1/* 2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit UserAuthenticationKit 19 */ 20 21/*** if arkts 1.1 */ 22import type { AsyncCallback } from './@ohos.base'; 23/*** endif */ 24/*** if arkts 1.2 */ 25import Context from './application/Context'; 26/*** endif */ 27 28/** 29 * User authentication 30 * 31 * @namespace userAuth 32 * @syscap SystemCapability.UserIAM.UserAuth.Core 33 * @since 6 34 */ 35/** 36 * The userAuth module provides APIs for user authentication, which applies to scenarios such as device unlocking, 37 * payment, and application login. 38 * 39 * @namespace userAuth 40 * @syscap SystemCapability.UserIAM.UserAuth.Core 41 * @atomicservice 42 * @since arkts {'1.1':'12','1.2':'20'} 43 * @arkts 1.1&1.2 44 */ 45declare namespace userAuth { 46 /** 47 * Maximum reuse duration of the authentication result, in milliseconds. The value is 300000. 48 * 49 * @constant 50 * @syscap SystemCapability.UserIAM.UserAuth.Core 51 * @atomicservice 52 * @since 12 53 */ 54 const MAX_ALLOWABLE_REUSE_DURATION: 300000; 55 /** 56 * Maximum reuse duration of the authentication result, in milliseconds. The value is 300000. 57 * 58 * @constant 59 * @syscap SystemCapability.UserIAM.UserAuth.Core 60 * @atomicservice 61 * @since 20 62 * @arkts 1.2 63 */ 64 const MAX_ALLOWABLE_REUSE_DURATION: int = 300000; 65 66 /** 67 * Enum for authentication result. 68 * 69 * @enum { number } 70 * @syscap SystemCapability.UserIAM.UserAuth.Core 71 * @since 6 72 * @deprecated since 8 73 * @useinstead ohos.userIAM.userAuth.ResultCode 74 */ 75 export enum AuthenticationResult { 76 /** 77 * Indicates that the device does not support authentication. 78 * 79 * @syscap SystemCapability.UserIAM.UserAuth.Core 80 * @since 6 81 * @deprecated since 8 82 */ 83 NO_SUPPORT = -1, 84 85 /** 86 * Indicates that authentication is success. 87 * 88 * @syscap SystemCapability.UserIAM.UserAuth.Core 89 * @since 6 90 * @deprecated since 8 91 */ 92 SUCCESS = 0, 93 94 /** 95 * Indicates the authenticator fails to identify user. 96 * 97 * @syscap SystemCapability.UserIAM.UserAuth.Core 98 * @since 6 99 * @deprecated since 8 100 */ 101 COMPARE_FAILURE = 1, 102 103 /** 104 * Indicates that authentication has been canceled. 105 * 106 * @syscap SystemCapability.UserIAM.UserAuth.Core 107 * @since 6 108 * @deprecated since 8 109 */ 110 CANCELED = 2, 111 112 /** 113 * Indicates that authentication has timed out. 114 * 115 * @syscap SystemCapability.UserIAM.UserAuth.Core 116 * @since 6 117 * @deprecated since 8 118 */ 119 TIMEOUT = 3, 120 121 /** 122 * Indicates a failure to open the camera. 123 * 124 * @syscap SystemCapability.UserIAM.UserAuth.Core 125 * @since 6 126 * @deprecated since 8 127 */ 128 CAMERA_FAIL = 4, 129 130 /** 131 * Indicates that the authentication task is busy. Wait for a few seconds and try again. 132 * 133 * @syscap SystemCapability.UserIAM.UserAuth.Core 134 * @since 6 135 * @deprecated since 8 136 */ 137 BUSY = 5, 138 139 /** 140 * Indicates incorrect parameters. 141 * 142 * @syscap SystemCapability.UserIAM.UserAuth.Core 143 * @since 6 144 * @deprecated since 8 145 */ 146 INVALID_PARAMETERS = 6, 147 148 /** 149 * Indicates that the authenticator is locked. 150 * 151 * @syscap SystemCapability.UserIAM.UserAuth.Core 152 * @since 6 153 * @deprecated since 8 154 */ 155 LOCKED = 7, 156 157 /** 158 * Indicates that the user has not enrolled the authenticator. 159 * 160 * @syscap SystemCapability.UserIAM.UserAuth.Core 161 * @since 6 162 * @deprecated since 8 163 */ 164 NOT_ENROLLED = 8, 165 166 /** 167 * Indicates other errors. 