authentication: " + completeResponse);
}

Complete Sample Applications

The following sections provide complete, production-ready sample applications with full error handling, UI components, and backend integration.

Client-Direct Pattern

A simple WebView-based sample app demonstrating direct FIDO2 server communication:

package co.arculus.sampleapp;

public class MainActivity extends AppCompatActivity implements ArculusFidoResultCallback {
    private WebView mywebView;
    private ArculusFidoAsync arculusFido = null;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        
        try {
            arculusFido = ArculusFidoAsync.createInstance(this, this);
        } catch (Throwable t) {
            showMessage("NFC not available on this device");
        }
        
        setContentView(R.layout.activity_main);
        setupWebView();
    }

    @Override
    protected void onDestroy() {
        super.onDestroy();
        ArculusFidoAsync.destroyInstance();
    }

    private void setupWebView() {
        mywebView = findViewById(R.id.webview);
        mywebView.setWebViewClient(new WebViewClient());
        mywebView.loadUrl("file:///android_asset/main.html");
        
        WebSettings webSettings = mywebView.getSettings();
        webSettings.setJavaScriptEnabled(true);
        webSettings.setDomStorageEnabled(true);
        mywebView.addJavascriptInterface(new WebAppInterface(this), "Android");
    }

    private void showMessage(String msg) {
        new AlertDialog.Builder(this)
            .setMessage(msg)
            .setPositiveButton("OK", (dialog, which) -> dialog.cancel())
            .create()
            .show();
    }

    // Callback implementations
    @Override
    public void setPinResult(String response) {
        runOnUiThread(() -> showMessage("Set PIN: " + response));
    }

    @Override
    public void changePinResult(String response) {
        runOnUiThread(() -> showMessage("Change PIN: " + response));
    }

    @Override
    public void authenticateResult(String response) {
        runOnUiThread(() -> showMessage("Authenticate: " + response));
    }

    @Override
    public void registerResult(String response) {
        runOnUiThread(() -> showMessage("Register: " + response));
    }

    // JavaScript interface
    public class WebAppInterface {
        Context mContext;
        
        WebAppInterface(Context c) {
            mContext = c;
        }

        @JavascriptInterface
        public void Arculus_FidoSetPin(String pin) {
            try {
                runOnUiThread(() ->
                    Toast.makeText(getApplicationContext(), "Tap Card", Toast.LENGTH_LONG).show()
                );
                arculusFido.setPin(pin);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        @JavascriptInterface
        public void Arculus_FidoChangePin(String oldPin, String newPin) {
            try {
                runOnUiThread(() ->
                    Toast.makeText(getApplicationContext(), "Tap Card", Toast.LENGTH_LONG).show()
                );
                arculusFido.changePin(oldPin, newPin);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }

        @JavascriptInterface
        public void Arculus_FidoRegisterUser(String pin, String fidohost, String username,
                String deviceinfo, String parms, String rp, String beginEndpoint,
                String completeEndpoint, String key, String keyval) {
            try {
                ArculusFidoServer fidoServer = new ArculusFidoServer(fidohost);
                fidoServer.setBeginRegistrationPath(beginEndpoint, parms);
                fidoServer.setCompleteRegistrationPath(completeEndpoint, parms);
                fidoServer.setRequestProperty(key, keyval);
                fidoServer.setDeviceinfo(deviceinfo);

                runOnUiThread(() ->
                    Toast.makeText(getApplicationContext(), "Tap Card", Toast.LENGTH_LONG).show()
                );
                arculusFido.register(fidoServer, pin, username, "sample", rp, false, deviceinfo);
            } catch (Exception e) {
                e.printStackTrace();
                showMessage(e.getMessage());
            }
        }

        @JavascriptInterface
        public void Arculus_FidoAuthenticateUser(String pin, String username, String fido,
                String parms, String relyingParty, String beginEndpoint, String completeEndpoint) {
            ArculusFidoServer fidoServer = new ArculusFidoServer(fido);
            fidoServer.setBeginAuthenticatePath(beginEndpoint, parms);
            fidoServer.setCompleteAuthenticatePath(completeEndpoint, parms);

            arculusFido.authenticate(fidoServer, pin, username, "sample displayname", relyingParty);
        }
    }
}

Backend-Proxied Pattern (Recommended)

A complete sample app demonstrating the backend-proxied pattern with 3-phase authentication and registration flows. This pattern is recommended for production deployments.

