Storage module should be a stand-alone lib

[ber4444]

When using Okta IDX, this library is not used at all, see https://github.com/okta/okta-idx-android

But in trying to implement biometrics with IDX, we can still copy https://github.com/okta/samples-android/blob/b245f729d46d94d8a101bfe2e6256b2b2c07a2ea/custom-sign-in/app/src/main/java/com/okta/android/samples/custom_sign_in/util/SmartLockHelper.java which would need the Storage part of Okta Oidc.

[JayNewstrom]

Hi, thanks for the report. We've got a big internal project we're working on to better integrate all of our SDKs. You're right in that they don't play nicely together. And we're definitely working to fix that.

Could you tell me more about your use case?

[ber4444]

I have converted the classic engine's sample to use androidx.biometric.BiometricManager now trying to use it in your okta-idx-android sample. The only missing import is com.okta.oidc.storage.security.EncryptionManager so I have come here to report the need for a "lite" version.

[JayNewstrom]

Just so that I make sure I'm understanding you correctly, are you trying to store the tokens minted from the idx-sdk? And have a way to securely store/retrieve them?

[ber4444]

yes. So basically the user will use biometrics to login, rather than typing a password every time.

[JayNewstrom]

So you have another layer (in your app) that unlocks the Okta tokens before the user can use them?

[ber4444]

Isn't the SmartLockHelper I linked to above which does that via BiometricPrompt and https://github.com/okta/okta-oidc-android#guardedencryptionmanager?

[JayNewstrom]

I see, thanks. Right now token storage is out of scope for the IDX SDKs.

We are working to remedy this though!

If you want to implement your own, feel free to use a combination of the oidc SDK, as well as the jetpack security SDKs as inspiration. https://developer.android.com/jetpack/androidx/releases/security

Which is what I'm working towards for a future release.

[ber4444]

Thanks for the pointer, I'm going to see if https://github.com/android/security-samples/tree/master/BiometricLoginKotlin can be integrated with the IDX sample. I am not allowed to publish on Github but if you can push an "official" integration up, it will benefit the community.

[JayNewstrom]

I appreciate the feedback!