168 * 169 * @syscap SystemCapability.UserIAM.UserAuth.Core 170 * @since 6 171 * @deprecated since 8 172 */ 173 GENERAL_ERROR = 100 174 } 175 176 /** 177 * Auth types 178 * 179 * @typedef { 'ALL' | 'FACE_ONLY' } 180 * @syscap SystemCapability.UserIAM.UserAuth.Core 181 * @since 6 182 * @deprecated since 8 183 */ 184 type AuthType = 'ALL' | 'FACE_ONLY'; 185 186 /** 187 * Secure levels 188 * 189 * @typedef { 'S1' | 'S2' | 'S3' | 'S4' } 190 * @syscap SystemCapability.UserIAM.UserAuth.Core 191 * @since 6 192 * @deprecated since 8 193 */ 194 type SecureLevel = 'S1' | 'S2' | 'S3' | 'S4'; 195 196 /** 197 * Used to initiate authentication. 198 * 199 * @interface Authenticator 200 * @syscap SystemCapability.UserIAM.UserAuth.Core 201 * @since 6 202 * @deprecated since 8 203 */ 204 interface Authenticator { 205 /** 206 * Execute authentication. 207 * 208 * @permission ohos.permission.ACCESS_BIOMETRIC 209 * @param { AuthType } type - Indicates the authentication type. 210 * @param { SecureLevel } level - Indicates the security level. 211 * @param { AsyncCallback<number> } callback - Async callback of execute. 212 * @syscap SystemCapability.UserIAM.UserAuth.Core 213 * @since 6 214 * @deprecated since 8 215 */ 216 execute(type: AuthType, level: SecureLevel, callback: AsyncCallback<number>): void; 217 218 /** 219 * Execute authentication. 220 * 221 * @permission ohos.permission.ACCESS_BIOMETRIC 222 * @param { AuthType } type - Indicates the authentication type. 223 * @param { SecureLevel } level - Indicates the security level. 224 * @returns { Promise<number> } 225 * @syscap SystemCapability.UserIAM.UserAuth.Core 226 * @since 6 227 * @deprecated since 8 228 */ 229 execute(type: AuthType, level: SecureLevel): Promise<number>; 230 } 231 232 /** 233 * Get Authenticator instance. 234 * 235 * @returns { Authenticator } Returns an Authenticator. 236 * @syscap SystemCapability.UserIAM.UserAuth.Core 237 * @since 6 238 * @deprecated since 8 239 */ 240 function getAuthenticator(): Authenticator; 241 242 /** 243 * User authentication. 244 * 245 * @syscap SystemCapability.UserIAM.UserAuth.Core 246 * @since 8 247 * @deprecated since 9 248 * @useinstead ohos.userIAM.userAuth.AuthInstance 249 */ 250 class UserAuth { 251 /** 252 * Constructor to get the UserAuth class instance. 253 * 254 * @syscap SystemCapability.UserIAM.UserAuth.Core 255 * @since 8 256 * @deprecated since 9 257 * @useinstead ohos.userIAM.userAuth.getAuthInstance 258 */ 259 constructor(); 260 261 /** 262 * Get version information. 263 * 264 * @permission ohos.permission.ACCESS_BIOMETRIC 265 * @returns { number } Returns version information. 266 * @syscap SystemCapability.UserIAM.UserAuth.Core 267 * @since 8 268 * @deprecated since 9 269 * @useinstead ohos.userIAM.userAuth.getVersion 270 */ 271 getVersion(): number; 272 273 /** 274 * Check whether the authentication capability is available. 275 * 276 * @permission ohos.permission.ACCESS_BIOMETRIC 277 * @param { UserAuthType } authType - Credential type for authentication. 278 * @param { AuthTrustLevel } authTrustLevel - Trust level of authentication result. 279 * @returns { number } Returns a check result, which is specified by getAvailableStatus, the value of number is related to the ResultCode enum, **201** is 280 * check permission failed. 281 * @syscap SystemCapability.UserIAM.UserAuth.Core 282 * @since 8 283 * @deprecated since 9 284 * @useinstead ohos.userIAM.userAuth.getAvailableStatus 285 */ 286 getAvailableStatus(authType: UserAuthType, authTrustLevel: AuthTrustLevel): number; 287 288 /** 289 * Executes authentication. 290 * 291 * @permission ohos.permission.ACCESS_BIOMETRIC 292 * @param { Uint8Array } challenge - Pass in challenge value. 293 * @param { UserAuthType } authType - Type of authentication. 