The U2F standard allows for two-factor authentication with web services. It protects your account by using a hardware security key in addition to your username and password. It has been deployed successfully by large services, including Google, Facebook, Dropbox and Salesforce.
Our SDK provides a FIDO U2F client for Android that works with security keys (FIDO authenticators), such as YubiKeys, over NFC and USB.
Supports a wide range of Security Keys, such as the YubiKeys 4 and 5 series as well as Nitrokeys. Security Keys can be directly connected over USB-C and NFC. USB-A keys require an additional USB OTG cable.
We are not selling yet another SaaS login solution. Our SDK is a standard-compliant clean-room implementation that works with any FIDO server. In contrast to Google's FIDO APIs, our SDK works without Google Play Services. Thus, it also works in countries where phones do not ship with Google Play.
| Hardware Security SDK | FIDO U2F HID Protocol 1.2 |
| FIDO Artifact | FIDO U2F Raw Message Formats 1.2 FIDO U2F NFC protocol 1.2 |
| FIDO WebView Bridge | FIDO U2F JavaScript API 1.2 |
public class MainActivity extends AppCompatActivity implements OnFidoAuthenticateCallback {
private void showFidoAuthenticateDialog() {
// Make an authentication request to the server. In a real application, this would perform
// an HTTP request. The server will send us a challenge based on the FIDO key we registered
// before, asking us to prove we still have the same key.
FidoAuthenticateRequest authenticateRequest =
FidoAuthenticateRequest.create(fidoAppId, fidoFacetId, authChallenge, keyHandle);
// This opens a UI fragment, which takes care of the user interaction as well as all FIDO internal
// operations for us, and triggers a callback to onAuthenticateResponse(FidoAuthenticateResponse).
FidoDialogFragment fidoDialogFragment = FidoDialogFragment.newInstance(authenticateRequest);
fidoDialogFragment.show(getSupportFragmentManager());
}
@Override
public void onFidoAuthenticateResponse(@NonNull FidoAuthenticateResponse authenticateResponse) {
// Forward the authentication response from the FIDO Security Key to our server application.
// The server will check that the signature matches the FIDO key we registered with, and if
// so we have successfully logged in.
}
}
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
WebView webView = findViewById(R.id.webview);
// Installs the FIDO WebView Bridge into your login WebView
webView.getSettings().setJavaScriptEnabled(true);
WebViewFidoBridge webViewFidoBridge = WebViewFidoBridge.createInstanceForWebView(this, webView);
webView.setWebViewClient(new WebViewClient() {
@Override
public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
webViewFidoBridge.delegateShouldInterceptRequest(view, request);
return super.shouldInterceptRequest(view, request);
}
@Override
public void onPageStarted(WebView view, String url, Bitmap favicon) {
super.onPageStarted(view, url, favicon);
webViewFidoBridge.delegateOnPageStarted(view, url, favicon);
}
});
webView.loadUrl("https://u2f.hwsecurity.dev");
}
}
