
Find "Remix to Edit" button at the top right corner. Go to the edit page of the website at !/webauthn-codelab. You are going to work on your own version of the app. You may try web version of the same app there. The completed app sends requests to a server at. You can preview what you are going to build from here. Let users re-authenticate themselves to the app using their fingerprint. Let users register a "user verifying platform authenticator" (the Android phone with fingerprint sensor itself will act as one). Make sure to register a fingerprint (or screenlock). Android OS 7.0 or later with latest updates. Android device with a fingerprint sensor (even without a fingerprint sensor, screenlock can provide equivalent user verification functionality). We are looking for your interest in a FIDO server. You can find third party solutions at FIDO Alliance official page, or open source libraries at webauthn.io or AwesomeWebAuthn. Please don't use it or the library for your production environment. The server implementation in this codelab is a stab. Warning: You won't learn how to build a FIDO server. You will also learn re-auth specific best practices. You will learn how to call the Android FIDO2 API and options you can provide in order to cater various occasions. The latter case is also referred to as "step-up authentication". "Re-authentication" is when a user signs in to an app, then re-authenticates when they switch back to your app, or when trying to access an important section of your app. In this codelab, you are going to build an Android app with a simple re-authentication functionality using fingerprint sensor.
The API provides a WebAuthn Client implementation, which supports the use of BLE, NFC, and USB roaming authenticators (security keys) as well as a platform authenticator, which allows the user to authenticate using their fingerprint or screenlock. The FIDO2 API allows Android applications to create and use strong, attested public key-based credentials for the purpose of authenticating users.