294 * @param { AuthTrustLevel } authTrustLevel - Trust level of authentication result. 295 * @param { IUserAuthCallback } callback - Return result and acquireInfo through callback, the value of result code is related to the ResultCode enum, 296 * **201** is check permission failed. 297 * @returns { Uint8Array } Returns ContextId for cancel. 298 * @syscap SystemCapability.UserIAM.UserAuth.Core 299 * @since 8 300 * @deprecated since 9 301 * @useinstead ohos.userIAM.userAuth.AuthInstance.start 302 */ 303 auth( 304 challenge: Uint8Array, 305 authType: UserAuthType, 306 authTrustLevel: AuthTrustLevel, 307 callback: IUserAuthCallback 308 ): Uint8Array; 309 310 /** 311 * Cancel authentication with ContextID. 312 * 313 * @permission ohos.permission.ACCESS_BIOMETRIC 314 * @param { Uint8Array } contextID - Cancel authentication and pass in ContextID. 315 * @returns { number } Returns a number value indicating whether Cancel authentication was successful, the value of number is related to the ResultCode 316 * enum, **201** is check permission failed. 317 * @syscap SystemCapability.UserIAM.UserAuth.Core 318 * @since 8 319 * @deprecated since 9 320 * @useinstead ohos.userIAM.userAuth.AuthInstance.cancel 321 */ 322 cancelAuth(contextID: Uint8Array): number; 323 } 324 325 /** 326 * Asynchronous callback of authentication operation. 327 * 328 * @interface IUserAuthCallback 329 * @syscap SystemCapability.UserIAM.UserAuth.Core 330 * @since 8 331 * @deprecated since 9 332 * @useinstead ohos.userIAM.userAuth.AuthEvent 333 */ 334 interface IUserAuthCallback { 335 /** 336 * The authentication result code is returned through the callback. 337 * If the authentication is passed, the authentication token is returned in extraInfo, 338 * If the authentication fails, the remaining authentication times are returned in extraInfo, 339 * If the authentication executor is locked, the freezing time is returned in extraInfo. 340 * 341 * @type { function } 342 * @syscap SystemCapability.UserIAM.UserAuth.Core 343 * @since 8 344 * @deprecated since 9 345 * @useinstead ohos.userIAM.userAuth.AuthEvent.callback 346 */ 347 onResult: (result: number, extraInfo: AuthResult) => void; 348 349 /** 350 * During an authentication, the TipsCode is returned through the callback. 351 * 352 * @type { ?function } 353 * @syscap SystemCapability.UserIAM.UserAuth.Core 354 * @since 8 355 * @deprecated since 9 356 * @useinstead ohos.userIAM.userAuth.AuthEvent.callback 357 */ 358 onAcquireInfo?: (module: number, acquire: number, extraInfo: any) => void; 359 } 360 361 /** 362 * Authentication result: authentication token, remaining authentication times, freezing time. 363 * 364 * @typedef AuthResult 365 * @syscap SystemCapability.UserIAM.UserAuth.Core 366 * @since 8 367 * @deprecated since 9 368 * @useinstead ohos.userIAM.userAuth.AuthResultInfo 369 */ 370 interface AuthResult { 371 /** 372 * The authentication result if the authentication is passed. 373 * 374 * @type { ?Uint8Array } 375 * @syscap SystemCapability.UserIAM.UserAuth.Core 376 * @since 8 377 * @deprecated since 9 378 */ 379 token?: Uint8Array; 380 381 /** 382 * The remaining authentication times if the authentication fails. 383 * 384 * @type { ?number } 385 * @syscap SystemCapability.UserIAM.UserAuth.Core 386 * @since 8 387 * @deprecated since 9 388 */ 389 remainTimes?: number; 390 391 /** 392 * The freezing time if the authentication executor is locked. 393 * 394 * @type { ?number } 395 * @syscap SystemCapability.UserIAM.UserAuth.Core 396 * @since 8 397 * @deprecated since 9 398 */ 399 freezingTime?: number; 400 } 401 402 /** 403 * Enum for operation result. 