Backend API Client

package com.arculus.sampleapp.backend;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.arculus.sampleapp.utils.AppConfig;
import okhttp3.*;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.*;

public class BackendApiClient {
    private final OkHttpClient httpClient;
    private final String baseUrl;
    private String sessionCookies = null;
    
    public BackendApiClient(AppConfig appConfig) {
        if (appConfig == null) {
            throw new IllegalArgumentException("AppConfig cannot be null");
        }
        this.baseUrl = appConfig.getBackendServerUrl();
        
        OkHttpClient.Builder builder = new OkHttpClient.Builder()
            .connectTimeout(appConfig.getBackendApiTimeout(), TimeUnit.SECONDS)
            .readTimeout(appConfig.getBackendApiTimeout(), TimeUnit.SECONDS)
            .writeTimeout(appConfig.getBackendApiTimeout(), TimeUnit.SECONDS);
        
        // Handle self-signed certificates if configured
        // WARNING: This disables SSL certificate validation - use only for development/testing
        if (appConfig.isTrustSelfSignedCerts()) {
            try {
                TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                        }
                        
                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                        }
                        
                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    }
                };
                
                SSLContext sslContext = SSLContext.getInstance("TLS");
                sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
                builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0]);
                builder.hostnameVerifier((hostname, session) -> true);
            } catch (Exception e) {
                // Log error but continue without SSL trust override
            }
        }
        
        this.httpClient = builder.build();
    }
    
    public void clearSessionCookies() {
        sessionCookies = null;
    }
    
    public JsonObject authenticateBegin(String username, String rpId) throws IOException {
        JsonObject request = new JsonObject();
        request.addProperty("operation", "authenticate");
        request.addProperty("username", username);
        request.addProperty("rpId", rpId);
        
        JsonObject response = makeRequest("/fido/authenticate", request);
        extractAndStoreCookies(response);
        return response;
    }
    
    public JsonObject authenticateComplete(
        JsonObject cardResponseData, 
        String sessionId, 
        String username
    ) throws IOException {
        JsonObject request = new JsonObject();
        request.addProperty("operation", "authenticate");
        request.addProperty("username", username);
        request.add("cardResponseData", cardResponseData);
        
        if (sessionId != null) {
            request.addProperty("sessionId", sessionId);
        }
        
        if (sessionCookies != null && !sessionCookies.trim().isEmpty()) {
            request.addProperty("cookies", sessionCookies);
        }
        
        return makeRequest("/fido/authenticate", request);
    }
    
    public JsonObject registerBegin(String username, String displayName, String rpId) throws IOException {
        JsonObject request = new JsonObject();
        request.addProperty("operation", "register");
        request.addProperty("username", username);
        request.addProperty("displayName", displayName);
        request.addProperty("rpId", rpId);
        
        JsonObject response = makeRequest("/fido/register", request);
        extractAndStoreCookies(response);
        return response;
    }
    
    public JsonObject registerComplete(String username, JsonObject cardResponseData) throws IOException {
        JsonObject request = new JsonObject();
        request.addProperty("operation", "register");
        request.addProperty("username", username);
        request.add("cardResponseData", cardResponseData);
        
        if (sessionCookies != null && !sessionCookies.trim().isEmpty()) {
            request.addProperty("cookies", sessionCookies);
        }
        
        return makeRequest("/fido/register", request);
    }
    
    private JsonObject makeRequest(String endpoint, JsonObject requestBody) throws IOException {
        String url = baseUrl + endpoint;
        
        RequestBody body = RequestBody.create(
            requestBody.toString(),
            MediaType.parse("application/json; charset=utf-8")
        );
        
        Request.Builder requestBuilder = new Request.Builder()
            .url(url)
            .post(body)
            .addHeader("Content-Type", "application/json");
        
        // Add session cookies if available
        if (sessionCookies != null && !sessionCookies.trim().isEmpty()) {
            requestBuilder.addHeader("Cookie", sessionCookies);
        }
        
        Request request = requestBuilder.build();
        
        try (Response response = httpClient.newCall(request).execute()) {
            if (!response.isSuccessful()) {
                String errorBody = response.body() != null ? response.body().string() : "No error body";
                throw new IOException("Backend request failed: " + response.code() + " - " + errorBody);
            }
            
            String responseBody = response.body() != null ? response.body().string() : "{}";
            JsonObject jsonResponse = JsonParser.parseString(responseBody).getAsJsonObject();
            return jsonResponse;
        }
    }
    
