• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Unified User Authentication (userauth)
2
3
4
5## Introduction
6
7As a basic component of the User Identity & Access Management (IAM) subsystem, Unified User Authentication (userauth) implements unified user authentication and provides biometric feature authentication APIs to third-party applications.
8
9**Figure 1** userauth architecture
10
11<img src="figures/userauth_architecture.png" alt="userauth_architecture" style="zoom:80%;" />
12
13
14
15The userauth APIs support user authentication of the target Authentication Trust Level (ATL). The target ATL is specified by the service. The target user ID can be specified by the service (system service or basic system application) or obtained from the system context (third-party application).
16
17## Directory Structure
18
19```undefined
20//base/useriam/user_auth_framework
21├── frameworks			# Framework code
22├── interfaces			# Directory for storing external interfaces
23│   └── innerkits		# Header files exposed to the internal subsystems
24├── sa_profile			# Profile of the Service ability
25├── services			# Implementation of the Service ability
26├── test				# Directory for storing test code
27├── utils				# Directory for storing utility code
28├── bundle.json			# Component description file
29└── userauth.gni		# Build configuration
30```
31
32
33## Usage
34
35### Available APIs
36
37**Table 1** APIs for unified user authentication
38
39| API | Description                            |
40| ------ | -------------------------------- |
41| getAvailableStatus(authType : AuthType, authTrustLevel : AuthTrustLevel) : number; | Obtains the available authentication status.|
42| auth(challenge: BigInt, authType : AuthType, authTrustLevel: AuthTrustLevel, callback: IUserAuthCallback): BigInt; | Performs user authentication. |
43
44### Usage Guidelines
45
46- Vendors must implement the following in a Trusted Execution Environment (TEE):
47
481. Authentication scheme: Determine the user authentication scheme based on the user credentials entered and the target ATL.
492. Authentication result evaluation: Evaluate whether the authentication reaches the target ATL based on the authentication result returned by the executor.
50
51- The APIs defined in the header file ```user_auth/v1_0/IUserAuthInterface.idl``` in the [drivers_interface](https://gitee.com/openharmony/drivers_interface) repository must be implemented in a TEE, and the security of user authentication scheme and result evaluation must be ensured.
52
53
54
55## Repositories Involved
56
57**[useriam_user_auth_framework](https://gitee.com/openharmony/useriam_user_auth_framework)**
58
59[useriam_pin_auth](https://gitee.com/openharmony/useriam_pin_auth)
60
61[useriam_face_auth](https://gitee.com/openharmony/useriam_face_auth)
62
63[drivers_peripheral](https://gitee.com/openharmony/drivers_peripheral)
64
65[drivers_interface](https://gitee.com/openharmony/drivers_interface)
66