identity-samples icon indicating copy to clipboard operation
identity-samples copied to clipboard
verified publisher icon android

Non-discoverable key support for Android Credential

Open syntag opened this issue 1 year ago • 2 comments

Hi, not sure if this is the right repo to post this.

I'm wondering if there are any plans on the roadmap to introduce non-discoverable/security key (e.g Yubikey) signing support for Android Credential Manager? Currently, the recommendation from Google is to use the FIDO API since this is not supported today (source).

The FIDO credentials API is missing configuration options such as UserVerification and is outdated.

syntag avatar Nov 12 '24 18:11 syntag

Credential Manager supports creating and using passkeys (i.e. discoverable credentials) from security keys. You can test this by doing a create request and not setting a value for authenticatorAttachment parameter. Users will be prompted to create a passkey in the default password manager, and if they tap on More options, they can choose "Use another device" and then choose the USB security key.

cy245 avatar Feb 14 '25 19:02 cy245

I didn't set the authenticatorAttachment parameter, but I don't see the "Use another device" option, even after clicking "More options." Everything worked fine when I previously integrated the Google FIDO2 SDK.

mattaojie avatar Sep 22 '25 08:09 mattaojie