    /**
     * Extract cookies from JSON response body and store them for session continuity
     */
    private void extractAndStoreCookies(JsonObject response) {
        if (response.has("cookies") && !response.get("cookies").isJsonNull()) {
            String cookiesFromResponse = response.get("cookies").getAsString();
            if (cookiesFromResponse != null && !cookiesFromResponse.trim().isEmpty()) {
                sessionCookies = cookiesFromResponse;
            }
        }
    }
}

Complete Backend-Proxied Sample App

package co.arculus.sampleapp;

import android.content.Context;
import android.webkit.JavascriptInterface;
import android.webkit.WebSettings;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.Toast;
import androidx.appcompat.app.AlertDialog;
import androidx.appcompat.app.AppCompatActivity;
import android.os.Bundle;

import co.arculus.fido.android.ArculusFidoAsync;
import co.arculus.android.ArculusFidoResultCallback;
import co.arculus.fido.options.ArculusFidoOptionsAuthorizationResponse;
import com.arculus.sampleapp.backend.BackendApiClient;
import com.arculus.sampleapp.fido.FidoOptionsHelper;
import com.arculus.sampleapp.utils.AppConfig;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;

public class MainActivity extends AppCompatActivity implements ArculusFidoResultCallback {
    private WebView mywebView;
    private ArculusFidoAsync arculusFido = null;
    private BackendApiClient backendClient;
    private AppConfig appConfig;
    
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        
        try {
            arculusFido = ArculusFidoAsync.createInstance(this, this);
        } catch (Throwable t) {
            showMessage("NFC not available on this device");
        }
        
        // Initialize app config and backend client
        appConfig = new AppConfig(this);
        backendClient = new BackendApiClient(appConfig);
        
        setContentView(R.layout.activity_main);
        setupWebView();
    }
    
    @Override
    protected void onDestroy() {
        super.onDestroy();
        ArculusFidoAsync.destroyInstance();
    }
    
    private void setupWebView() {
        mywebView = findViewById(R.id.webview);
        mywebView.setWebViewClient(new WebViewClient());
        mywebView.loadUrl("file:///android_asset/main.html");
        
        WebSettings webSettings = mywebView.getSettings();
        webSettings.setJavaScriptEnabled(true);
        webSettings.setDomStorageEnabled(true);
        mywebView.addJavascriptInterface(new WebAppInterface(this), "Android");
    }
    
    private void showMessage(String msg) {
        new AlertDialog.Builder(this)
            .setMessage(msg)
            .setPositiveButton("OK", (dialog, which) -> dialog.cancel())
            .create()
            .show();
    }
    
    // JavaScript interface
    public class WebAppInterface {
        Context mContext;
        
        WebAppInterface(Context c) {
            mContext = c;
        }
        
        @JavascriptInterface
        public void Arculus_FidoRegisterUser(String pin, String username, String displayName, String rpId) {
            new Thread(() -> {
                try {
                    // Phase 1: Backend gets challenge
                    // Note: If displayName is null, it will default to username
                    JsonObject backendResponse = backendClient.registerBegin(username, displayName != null ? displayName : username, rpId);
                    
                    if (!backendResponse.has("status") || !"success".equals(backendResponse.get("status").getAsString())) {
                        // Error messages may be in "message" or "errorMessage" field
                        String errorMsg = backendResponse.has("message") ? 
                            backendResponse.get("message").getAsString() : "Backend registration begin failed";
                        runOnUiThread(() -> showMessage(errorMsg));
                        return;
                    }
                    
                    JsonObject fidoServerResponse = backendResponse.getAsJsonObject("fidoServerResponse");
                    if (fidoServerResponse == null) {
                        runOnUiThread(() -> showMessage("Backend response missing fidoServerResponse"));
                        return;
                    }
                    
                    String challenge = fidoServerResponse.has("challenge") ? 
                        fidoServerResponse.get("challenge").getAsString() : null;
                    if (challenge == null) {
                        runOnUiThread(() -> showMessage("Backend response missing challenge"));
                        return;
                    }
                    
                    // Extract rpId from server response if available (CRITICAL: must match what server expects)
                    String rpIdFromServer = rpId; // Fallback to provided value
                    if (fidoServerResponse.has("rp")) {
                        JsonObject rpObject = fidoServerResponse.getAsJsonObject("rp");
                        if (rpObject != null && rpObject.has("id")) {
                            rpIdFromServer = rpObject.get("id").getAsString();
                        }
                    }
                    
