app-integrity-android-standard
v1.50.0
Published
The title says it all. Check [Android official documentation on Play Integrity standard requests](https://developer.android.com/google/play/integrity/standard) to understand how this API works and what it does.
Downloads
692
Maintainers
Readme
React Native library for generating standard requests of Android's Play Integrity API
The title says it all. Check Android official documentation on Play Integrity standard requests to understand how this API works and what it does.
Pre-requisites
You will need to use the bare workflow of Expo, because this library uses native Android APIs.
Technical notes
We have used https://github.com/MrToph/react-native-android-library-boilerplate as a template for constructing libraries.
We suggest you to read jeffDevelops intro on attestation in Android platforms, to get familiar with the topic.
If you need a library to generate attestation/assertion tokens on the client side (the app running on the users' devices), for other kinds of APIs or systems, then check this out: Android's Play Integrity Classic requests: https://github.com/jeffDevelops/expo-app-integrity Apple iOS DeviceCkeck attestation and assertion tokens: https://github.com/jeffDevelops/expo-app-integrity
If you need a library to check attestations/assertions from the server side, then check this out: iOS: https://github.com/srinivas1729/appattest-checker-node Android: https://github.com/sam-maverick/server-side-app-integrity-check
SIDE NOTE: Unfortunately, standard requests do not seem to be supported in Kotlin (oddly enough, the Android official documentation does not give code snippets for Kotlin, and we have checked empirically that the Kotlin compiler does not accept the classes required for the standard requests of the API), so we have written a separate library with Java code. We also found difficulties in adapting jeffDevelops library to merge with Java, so we ended up writing a new library.
Installation
npm install app-integrity-android-standard
Usage
You need to call and await the DoWarmup function before calling the GetToken function for standard requests; otherwise you will get a promise rejection.
DoWarmup()
Does the warmup to prepare the device to issue standard requests. This requires network connection to the Google servers via internet.
import * as AppIntegrityAndroidStandard from 'app-integrity-android-standard';
await AppIntegrityAndroidStandard.DoWarmup(
GoogleCloudProjectNumber // in String format
);
GetToken()
Generates an attestation object for a standard request, from the hash of the operation you want to attest (or from the nonce that the user obtained from your app server). You will need to pass this object to your app server to verify its validity (I suggest this library).
import * as AppIntegrityAndroidStandard from 'app-integrity-android-standard';
let attestationTokenObject = await AppIntegrityAndroidStandard.GetToken(
clientHash, // Hash of the operation or nonce
GoogleCloudProjectNumber // in String format
);
How to debug
Change the logLevel
to something appropriate for you, in your node_modules/app-integrity-android-standard/android/src/main/java/pt/lasige/appintegrityandroidstandard/Module.java
Make sure your device is connected to your computer and that it is recognized when issuing adb devices
. Also make sure that no Android emulators are running.
Run adb logcat -s "AppIntegrityAndroidStandard"
on the command line.
Execute your bare workflow to build and run the app.
Acknowledgements
The project that gave rise to these results received the support of a fellowship from ”la Caixa” Foundation (ID 100010434). The fellowship code is LCF/BQ/DI22/11940036. This work was also supported by FCT through the LASIGE Research Unit (UIDB/00408/2020 and UIDP/00408/2020).
License
This work is licensed under the MIT license. See LICENSE for details.