BiometricPrompt

public class BiometricPrompt


A class that manages a system-provided biometric prompt. On devices running Android 9.0 (API 28) and above, this will show a system-provided authentication prompt, using one of the device's supported biometric modalities (fingerprint, iris, face, etc). Prior to Android 9.0, this will instead show a custom fingerprint authentication dialog. The prompt will persist across configuration changes unless explicitly canceled. For security reasons, the prompt will be dismissed when the client application is no longer in the foreground.

To persist authentication across configuration changes, developers should (re)create the prompt every time the activity/fragment is created. Instantiating the prompt with a new callback early in the fragment/activity lifecycle (e.g. in onCreate()) will allow the ongoing authentication session's callbacks to be received by the new fragment/activity instance. Note that cancelAuthentication() should not be called, and authenticate() does not need to be invoked during activity/fragment creation.

Summary

Nested types

A collection of methods that may be invoked by BiometricPrompt during authentication.

A container for data passed to onAuthenticationSucceeded when the user has successfully authenticated.

A wrapper class for the crypto objects supported by BiometricPrompt.

A set of configurable options for how the BiometricPrompt should appear and behave.

A builder used to set individual options for the PromptInfo class.

Constants

static final int

Authentication type reported by AuthenticationResult when the user authenticated by presenting some form of biometric (e.g. fingerprint or face).

static final int

Authentication type reported by AuthenticationResult when the user authenticated by entering their device PIN, pattern, or password.

static final int

Authentication type reported by AuthenticationResult when the user authenticated via an unknown method.

static final int

The operation was canceled because the biometric sensor is unavailable.

static final int

The device does not have the required authentication hardware.

static final int

The hardware is unavailable.

static final int

The operation was canceled because the API is locked out due to too many attempts.

static final int

The operation was canceled because ERROR_LOCKOUT occurred too many times.

static final int

The user pressed the negative button.

static final int

The user does not have any biometrics enrolled.

static final int

The device does not have pin, pattern, or password set up.

static final int

The operation can't be completed because there is not enough device storage remaining.

static final int

A security vulnerability has been discovered with one or more hardware sensors.

static final int

The current operation has been running too long and has timed out.

static final int

The sensor was unable to process the current image.

static final int

The user canceled the operation.

static final int

The operation failed due to a vendor-specific error.

Public constructors

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face.

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face.

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face.

BiometricPrompt(
    @NonNull Fragment fragment,
    @NonNull Executor executor,
    @NonNull BiometricPrompt.AuthenticationCallback callback
)

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face.

Public methods

void

Shows the biometric prompt to the user.

void

Shows the biometric prompt to the user.

void

Cancels the ongoing authentication session and dismisses the prompt.

Constants

AUTHENTICATION_RESULT_TYPE_BIOMETRIC

Added in 1.1.0
public static final int AUTHENTICATION_RESULT_TYPE_BIOMETRIC = 2

Authentication type reported by AuthenticationResult when the user authenticated by presenting some form of biometric (e.g. fingerprint or face).

AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL

Added in 1.1.0
public static final int AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL = 1

Authentication type reported by AuthenticationResult when the user authenticated by entering their device PIN, pattern, or password.

AUTHENTICATION_RESULT_TYPE_UNKNOWN

Added in 1.1.0
public static final int AUTHENTICATION_RESULT_TYPE_UNKNOWN = -1

Authentication type reported by AuthenticationResult when the user authenticated via an unknown method.

This value may be returned on older Android versions due to partial incompatibility with a newer API. It does NOT necessarily imply that the user authenticated with a method other than those represented by AUTHENTICATION_RESULT_TYPE_DEVICE_CREDENTIAL and AUTHENTICATION_RESULT_TYPE_BIOMETRIC.

ERROR_CANCELED

Added in 1.0.0
public static final int ERROR_CANCELED = 5

The operation was canceled because the biometric sensor is unavailable. This may happen when the user is switched, the device is locked, or another pending operation prevents it.

ERROR_HW_NOT_PRESENT

Added in 1.0.0
public static final int ERROR_HW_NOT_PRESENT = 12

The device does not have the required authentication hardware.

ERROR_HW_UNAVAILABLE

Added in 1.0.0
public static final int ERROR_HW_UNAVAILABLE = 1

The hardware is unavailable. Try again later.

ERROR_LOCKOUT

Added in 1.0.0
public static final int ERROR_LOCKOUT = 7

The operation was canceled because the API is locked out due to too many attempts. This occurs after 5 failed attempts, and lasts for 30 seconds.

ERROR_LOCKOUT_PERMANENT

Added in 1.0.0
public static final int ERROR_LOCKOUT_PERMANENT = 9

The operation was canceled because ERROR_LOCKOUT occurred too many times. Biometric authentication is disabled until the user unlocks with their device credential (i.e. PIN, pattern, or password).

ERROR_NEGATIVE_BUTTON

Added in 1.0.0
public static final int ERROR_NEGATIVE_BUTTON = 13

The user pressed the negative button.

ERROR_NO_BIOMETRICS

Added in 1.0.0
public static final int ERROR_NO_BIOMETRICS = 11

The user does not have any biometrics enrolled.

ERROR_NO_DEVICE_CREDENTIAL

Added in 1.0.0
public static final int ERROR_NO_DEVICE_CREDENTIAL = 14

The device does not have pin, pattern, or password set up.

ERROR_NO_SPACE

Added in 1.0.0
public static final int ERROR_NO_SPACE = 4

The operation can't be completed because there is not enough device storage remaining.

ERROR_SECURITY_UPDATE_REQUIRED

Added in 1.1.0
public static final int ERROR_SECURITY_UPDATE_REQUIRED = 15

A security vulnerability has been discovered with one or more hardware sensors. The affected sensor(s) are unavailable until a security update has addressed the issue.

