HarmonyOS 调用面容识别UserAuth，返回的token规则是什么，是否是唯一标识

目前我们APP适配HarmonyOS 系统涉及安全问题，需要使用面容识别作为依据判断是否是用户本人，但是查阅系统提供的UserAuth时发现返回的token为非必返回项，并且也没有明确说明token是否是唯一的标识（比如同一个人做多次人脸识别返回的token是否相同），有没有失效时间。还有token如果不返回，除了识别失败还有那些情况下不返回。我看API12返回结果新增了一个enrolledState结果但是也是随机生成，所以说API12是不是返回的token和这个enrolledState这两个字段的结果都是不唯一的标识，还请给详细的解答下！

HarmonyOS

zbw_apple

2024-12-25 08:34:57

浏览

回答 1

待解决

回答 1

按赞同

按时间

aquaa

您咨询的 token和enrolledState 都不是唯一的 token 是每次验证成功后都会生成

这里由于样机不能开启摄像头的原因使用指纹验证生成token为例，以下是三次token 都不唯一

authV9 token

0,0,0,0,49,49,49,49,49,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,201,81,238,0,0,0,0,0,48,117,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,254,197,28,102,132,33,90,189,105,7,88,146,53,197,211,115,236,152,40,206,241,243,228,206,76,214,186,242,248,205,244,218,47,112,27,219,116,100,180,59,222,201,110,1,6,16,4,51,45,240,122,68,69,87,163,171,137,11,117,116,83,123,31,131,198,112,75,174,230,254,190,91,94,50,19,220,153,183,7,76,89,124,245,17,142,193,57,210,179,30,224,108,214,55,162,81,51,147,147,194,16,15,46,233,20,104,66,226,108,69,63,17,34,199,17,41,94,107,240,219,79,138,217,11,165,244,91,8,85,195,243,125,83,87,122,58,238,207,234,62,32,103,140,219,93,248,121,193,207,195,233,109,102,243,157,81,105,203,24,96,120,68,78,245,164,205,91,196,32,166,108,51,81,209,157,3,76,200,46,29,203,32,26,184,212,220,186,103,16,105,252,149,183,91,66,22,73,142,83,214,185,43,226,249,200,209,215,104,161,174,239,61,140,250,231,234

authV9 token

0,0,0,0,49,49,49,49,49,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,113,151,237,0,0,0,0,0,48,117,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,127,174,186,111,55,195,245,30,71,88,199,177,32,192,241,169,45,37,112,184,68,84,56,133,192,116,116,251,45,161,229,224,233,121,149,73,215,243,145,121,165,123,197,161,181,153,56,253,40,63,249,188,203,134,161,222,47,85,193,65,59,54,51,176,102,64,225,66,152,106,219,131,125,14,190,215,27,144,60,61,37,69,13,164,4,73,88,134,134,156,251,190,85,82,160,135,170,44,39,253,130,153,246,189,189,17,196,134,162,174,142,75,246,169,113,253,65,251,108,35,49,158,238,223,156,109,121,95,215,82,223,91,126,127,117,148,52,124,109,192,244,126,211,173,192,164,142,129,19,84,18,8,63,215,157,135,237,86,216,154,9,248,147,162,25,150,113,14,198,192,119,12,23,7,37,218,184,175,36,73,136,104,15,29,220,157,244,37,47,206,247,234,157,229,146,142,57,9,238,72,211,248,72,104,102,231,18,39,8,172,82,229,123,65,53,178

authV9 token

0,0,0,0,49,49,49,49,49,49,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,201,81,238,0,0,0,0,0,48,117,0,0,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,254,197,28,102,132,33,90,189,105,7,88,146,53,197,211,115,236,152,40,206,241,243,228,206,76,214,186,242,248,205,244,218,47,112,27,219,116,100,180,59,222,201,110,1,6,16,4,51,45,240,122,68,69,87,163,171,137,11,117,116,83,123,31,131,198,112,75,174,230,254,190,91,94,50,19,220,153,183,7,76,89,124,245,17,142,193,57,210,179,30,224,108,214,55,162,81,51,147,147,194,16,15,46,233,20,104,66,226,108,69,63,17,34,199,17,41,94,107,240,219,79,138,217,11,165,244,91,8,85,195,243,125,83,87,122,58,238,207,234,62,32,103,140,219,93,248,121,193,207,195,233,109,102,243,157,81,105,203,24,96,120,68,78,245,164,205,91,196,32,166,108,51,81,209,157,3,76,200,46,29,203,32,26,184,212,220,186,103,16,105,252,149,183,91,66,22,73,142,83,214,185,43,226,249,200,209,215,104,161,174,239,61,140,250,231,234

