User Authentication
NOTE
The initial APIs of this module are supported since API version 6. Newly added APIs will be marked with a superscript to indicate their earliest API version.
Modules to Import
import userIAM_userAuth from '@ohos.userIAM.userAuth';
Example
// API version 6
import userIAM_userAuth from '@ohos.userIAM.userAuth';
export default {
startAuth() {
console.info("start auth");
let auth = userIAM_userAuth.getAuthenticator();
auth.execute("FACE_ONLY", "S2").then((code)=>{
console.info("auth success");
// Add the logic to be executed when the authentication is successful.
}).catch((code)=>{
console.error("auth fail, code = " + code);
// Add the logic to be executed when the authentication fails.
});
}
}
// API version 8
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
export default {
getVersion() {
console.info("start get version");
let version = this.auth.getVersion();
console.info("auth version = " + version);
},
startAuth() {
console.info("start auth");
this.auth.auth(null, userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1, {
onResult: (result, extraInfo) => {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == 'SUCCESS') {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
}
} catch (e) {
console.info("auth onResult error = " + e);
}
},
onAcquireInfo: (module, acquire, extraInfo) => {
try {
console.info("auth onAcquireInfo module = " + module);
console.info("auth onAcquireInfo acquire = " + acquire);
console.info("auth onAcquireInfo extraInfo = " + JSON.stringify(extraInfo));
} catch (e) {
console.info("auth onAcquireInfo error = " + e);
}
}
});
},
checkAuthSupport() {
console.info("start check auth support");
let checkCode = this.auth.getAvailableStatus(userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1);
if (checkCode == userIAM_userAuth.ResultCode.SUCCESS) {
console.info("check auth support success");
// Add the logic to be executed if the specified authentication type is supported.
} else {
console.error("check auth support fail, code = " + checkCode);
// Add the logic to be executed if the specified authentication type is not supported.
}
},
cancelAuth() {
console.info("start cancel auth");
// Obtain contextId using auth().
let contextId = auth.auth(null, userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1, {
onResult: (result, extraInfo) => {
console.info("auth onResult result = " + result);
},
onAcquireInfo: (module, acquire, extraInfo) => {
console.info("auth onAcquireInfo module = " + module);
}
});
let cancelCode = this.auth.cancel(contextId);
if (cancelCode == userIAM_userAuth.Result.SUCCESS) {
console.info("cancel auth success");
} else {
console.error("cancel auth fail");
}
}
}
userIAM_userAuth.getAuthenticator(deprecated)
getAuthenticator(): Authenticator
NOTE
This API is not longer maintained since API version 8. You are advised to use constructor.
Obtains an Authenticator object for user authentication.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Return value
| Type | Description |
|---|---|
| Authenticator | Authenticator object obtained. |
Example
let authenticator = userIAM_userAuth.getAuthenticator();
Authenticator(deprecated)
NOTE
This object is not longer maintained since API version 8. You are advised to use UserAuth.
Provides methods to manage an Authenticator object.
execute(deprecated)
execute(type: string, level: string, callback: AsyncCallback<number>): void
NOTE
This API is not longer maintained since API version 8. You are advised to use auth.
Performs user authentication. This method uses asynchronous callback to return the result.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | string | Yes | Authentication type. Only FACE_ONLY is supported. ALL is reserved and not supported by the current version. |
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest). Devices capable of 3D facial recognition support S3 and lower-level authentication. Devices capable of 2D facial recognition support S2 and lower-level authentication. |
| callback | AsyncCallback<number> | No | Callback used to return the result. |
Parameters returned in callback
| Type | Description |
|---|---|
| number | Authentication result. For details, see AuthenticationResult. |
Example
authenticator.execute("FACE_ONLY", "S2", (code)=>{
if (code == userIAM_userAuth.AuthenticationResult.SUCCESS) {
console.info("auth success");
return;
}
console.error("auth fail, code = " + code);
})
execute(deprecated)
execute(type:string, level:string): Promise<number>
NOTE
This API is not longer maintained since API version 8. You are advised to use auth.
Performs user authentication. This method uses a promise to return the result.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| type | string | Yes | Authentication type. Only FACE_ONLY is supported. ALL is reserved and not supported by the current version. |
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest). Devices capable of 3D facial recognition support S3 and lower-level authentication. Devices capable of 2D facial recognition support S2 and lower-level authentication. |
Return value
| Type | Description |
|---|---|
| Promise<number> | Promise used to return the authentication result, which is a number. For details, see AuthenticationResult. |
Example
let authenticator = userIAM_userAuth.getAuthenticator();
authenticator.execute("FACE_ONLY", "S2").then((code)=>{
console.info("auth success");
}).catch((code)=>{
console.error("auth fail, code = " + code);
});
AuthenticationResult(deprecated)
NOTE
This parameter is not longer maintained since API version 8. You are advised to use ResultCode.
