Why does Google's Fido2PendingIntent().launchPendingIntent
method fail (no fingerprint/passcode prompt is displayed) on the first attempt with the error code:
SECURITY_ERR - The operation is insecure. The incoming request cannot be validated.
And, successive attempts typically result in the the above call working (fingerprint/passcode is prompt displayed), and no longer getting this error.
These are the main snippets of the code:
ListenerRegistration.java:
try {
// Get intent for FIDO2 operation.
Fido2ApiClient fido2ApiClient = Fido.getFido2ApiClient( this.activity );
Task<Fido2PendingIntent> task = fido2ApiClient.getRegisterIntent( pkcco );
// Send intent back to UI through callback.
Log.d( TAG, "LISTENERREGISTRATION.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT" );
this.fidoDelegate.launchFidoPrompt( Tasks.await( task ), FidoPromptCallback.FIDO2_REGISTRATION );
// Wait for authenticator to complete.
this.fidoAuthenticatorLock.acquire();
} catch( ExecutionException e ) {
// Threw exception while waiting for authenticator.
// Pass Fido2AuthenticatorException back to calling class so it can handle error appropriately.
throw new Fido2AuthenticatorException( this.sFido2AuthenticatorErrorMessage, this.fido2ErrorCode );
} catch( InterruptedException e ) {
// Threw exception while waiting for authenticator.
// Pass Fido2AuthenticatorException back to calling class so it can handle error appropriately.
throw new Fido2AuthenticatorException( this.sFido2AuthenticatorErrorMessage, this.fido2ErrorCode );
}
MainActivity.java:
// Instantiate class to handle VC functionality called by listener.
this.lo = new ListenerOperations(MainActivity.this, new FidoPromptCallback() {
@Override
public void launchFidoPrompt(Fido2PendingIntent fido2Intent, int iOperation) {
// Determine how to handle authenticator result.
int iCode;
if (iOperation == FidoPromptCallback.FIDO2_REGISTRATION) {
iCode = MainActivity.REQUEST_FIDO2_REGISTER;
} else if (iOperation == FidoPromptCallback.FIDO2_ASSERTION) {
iCode = MainActivity.REQUEST_FIDO2_ASSERTION;
} else {
// Invalid operation.
iCode = -1;
}
try {
// Launch the fingerprint dialog by launching the intent from FIDO2 API.
Log.d( TAG, "MAINACTIVITY.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT" );
fido2Intent.launchPendingIntent( MainActivity.this, iCode );
Log.d( TAG, "MAINACTIVITY.java HAS OPENNED FINGERPRINT/SECRUITY PROMPT WITH NO ERRORS" );
} catch( IntentSender.SendIntentException e ) {
// Error launching pending intent for register request.
Log.d(TAG, "SADFACE - FAILED TO OPEN FINGERPRINT FIDO DIALOG");
} catch (Exception e) {
Log.d( TAG, "GENERAL EXCEPTION OCCURRED WHEN CALLING fido2Intent.launchPendingIntent" );
e.printStackTrace();
}
Log.d( TAG, "MAINACTIVITY.java END OF launchFidoPrompt()" );
}
On failure (and success) the logs look like this (because no exception is ever thrown even after getting the SECURITY_ERR
error):
other logs
...
10-01 10:31:36.289 14272 15728 D MainActivity.java: LISTENERREGISTRATION.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT
...
10-01 10:31:37.589 14974 15728 D MainActivity.java: MAINACTIVITY.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT
10-01 10:31:37.602 4053 4953 I ActivityManager: START u0 {act=null typ=null flg=0x0 cmp=ComponentInfo{com.google.android.gms/com.google.android.gms.fido.fido2.ui.Fido2FullScreenActivity}} from uid 10031
10-01 10:31:37.623 4053 4953 D CustomFrequencyManagerService: acquireDVFSLockLocked : type : DVFS_MIN_LIMIT frequency : 1560000 uid : 1000 pid : 4053 pkgName : AMS_APP_SWITCH@CPU_MIN@47
10-01 10:31:37.625 4053 4953 D ActivityManagerPerformance: AMP_acquire() APP_SWITCH
10-01 10:31:37.628 3633 3633 I SurfaceFlinger: id=56380 createSurf (3040x3040),2 flag=4, AppWindowToken{2800ead token=Token{77b3fc4 ActivityRecord{44bad7 u0 com.google.android.gms/.fido.fido2.ui.Fido2FullScreenActivity t7062}}}#0
10-01 10:31:37.636 4053 4953 D ActivityManager: Received ACTIVITY intent in key u0 {bcd25e2 act=nullstartActivity cmp=ComponentInfo{com.google.android.gms/com.google.android.gms.fido.fido2.ui.Fido2FullScreenActivity} res=0} from uid 10218
10-01 10:31:37.637 14974 15728 D MainActivity.java: MAINACTIVITY.java HAS OPENNED FINGERPRINT/SECRUITY PROMPT WITH NO ERRORS
10-01 10:31:37.637 14974 15728 D MainActivity.java: MAINACTIVITY.java END OF launchFidoPrompt()
The fact that my code does not get notified of any exceptions, leads me to believe that the issue lies inside the call to Fido2PendingIntent().launchPendingIntent
.
Note that now exceptgion in this code: