binding/com.pingidentity.device.binding.authenticator/BiometricOnlyAuthenticator

BiometricOnlyAuthenticator

open class BiometricOnlyAuthenticator(config: BiometricAuthenticatorConfig) : BiometricAuthenticator

Pure biometric authenticator that requires biometric authentication without fallback options.

This authenticator provides the highest level of biometric security by requiring exclusive biometric authentication (fingerprint, face recognition, iris scanning) without allowing fallback to device credentials. It automatically adapts between strong and weak biometric authentication based on device capabilities while maintaining strict biometric-only access.

Limitations:

  • No fallback authentication if biometric fails or is unavailable

  • Users may be locked out if biometric sensors malfunction

  • Not suitable for users who cannot use biometric authentication

  • Requires user education about biometric-only access limitations

Example usage:

val authenticator = BiometricOnlyAuthenticator {
    strongBoxPreferred = true

    promptInfo {
        setTitle("Biometric Authentication Required")
        setSubtitle("Use your fingerprint or face")
        setDescription("Access requires biometric verification only")
        setNegativeButtonText("Cancel")
        setConfirmationRequired(false) // Faster authentication
    }

    keyGenParameterSpec {
        setUserAuthenticationRequired(true)
        setUserAuthenticationValidityDurationSeconds(0) // Always require biometric
        setInvalidatedByBiometricEnrollment(true)
        setIsStrongBoxBacked(true)
    }
}

// Register with biometric-only protection
val registrationResult = authenticator.register(context, Attestation.Default(challenge))

// Authenticate using biometric only
val authResult = authenticator.authenticate(context)
if (authResult.isSuccess) {
    val (privateKey, cryptoObject) = authResult.getOrNull()!!
    // cryptoObject available when using BIOMETRIC_STRONG
}
Content copied to clipboard

Since

1.0.0

Parameters

config

Configuration object containing biometric prompt settings, key generation parameters, hardware preferences, and logging configuration

See also

Constructors

Link copied to clipboard
constructor(config: BiometricAuthenticatorConfig)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
open override val type: DeviceBindingAuthenticationType

The type of device binding authentication provided by this authenticator.

Functions

Link copied to clipboard
open suspend override fun authenticate(context: Context): Result<Pair<PrivateKey, BiometricPrompt.CryptoObject?>>

Authenticates the user using pure biometric methods with adaptive strength selection.

Link copied to clipboard
open override fun isSupported(context: Context, attestation: Attestation): Boolean

Checks if biometric-only authentication is supported on the current device.

Link copied to clipboard
open suspend override fun register(context: Context, attestation: Attestation): Result<KeyPair>

Registers a new device by generating biometric-only protected RSA key pairs.