Enumerates the authentication results.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| NO_SUPPORT | -1 | The device does not support the current authentication mode. |
| SUCCESS | 0 | The authentication is successful. |
| COMPARE_FAILURE | 1 | The feature comparison failed. |
| CANCELED | 2 | The authentication was canceled by the user. |
| TIMEOUT | 3 | The authentication has timed out. |
| CAMERA_FAIL | 4 | The camera failed to start. |
| BUSY | 5 | The authentication service is not available. Try again later. |
| INVALID_PARAMETERS | 6 | The authentication parameters are invalid. |
| LOCKED | 7 | The user account is locked because the number of authentication failures has reached the threshold. |
| NOT_ENROLLED | 8 | No authentication credential is registered. |
| GENERAL_ERROR | 100 | Other errors. |
UserAuth8+
Provides methods to manage an Authenticator object.
constructor8+
constructor()
A constructor used to create an authenticator object.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Return value
| Type | Description |
|---|---|
| UserAuth | Authenticator object obtained. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
getVersion8+
getVersion() : number
Obtains the authentication executor version.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Return value
| Type | Description |
|---|---|
| number | Authentication executor version obtained. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
let version = auth.getVersion();
console.info("auth version = " + version);
getAvailableStatus8+
getAvailableStatus(authType : UserAuthType, authTrustLevel : AuthTrustLevel) : number
Checks whether the authentication capability of the specified trust level is available.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| authType | UserAuthType | Yes | Authentication type. Only FACE is supported. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level of the authentication result. |
Return value
| Type | Description |
|---|---|
| number | Whether the authentication capability of the specified trust level is available. For details, see ResultCode. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
let checkCode = auth.getAvailableStatus(userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1);
if (checkCode == userIAM_userAuth.ResultCode.SUCCESS) {
console.info("check auth support success");
// Add the logic to be executed if the specified authentication type is supported.
} else {
console.error("check auth support fail, code = " + checkCode);
// Add the logic to be executed if the specified authentication type is not supported.
}
auth8+
auth(challenge: Uint8Array, authType: UserAuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): Uint8Array
Performs user authentication. This method uses a callback to return the result.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| challenge | Uint8Array | Yes | Challenge value, which can be null. |
| authType | UserAuthType | Yes | Authentication type. Only FACE is supported. |
| authTrustLevel | AuthTrustLevel | Yes | Trust level. |
| callback | IUserAuthCallback | Yes | Callback used to return the result. |
Return value
| Type | Description |
|---|---|
| Uint8Array | ContextId, which is used as the input parameter of cancelAuth. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
auth.auth(null, userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1, {
onResult: (result, extraInfo) => {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
}
} catch (e) {
console.info("auth onResult error = " + e);
}
}
});
cancelAuth8+
cancelAuth(contextID : Uint8Array) : number
Cancels an authentication.
Required permissions: ohos.permission.ACCESS_BIOMETRIC
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| contextID | Uint8Array | Yes | Context ID, which is obtained using auth. |
Return value
| Type | Description |
|---|---|
| number | Whether the authentication is canceled. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
// contextId can be obtained using auth(). In this example, it is defined here.
let contextId = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7]);
let cancelCode = auth.cancel(contextId);
if (cancelCode == userIAM_userAuth.ResultCode.SUCCESS) {
console.info("cancel auth success");
} else {
console.error("cancel auth fail");
}
IUserAuthCallback8+
Defines the object of the result returned by the callback during authentication.
onResult8+
onResult: (result : number, extraInfo : AuthResult) => void
Obtains the authentication result.
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| result | number | Yes | Authentication result obtained. For details, see ResultCode. |
| extraInfo | AuthResult | Yes | Extended information, which varies depending on the authentication result. If the authentication is successful, the user authentication token will be returned in extraInfo. If the authentication fails, the remaining number of authentication times will be returned in extraInfo. If the authentication executor is locked, the freeze time will be returned in extraInfo. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
auth.auth(null, userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1, {
onResult: (result, extraInfo) => {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
}
} catch (e) {
console.info("auth onResult error = " + e);
}
},
onAcquireInfo: (module, acquire, extraInfo) => {
try {
console.info("auth onAcquireInfo module = " + module);
console.info("auth onAcquireInfo acquire = " + acquire);
console.info("auth onAcquireInfo extraInfo = " + JSON.stringify(extraInfo));
} catch (e) {
console.info("auth onAcquireInfo error = " + e);
}
}
});
onAcquireInfo8+
onAcquireInfo ?: (module : number, acquire : number, extraInfo : any) => void
Obtains the tip code information during authentication. This function is optional.
