如何在Android 5.0(API 21)之前确认设备凭据? [英] How to confirm device credential before Android 5.0 (API 21)?
问题描述
我有一个用例,要求用户确认设备凭证,并且KeyguardManager中的createConfirmDeviceCredentialIntent方法完全可以满足我的需求.但是,此方法是从API 21开始添加的.(
I have a use case that requires the user to confirm device credential, and the createConfirmDeviceCredentialIntent method in KeyguardManager perfectly meets my need. However, this method was added since API 21.(reference link) So how can I achieve the same functionality before Android 5.0? I also want to support versions like Android 4.X.
谢谢!
推荐答案
在21级之前,这在非root用户的设备上当然是不可能的,并且没有其他具有常规权限的选择.
Before 21 level this is certainly not possible on non-rooted device and there is no alternative with regular permissions.
If it is ok to require extra admin permissions, it is probably possible to emulate credential confirmation very loosely, with much more effort, by implementing DeviceAdminReceiver.onPasswordSucceeded. Lock the screen, when password succeeded perform the required action. This may turn out to be relatively complex because the action is not always received (only if status has changed), need to keep last success, communicate with receiver, etc.
作为旁注,请仔细检查用例和您的设计,在大多数情况下,使用createConfirmDeviceCredentialIntent时实际上并不需要这样做,并且其他设计选择可能会消除对它的需要.
As a side note, double check the use case and your design, in most cases when createConfirmDeviceCredentialIntent is used it is actually not required and other design choices may eliminate the need for it.
最好提供您要保护的内容的详细信息.如果是未经授权的人意外访问设备的情况,并且例如从某些oauth服务生成了永久令牌,则通过同一服务登录流程重新授权或存储原始凭证的hmac可能是合理的然后连同令牌一起提示并重新验证凭据,而不是提示输入设备凭据.或者,如果足够满足用例需求,则可以使用 google登录以授权访问您的应用/令牌,并验证所存储令牌的Google用户是否相同.
It was better to provide details of what exactly you are trying to protect. If it is a scenario for accidental access to the device by an unauthorized person and a permanent token is generated, say, from some oauth service, it may be reasonable either to reauthorize through the same service login flow or to store some hmac of original credentials along with token then prompt and re-validate credentials instead of prompting for device credentials. Alternatively, if that is enough for use case, you can use google login to authorize access to your app/token and verify google user is the same for the stored token.
这篇关于如何在Android 5.0(API 21)之前确认设备凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