也可自行验证代码demo实例如下：

import { cryptoFramework } from '@kit.CryptoArchitectureKit';
import { buffer, util } from '@kit.ArkTS';
import type {BusinessError} from '@ohos.base';
import userAuth from '@ohos.userIAM.userAuth';



@Entry
@Component
struct UserAuth {
  @State message: string = '点击开始';

  build() {
    Row() {
      Column() {
        Text(this.message)
          .fontSize(50)
          .fontWeight(FontWeight.Bold)
          .onClick(() => {
            userAuthorization()
          })
      }
      .width('100%')
    }
    .height('100%')
  }
}


function userAuthorization() {

  /*let challenge = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]);
  let authType = userAuth.UserAuthType.FACE;
  let authTrustLevel = userAuth.AuthTrustLevel.ATL1;
  // 通过callback获取认证结果
  try {
    let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
    auth.on('result', {
      callback: (result: userAuth.AuthResultInfo) => {
        console.log('authV9 result ' + result.result);
        console.log('authV9 token ' + result.token);
        console.log('authV9 remainAttempts ' + result.remainAttempts);
        console.log('authV9 lockoutDuration ' + result.lockoutDuration);
      }
    } as userAuth.AuthEvent);
    auth.start();
    console.log('authV9 start success');
  } catch (error) {
    console.error('authV9 error = ' + error);
    // do error
  }
  // 通过callback获取认证过程中的提示信息
  try {
    let auth = userAuth.getAuthInstance(challenge, authType, authTrustLevel);
    auth.on('tip', {
      callback : (result : userAuth.TipInfo) => {
        switch (result.tip) {
          case userAuth.FaceTips.FACE_AUTH_TIP_TOO_BRIGHT:
        // do something;
          case userAuth.FaceTips.FACE_AUTH_TIP_TOO_DARK:
        // do something;
          default:
        // do others
        }
      }
    } as userAuth.AuthEvent);
    auth.start();
    console.log('authV9 start success');
  } catch (error) {
    console.error('authV9 error = ' + error);
    // do error
  }*/


  // 设置认证参数
  const authParam: userAuth.AuthParam = {
    challenge: new Uint8Array([49, 49, 49, 49, 49, 49]),
    authType: [userAuth.UserAuthType.PIN, userAuth.UserAuthType.FACE,userAuth.UserAuthType.FINGERPRINT],
    authTrustLevel: userAuth.AuthTrustLevel.ATL3,
  };
  // 配置认证界面
  const widgetParam: userAuth.WidgetParam = {
    title: '请进行身份认证',
  };
  try {
    // 获取认证对象
    let userAuthInstance = userAuth.getUserAuthInstance(authParam, widgetParam);

    console.info('get userAuth instance success');

    // 订阅认证结果
    userAuthInstance.on('result', {
      onResult(result) {
        console.error('authV9 result ' + result.result);
        console.error('authV9 token ' + result.token);
        console.error('authV9 remainAttempts ' + result.authType);
        console.error('authV9 lockoutDuration ' + result.enrolledState);
        console.info(`userAuthInstance callback result: ${JSON.stringify(result)}`);
        // 可在认证结束或其他业务需要场景，取消订阅认证结果

        try {

          let enrolledState = userAuth.getEnrolledState(userAuth.UserAuthType.FACE);
          console.error('get current enrolled state success, enrolledState = ' + JSON.stringify(enrolledState));
        } catch (error) {
          console.error('get current enrolled state failed, error = ' + JSON.stringify(error));
        }


        // 取消认证
        /* userAuthInstance.cancel();
         console.log('auth cancel success');

         userAuthInstance.off('result');*/
      }
    });
    console.info('auth on success');
    userAuthInstance.start();
    console.info('auth start success');
  } catch (error) {
    const err: BusinessError = error as BusinessError;
    console.error(`auth catch error. Code is ${err?.code}, message is ${err?.message}`);
  }
}

2024-12-25 11:38:15

如何写精华回答，获更多曝光？

发布

51CTO

51CTO博客

51CTO学堂

HarmonyOS 调用面容识别UserAuth，返回的token规则是什么，是否是唯一标识

订阅鸿蒙技术特刊，精选内容抢先看