                    // Extract fido2ServerOrigin (required for clientDataJSON)
                    String fido2ServerOrigin = backendResponse.has("fido2ServerOrigin") ? 
                        backendResponse.get("fido2ServerOrigin").getAsString() : null;
                    if (fido2ServerOrigin == null) {
                        // Fallback: extract from backend URL if not provided
                        String backendUrl = appConfig.getBackendServerUrl();
                        fido2ServerOrigin = backendUrl.replaceAll("/$", "");
                    }
                    
                    // Note: Session cookies are automatically stored by backendClient.registerBegin()
                    
                    // Phase 2: Card operations only
                    // registerCardOnly() takes challenge and origin directly (not optionsResponse)
                    String cardResponseJson = arculusFido.registerCardOnly(
                        pin, 
                        username, 
                        displayName != null ? displayName : username,
                        rpIdFromServer,  // Use rpId from server response
                        challenge,       // Base64-encoded challenge from backend
                        fido2ServerOrigin  // Origin URL for clientDataJSON
                    );
                    
                    if (cardResponseJson == null || cardResponseJson.trim().isEmpty()) {
                        runOnUiThread(() -> showMessage("Card registration returned null or empty response"));
                        return;
                    }
                    
                    JsonObject cardResponseData = JsonParser.parseString(cardResponseJson).getAsJsonObject();
                    
                    // Extract credential ID for potential rollback
                    String credentialId = null;
                    if (cardResponseData.has("id")) {
                        credentialId = cardResponseData.get("id").getAsString();
                    }
                    
                    // Phase 3: Backend completes registration
                    // Note: Session cookies are automatically included from Phase 1
                    JsonObject completeResponse = backendClient.registerComplete(
                        username, 
                        cardResponseData
                    );
                    
                    if (completeResponse.has("status") && 
                        "success".equals(completeResponse.get("status").getAsString())) {
                        runOnUiThread(() -> showMessage("Registration successful!"));
                    } else {
                        // Registration failed - rollback: delete credential from card
                        String errorMsg = completeResponse.has("message") ? 
                            completeResponse.get("message").getAsString() : "Registration failed";
                        
                        // Perform rollback if credential was created
                        if (credentialId != null) {
                            try {
                                arculusFido.deleteCredentialByCredentialId(pin, credentialId);
                            } catch (Exception rollbackError) {
                                errorMsg += " (Warning: Credential may still exist on card - rollback failed)";
                            }
                        }
                        
                        runOnUiThread(() -> showMessage(errorMsg));
                    }
                } catch (java.io.IOException e) {
                    // Backend request failed - rollback needed if card operation succeeded
                    runOnUiThread(() -> showMessage("Registration failed: Network error - " + 
                        (e.getMessage() != null ? e.getMessage() : "Connection failed")));
                } catch (Exception e) {
                    runOnUiThread(() -> showMessage("Error: " + 
                        (e.getMessage() != null ? e.getMessage() : "Unknown error")));
                }
            }).start();
        }
        
        @JavascriptInterface
        public void Arculus_FidoAuthenticateUser(String pin, String username, String rpId) {
            new Thread(() -> {
                try {
                    // Phase 1: Backend gets challenge
                    JsonObject backendResponse = backendClient.authenticateBegin(username, rpId);
                    
                    if (!backendResponse.has("status") || !"success".equals(backendResponse.get("status").getAsString())) {
                        // Error messages may be in "message" or "errorMessage" field
                        String errorMsg = backendResponse.has("message") ? 
                            backendResponse.get("message").getAsString() : "Backend authentication begin failed";
                        runOnUiThread(() -> showMessage(errorMsg));
                        return;
                    }
                    
                    JsonObject fidoServerResponse = backendResponse.getAsJsonObject("fidoServerResponse");
                    if (fidoServerResponse == null) {
                        runOnUiThread(() -> showMessage("Backend response missing fidoServerResponse"));
                        return;
                    }
                    
                    String challenge = fidoServerResponse.has("challenge") ? 
                        fidoServerResponse.get("challenge").getAsString() : null;
                    if (challenge == null) {
                        runOnUiThread(() -> showMessage("Backend response missing challenge"));
                        return;
                    }
                    