System capability: SystemCapability.UserIAM.UserAuth.Core
Parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| module | number | Yes | Type of the authentication executor. |
| acquire | number | Yes | Interaction information of the authentication executor during the authentication process. |
| extraInfo | any | Yes | Reserved field. |
Example
import userIAM_userAuth from '@ohos.userIAM.userAuth';
let auth = new userIAM_userAuth.UserAuth();
auth.auth(null, userIAM_userAuth.UserAuthType.FACE, userIAM_userAuth.AuthTrustLevel.ATL1, {
onResult: (result, extraInfo) => {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
}
} catch (e) {
console.info("auth onResult error = " + e);
}
},
onAcquireInfo: (module, acquire, extraInfo) => {
try {
console.info("auth onAcquireInfo module = " + module);
console.info("auth onAcquireInfo acquire = " + acquire);
console.info("auth onAcquireInfo extraInfo = " + JSON.stringify(extraInfo));
} catch (e) {
console.info("auth onAcquireInfo error = " + e);
}
}
});
AuthResult8+
Represents the authentication result object.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Type | Mandatory | Description |
|---|---|---|---|
| token | Uint8Array | No | Identity authentication token. |
| remainTimes | number | No | Number of remaining authentication operations. |
| freezingTime | number | No | Time for which the authentication operation is frozen. |
ResultCode8+
Enumerates the operation results.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| SUCCESS | 0 | The operation is successful. |
| FAIL | 1 | The operation failed. |
| GENERAL_ERROR | 2 | A common operation error occurred. |
| CANCELED | 3 | The operation is canceled. |
| TIMEOUT | 4 | The operation timed out. |
| TYPE_NOT_SUPPORT | 5 | The authentication type is not supported. |
| TRUST_LEVEL_NOT_SUPPORT | 6 | The authentication trust level is not supported. |
| BUSY | 7 | Indicates the busy state. |
| INVALID_PARAMETERS | 8 | Invalid parameters are detected. |
| LOCKED | 9 | The authentication executor is locked. |
| NOT_ENROLLED | 10 | The user has not entered the authentication information. |
FaceTips8+
Enumerates the tip codes used during the facial authentication process.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| FACE_AUTH_TIP_TOO_BRIGHT | 1 | The obtained facial image is too bright due to high illumination. |
| FACE_AUTH_TIP_TOO_DARK | 2 | The obtained facial image is too dark due to low illumination. |
| FACE_AUTH_TIP_TOO_CLOSE | 3 | The face is too close to the device. |
| FACE_AUTH_TIP_TOO_FAR | 4 | The face is too far away from the device. |
| FACE_AUTH_TIP_TOO_HIGH | 5 | Only the upper part of the face is captured because the device is angled too high. |
| FACE_AUTH_TIP_TOO_LOW | 6 | Only the lower part of the face is captured because the device is angled too low. |
| FACE_AUTH_TIP_TOO_RIGHT | 7 | Only the right part of the face is captured because the device is deviated to the right. |
| FACE_AUTH_TIP_TOO_LEFT | 8 | Only the left part of the face is captured because the device is deviated to the left. |
| FACE_AUTH_TIP_TOO_MUCH_MOTION | 9 | The face moves too fast during facial information collection. |
| FACE_AUTH_TIP_POOR_GAZE | 10 | The face is not facing the camera. |
| FACE_AUTH_TIP_NOT_DETECTED | 11 | No face is detected. |
FingerprintTips8+
Enumerates the tip codes used during the fingerprint authentication process.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| FINGERPRINT_AUTH_TIP_GOOD | 0 | The obtained fingerprint image is in good condition. |
| FINGERPRINT_AUTH_TIP_DIRTY | 1 | Large fingerprint image noise is detected due to suspicious or detected dirt on the sensor. |
| FINGERPRINT_AUTH_TIP_INSUFFICIENT | 2 | The noise of the fingerprint image is too large to be processed. |
| FINGERPRINT_AUTH_TIP_PARTIAL | 3 | Incomplete fingerprint image is detected. |
| FINGERPRINT_AUTH_TIP_TOO_FAST | 4 | The fingerprint image is incomplete due to fast movement. |
| FINGERPRINT_AUTH_TIP_TOO_SLOW | 5 | Failed to obtain the fingerprint image because the finger seldom moves. |
UserAuthType8+
Enumerates the identity authentication types.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| FACE | 2 | Facial authentication. |
| FINGERPRINT | 4 | Fingerprint authentication. |
AuthTrustLevel8+
Enumerates the trust levels of the authentication result.
System capability: SystemCapability.UserIAM.UserAuth.Core
| Name | Default Value | Description |
|---|---|---|
| ATL1 | 10000 | Trust level 1. |
| ATL2 | 20000 | Trust level 2. |
| ATL3 | 30000 | Trust level 3. |
| ATL4 | 40000 | Trust level 4. |