You can use the FIDO UAF client to authenticate logging in to Android apps without a password.

Use it to:

• register biometric details, such as fingerprint
• authorise against registered biometric details

• Android Marshmallow or above
• Minimum SDK 21, target SDK 27 and above

To use the client in your own application, you need to add a Maven reference to your build configuration.

Releases can be found on Maven Central, or see the instructions below for making changes and generating your own artifacts locally.

To generate a new set of Maven artifacts once you have made a code change:

1. Update the build version in fidoclient/build.gradle

   ext.build_version = '1.0.3-SNAPSHOT'

   Ensure to remove the -SNAPSHOT suffix for publishing to the releases repository.

2. Build and publish the artifacts to the local Maven repository:

   $ ./gradlew clean build publishAllPublicationsToLocalMavenRepository

3. There are separate local repositories configured for snapshot and release builds. Reference the local snapshot Maven repository in your Android project.

   allprojects {
     repositories {
       maven {
         "file:./path/to/nhsapp-fido-client-android/fidoclient/build/maven/snapshots"
       }
     }
   }
   
   dependencies {
     implementation 'io.github.nhsconnect:fido-uaf-client-android:1.0.3-SNAPSHOT'
   }

The client throws the following errors:

FidoAssertionException
FidoInvalidSignatureException
GenericFidoException

We appreciate contributions and there are several ways you can help. For more information, see our contributing guidelines.

The FIDO UAF (Universal Authentication Framework) client for Android is maintained by NHS Digital. Email us or open a GitHub issue.

If you believe you've found a vulnerability or security concern in the client, please report it to us:

1. Submit a vulnerability report through HackerOne's form.

2. Put "FAO NHS Digital's NHS App team" in the first line of the description.

The codebase is released under the MIT License, unless stated otherwise. This covers both the codebase and any sample code in the documentation.

The FIDO UAF (Universal Authentication Framework) client for Android is based on an open source implementation created by eBay. eBay's project has an Apache 2.0 license, which permits commercial use and modifications.

We use a subset of eBay's implementation. We converted those files we used from Java to Kotlin and we heavily modified most of them. The original copyright notices on each converted file are retained.