I'm currently implementing AppLock using BiometricPrompt (androidx.biometric:biometric:1.0.0-rc01)
There is an option .setDeviceCredentialAllowed(true) which uses device's password.
But I was wondering if there is a way to use this library with custom password (not from system)?
Thanks in advance.
But I was wondering if there is a way to use this library with custom password (not from system)?
No, sorry. That is beyond the scope of BiometricPrompt. If you wish to use device authentication as a second factor to an app-specific password, you will need to implement the app-specific password yourself.
Perhaps not exactly what you are asking, but if you wanted your users to have the option of using biometrics or the app password (app as opposed to device) you can do the following.
Inside your onClick listener
if (BiometricManager.from(application).canAuthenticate() == BiometricManager.BIOMETRIC_SUCCESS) {
biometricPrompt.authenticate(promptInfo, cryptoObject)
} else {
loginWithAppPasswordFragment() // use this to show a DialogFragment
}
UPDATE
The following blog post demonstrates how to use account password along side biometrics.
To set up authentication that allows for an app-specific password, you can do something like the following:
In the BiometricPrompt.PromptInfo.Builder, specify setNegativeButtonText(String) to be something like Use password. Then, in the onAuthenticationError(int errorCode, CharSequence error) callback (which is invoked when the user presses the use password button), check for errorCode == ERROR_NEGATIVE_BUTTON. In here, you can implement your app-password check. Depending on your design, it can range from a simple on-device comparison to something complicated like a server/client check involving public/private keys, etc.
