Want to disable biometric without logout user.

[rajeshjadidminc]

Describe the feature request.

I have implemented this demo and it's working fine with enabling the biometric.

I want the user to disable biometrics once it's enabled by the user.
In the current implementation when I disable biometrics it will force me to log out.
biometrics

New or Affected Resource(s)

I want to enable/disable features inside the app without logging out users from the app.

Provide a documentation link

No response

Additional Information?

This function forces me, log out user, due to change the defaultEncryptionManager.

currentEncryptionManager?.removeKeys()
sessionClient.clear()
currentEncryptionManager = defaultEncryptionManager
try { //set the encryption manager back to default.
sessionClient.migrateTo(currentEncryptionManager)
} catch (e: AuthorizationException) { //NO-OP
}
showSignedOutMode()

Please give me suggestion asap so i can plan to purchase okta .

[emanor-okta]

Hello @rajeshjadidminc,

Have you tried using migrateTo(EncryptionManager)

Note there is a new Android SDK that all new projects should start with and existing projects should begin to migrate to,
okta-mobile-kotlin

I believe at this point okta-oidc-android is mostly in a security only patch state.
So any new/modification feature would need to be forked and done on an individual basis.

New Mobile SDK announcment,
https://developer.okta.com/blog/2022/08/30/introducing-the-new-okta-mobile-sdks

[rajeshjadidminc]

Thanks for the quick response and providing the support for using the new lib. I am now using the new lib https://developer.okta.com/docs/guides/sign-into-mobile-app-redirect/android/main/ but when I try the use biometric it will navigate me to the older version code(classic engine code). Can you please share the new version of the okta SDK code with the biometric enable/disable option? Below is the URL which you have shared I need to integrate biometrics on below mention URL code. https://github.com/okta/okta-mobile-kotlin I have prepared POC Rajesh Jadi Software Engineer, Mobile Application Dev E: ***@***.*** • M: +91-9376217108 DMI - Digital at the Edge. Human at the Core. From: emanor-okta ***@***.***> Date: Friday, 25 November 2022 at 10:55 PM To: okta/okta-oidc-android ***@***.***> Cc: Rajesh Jadi ***@***.***>, Mention ***@***.***> Subject: Re: [okta/okta-oidc-android] Want to disable biometric without logout user. (Issue #344) CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hello @rajeshjadidminc<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Frajeshjadidminc&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208602979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AWS%2FmEaIF3afBj8%2B1cXYUHa4AMrpNuDNZPRcxBGj1II%3D&reserved=0>, Have you tried using migrateTo(EncryptionManager)<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fokta%2Fokta-oidc-android%2Fblob%2Fb9cdb73ffefbcb1b7b381d3b8e4d318ac05055e1%2Flibrary%2Fsrc%2Fmain%2Fjava%2Fcom%2Fokta%2Foidc%2Fclients%2Fsessions%2FBaseSessionClient.java%23L39&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208602979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RBDUwwfOm4r5k54Z5aqm%2BxZtVkqeOe%2FPf1%2Bd%2FJiUer4%3D&reserved=0> Note there is a new Android SDK that all new projects should start with and existing projects should begin to migrate to, okta-mobile-kotlin<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fokta%2Fokta-mobile-kotlin&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208602979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OcmcF7VHzfdrYneh4WhHbYDzZKrTzTlW3CoQKTgM0YI%3D&reserved=0> I believe at this point okta-oidc-android is mostly in a security only patch state. So any new/modification feature would need to be forked and done on an individual basis. New Mobile SDK announcment, https://developer.okta.com/blog/2022/08/30/introducing-the-new-okta-mobile-sdks<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.okta.com%2Fblog%2F2022%2F08%2F30%2Fintroducing-the-new-okta-mobile-sdks&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208602979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EFTMOOwKUnNIy55%2FDcSiVCBYeKvLef%2FP6qwCRZ9ATFc%3D&reserved=0> — Reply to this email directly, view it on GitHub<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fokta%2Fokta-oidc-android%2Fissues%2F344%23issuecomment-1327734481&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208602979%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VTIhMSPkDRBvo2Gt%2BVXJ4bwZYraTjScF2echF5S4mp0%3D&reserved=0>, or unsubscribe<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAWWLY4IOANIMCX6NGMVZF6LWKDY7ZANCNFSM6AAAAAASLA22MA&data=05%7C01%7Crjadi%40dminc.com%7C51644825f9db4765965708dacf0a051a%7Cdb7ac9ef779d46e59bca00509580ad6b%7C0%7C0%7C638049939208759275%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=6mXm9Vsj0qhjJJNLR0LrDVOyrV3SRCAPpJjTRP0h4Wg%3D&reserved=0>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[rajdeepnanua-okta]

Hi @rajeshjadidminc, we currently don't have a sample for enabling biometrics in okta-mobile-kotlin. Adding that is my top priority currently, and I will notify you once I have a working sample.

[rajdeepnanua-okta]

@rajeshjadidminc, I have a commit up for how to do this using okta-mobile-kotlin here: okta/samples-android@420000d. The linked commit makes changes to our browser_sign_in sample to show how to switch between biometric and non-biometric encryption. CredentialTokenStorage.kt in the linked commit helps switch between different SharedPreferences, and BiometricCredentialsManager calls CredentialTokenStorage to switch between SharedPreferences with different encryption. Please let me know if this helps with your implementation.

[rajeshjadidminc]

Thanks for the update, I have verified the branch and working fine.

Just quick question regarding the session timeout.

Normal banking domain applications are managing sessions with custom API to check whether the session running or not, but in our case, we are using a redirection approach.
So we have 2 cases here:

• How we can manage the session timeout when the user stays ideal on the same screen for a long time?
• How we can manage the session when the user goes into the background and come back to the foreground after some time?

Is there a predefined method to check this scenario?

Please provide your valuable input.