ERROR_TIMEOUT

Added in 1.0.0
public static final int ERROR_TIMEOUT = 3

The current operation has been running too long and has timed out.

This is intended to prevent programs from waiting for the biometric sensor indefinitely. The timeout is platform and sensor-specific, but is generally on the order of ~30 seconds.

ERROR_UNABLE_TO_PROCESS

Added in 1.0.0
public static final int ERROR_UNABLE_TO_PROCESS = 2

The sensor was unable to process the current image.

ERROR_USER_CANCELED

Added in 1.0.0
public static final int ERROR_USER_CANCELED = 10

The user canceled the operation.

Upon receiving this, applications should use alternate authentication, such as a password. The application should also provide the user a way of returning to biometric authentication, such as a button.

ERROR_VENDOR

Added in 1.0.0
public static final int ERROR_VENDOR = 8

The operation failed due to a vendor-specific error.

This error code may be used by hardware vendors to extend this list to cover errors that don't fall under one of the other predefined categories. Vendors are responsible for providing the strings for these errors.

These messages are typically reserved for internal operations such as enrollment but may be used to express any error that is not otherwise covered. In this case, applications are expected to show the error message, but they are advised not to rely on the message ID, since this may vary by vendor and device.

Public constructors

BiometricPrompt

Added in 1.1.0
public BiometricPrompt(
    @NonNull FragmentActivity activity,
    @NonNull BiometricPrompt.AuthenticationCallback callback
)

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.

If authentication is in progress, calling this constructor to recreate the prompt will also update the AuthenticationCallback for the current session. Thus, this method should be called by the client activity each time the configuration changes (e.g. in onCreate()).

Parameters
@NonNull FragmentActivity activity

The activity of the client application that will host the prompt.

@NonNull BiometricPrompt.AuthenticationCallback callback

The object that will receive and process authentication events.

BiometricPrompt

Added in 1.1.0
public BiometricPrompt(
    @NonNull Fragment fragment,
    @NonNull BiometricPrompt.AuthenticationCallback callback
)

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.

If authentication is in progress, calling this constructor to recreate the prompt will also update the AuthenticationCallback for the current session. Thus, this method should be called by the client fragment each time the configuration changes (e.g. in onCreate()).

Parameters
@NonNull Fragment fragment

The fragment of the client application that will host the prompt.

@NonNull BiometricPrompt.AuthenticationCallback callback

The object that will receive and process authentication events.

BiometricPrompt

Added in 1.0.0
public BiometricPrompt(
    @NonNull FragmentActivity activity,
    @NonNull Executor executor,
    @NonNull BiometricPrompt.AuthenticationCallback callback
)

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.

If authentication is in progress, calling this constructor to recreate the prompt will also update the Executor and AuthenticationCallback for the current session. Thus, this method should be called by the client activity each time the configuration changes (e.g. in onCreate()).

Parameters
@NonNull FragmentActivity activity

The activity of the client application that will host the prompt.

@NonNull Executor executor

The executor that will be used to run AuthenticationCallback methods.

@NonNull BiometricPrompt.AuthenticationCallback callback

The object that will receive and process authentication events.

BiometricPrompt

Added in 1.0.0
public BiometricPrompt(
    @NonNull Fragment fragment,
    @NonNull Executor executor,
    @NonNull BiometricPrompt.AuthenticationCallback callback
)

Constructs a BiometricPrompt, which can be used to prompt the user to authenticate with a biometric such as fingerprint or face. The prompt can be shown to the user by calling authenticate() and persists across device configuration changes by default.

If authentication is in progress, calling this constructor to recreate the prompt will also update the Executor and AuthenticationCallback for the current session. Thus, this method should be called by the client fragment each time the configuration changes (e.g. in onCreate()).

Parameters
@NonNull Fragment fragment

The fragment of the client application that will host the prompt.

@NonNull Executor executor

The executor that will be used to run AuthenticationCallback methods.

@NonNull BiometricPrompt.AuthenticationCallback callback

The object that will receive and process authentication events.

Public methods

authenticate

Added in 1.0.0
public void authenticate(@NonNull BiometricPrompt.PromptInfo info)

Shows the biometric prompt to the user. The prompt survives lifecycle changes by default. To cancel authentication and dismiss the prompt, use cancelAuthentication.

Parameters
@NonNull BiometricPrompt.PromptInfo info

An object describing the appearance and behavior of the prompt.

See also
authenticate

authenticate

Added in 1.0.0
public void authenticate(
    @NonNull BiometricPrompt.PromptInfo info,
    @NonNull BiometricPrompt.CryptoObject crypto
)

Shows the biometric prompt to the user. The prompt survives lifecycle changes by default. To cancel authentication and dismiss the prompt, use cancelAuthentication.

Calling this method invokes crypto-based authentication, which is incompatible with Class 2 (formerly Weak) biometrics and (prior to Android 11) device credential. Therefore, it is an error for info to explicitly allow any of these authenticator types on an incompatible Android version.

Parameters
@NonNull BiometricPrompt.PromptInfo info

An object describing the appearance and behavior of the prompt.

@NonNull BiometricPrompt.CryptoObject crypto

A crypto object to be associated with this authentication.

Throws
java.lang.IllegalArgumentException

If any of the allowed authenticator types specified by info do not support crypto-based authentication.

cancelAuthentication

Added in 1.0.0
public void cancelAuthentication()

Cancels the ongoing authentication session and dismisses the prompt.

On versions prior to Android 10 (API 29), calling this method while the user is authenticating with their device credential will NOT work as expected. See setDeviceCredentialAllowed for more details.