                    // Extract rpId from server response if available (CRITICAL: must match what server expects)
                    String rpIdFromServer = rpId; // Fallback to provided value
                    if (fidoServerResponse.has("rpId")) {
                        rpIdFromServer = fidoServerResponse.get("rpId").getAsString();
                    }
                    
                    // Extract fido2ServerOrigin (required for clientDataJSON)
                    String fido2ServerOrigin = backendResponse.has("fido2ServerOrigin") ? 
                        backendResponse.get("fido2ServerOrigin").getAsString() : null;
                    if (fido2ServerOrigin == null) {
                        // Fallback: extract from backend URL if not provided
                        String backendUrl = appConfig.getBackendServerUrl();
                        fido2ServerOrigin = backendUrl.replaceAll("/$", "");
                    }
                    
                    String sessionId = backendResponse.has("sessionId") ? 
                        backendResponse.get("sessionId").getAsString() : null;
                    // Note: Session cookies are automatically stored by backendClient.authenticateBegin()
                    
                    // Phase 2: Card operations only
                    ArculusFidoOptionsAuthorizationResponse optionsResponse = 
                        FidoOptionsHelper.createFromBackendResponse(
                            fidoServerResponse, 
                            challenge, 
                            rpIdFromServer,  // Use rpId from server response
                            fido2ServerOrigin
                        );
                    
                    String cardResponseJson = arculusFido.authenticateCardOnly(
                        pin, 
                        username, 
                        rpIdFromServer,  // Use rpId from server response
                        optionsResponse
                    );
                    
                    if (cardResponseJson == null || cardResponseJson.trim().isEmpty()) {
                        runOnUiThread(() -> showMessage("Card authentication returned null or empty response"));
                        return;
                    }
                    
                    JsonObject cardResponseData = JsonParser.parseString(cardResponseJson).getAsJsonObject();
                    
                    // Phase 3: Backend completes authentication
                    // Note: Session cookies are automatically included from Phase 1
                    JsonObject completeResponse = backendClient.authenticateComplete(
                        cardResponseData, 
                        sessionId, 
                        username
                    );
                    
                    if (completeResponse.has("status") && 
                        "success".equals(completeResponse.get("status").getAsString())) {
                        runOnUiThread(() -> showMessage("Authentication successful!"));
                    } else {
                        String errorMsg = completeResponse.has("message") ? 
                            completeResponse.get("message").getAsString() : 
                            (completeResponse.has("errorMessage") ? 
                                completeResponse.get("errorMessage").getAsString() : "Authentication failed");
                        runOnUiThread(() -> showMessage(errorMsg));
                    }
                } catch (java.io.IOException e) {
                    runOnUiThread(() -> showMessage("Authentication failed: Network error - " + 
                        (e.getMessage() != null ? e.getMessage() : "Connection failed")));
                } catch (Exception e) {
                    runOnUiThread(() -> showMessage("Error: " + 
                        (e.getMessage() != null ? e.getMessage() : "Unknown error")));
                }
            }).start();
        }
    }
    
    // Callback implementations (for PIN operations)
    @Override
    public void setPinResult(String response) {
        runOnUiThread(() -> showMessage("Set PIN: " + response));
    }
    
    @Override
    public void changePinResult(String response) {
        runOnUiThread(() -> showMessage("Change PIN: " + response));
    }
    
    @Override
    public void authenticateResult(String response) {
        // Not used in backend-proxied pattern
    }
    
    @Override
    public void registerResult(String response) {
        // Not used in backend-proxied pattern
    }
}

Backend Implementation (Java Servlet)

The backend service receives requests from the Android app and proxies them to the FIDO2 Server. The implementation is identical to the iOS backend (see 5.2 iOS Sample Applications - Backend Implementation) since both iOS and Android apps use the same backend API contract.

Key Points:

Same operation-based routing (operation: "register" or operation: "authenticate")
Same phase detection (presence of cardResponseData determines begin vs. complete)
Same session cookie handling
Same FIDO2 Server REST API endpoints

The backend implementation shown in the iOS sample applications page applies to Android as well.

PreviousiOS Sample Applications NextDesktop Sample Applications

Last updated 1 month ago

hashtagMinimal Examples

hashtagMinimal Client-Direct Example

hashtagMinimal Backend-Proxied Example

hashtagComplete Sample Applications

hashtagClient-Direct Pattern

hashtagBackend-Proxied Pattern (Recommended)

hashtagBackend API Client

hashtagComplete Backend-Proxied Sample App

hashtagBackend Implementation (Java Servlet)