404 * 405 * @enum { number } 406 * @syscap SystemCapability.UserIAM.UserAuth.Core 407 * @since 8 408 * @deprecated since 9 409 * @useinstead ohos.userIAM.userAuth.UserAuthResultCode 410 */ 411 enum ResultCode { 412 /** 413 * Indicates that the result is success or ability is supported. 414 * 415 * @syscap SystemCapability.UserIAM.UserAuth.Core 416 * @since 8 417 * @deprecated since 9 418 */ 419 SUCCESS = 0, 420 421 /** 422 * Indicates that authentication failed. 423 * 424 * @syscap SystemCapability.UserIAM.UserAuth.Core 425 * @since 8 426 * @deprecated since 9 427 */ 428 FAIL = 1, 429 430 /** 431 * Indicates other errors. 432 * 433 * @syscap SystemCapability.UserIAM.UserAuth.Core 434 * @since 8 435 * @deprecated since 9 436 */ 437 GENERAL_ERROR = 2, 438 439 /** 440 * Indicates that this operation has been canceled. 441 * 442 * @syscap SystemCapability.UserIAM.UserAuth.Core 443 * @since 8 444 * @deprecated since 9 445 */ 446 CANCELED = 3, 447 448 /** 449 * Indicates that this operation has timed out. 450 * 451 * @syscap SystemCapability.UserIAM.UserAuth.Core 452 * @since 8 453 * @deprecated since 9 454 */ 455 TIMEOUT = 4, 456 457 /** 458 * Indicates that this authentication type is not supported. 459 * 460 * @syscap SystemCapability.UserIAM.UserAuth.Core 461 * @since 8 462 * @deprecated since 9 463 */ 464 TYPE_NOT_SUPPORT = 5, 465 466 /** 467 * Indicates that the authentication trust level is not supported. 468 * 469 * @syscap SystemCapability.UserIAM.UserAuth.Core 470 * @since 8 471 * @deprecated since 9 472 */ 473 TRUST_LEVEL_NOT_SUPPORT = 6, 474 475 /** 476 * Indicates that the authentication task is busy. Wait for a few seconds and try again. 477 * 478 * @syscap SystemCapability.UserIAM.UserAuth.Core 479 * @since 8 480 * @deprecated since 9 481 */ 482 BUSY = 7, 483 484 /** 485 * Indicates incorrect parameters. 486 * 487 * @syscap SystemCapability.UserIAM.UserAuth.Core 488 * @since 8 489 * @deprecated since 9 490 */ 491 INVALID_PARAMETERS = 8, 492 493 /** 494 * Indicates that the authenticator is locked. 495 * 496 * @syscap SystemCapability.UserIAM.UserAuth.Core 497 * @since 8 498 * @deprecated since 9 499 */ 500 LOCKED = 9, 501 502 /** 503 * Indicates that the user has not enrolled the authenticator. 504 * 505 * @syscap SystemCapability.UserIAM.UserAuth.Core 506 * @since 8 507 * @deprecated since 9 508 */ 509 NOT_ENROLLED = 10 510 } 511 512 /** 513 * The enumeration of prompt codes in the process of face authentication. 514 * 515 * @enum { number } 516 * @syscap SystemCapability.UserIAM.UserAuth.Core 517 * @since 8 518 * @deprecated since 11 519 */ 520 enum FaceTips { 521 /** 522 * Indicates that the obtained facial image is too bright due to high illumination. 523 * 524 * @syscap SystemCapability.UserIAM.UserAuth.Core 525 * @since 8 526 * @deprecated since 11 527 */ 528 FACE_AUTH_TIP_TOO_BRIGHT = 1, 529 530 /** 531 * Indicates that the obtained facial image is too dark due to low illumination. 532 * 533 * @syscap SystemCapability.UserIAM.UserAuth.Core 534 * @since 8 535 * @deprecated since 11 536 */ 537 FACE_AUTH_TIP_TOO_DARK = 2, 538 539 /** 540 * Indicates that the face is too close to the device. 541 * 542 * @syscap SystemCapability.UserIAM.UserAuth.Core 543 * @since 8 544 * @deprecated since 11 545 */ 546 FACE_AUTH_TIP_TOO_CLOSE = 3, 547 548 /** 549 * Indicates that the face is too far away from the device. 550 * 551 * @syscap SystemCapability.UserIAM.UserAuth.Core 552 * @since 8 553 * @deprecated since 11 554 */ 555 FACE_AUTH_TIP_TOO_FAR = 4, 556 557 /** 558 * Indicates that the device is too high, and that only the upper part of the face is captured. 559 * 560 * @syscap SystemCapability.UserIAM.UserAuth.Core 561 * @since 8 562 * @deprecated since 11 563 */ 564 FACE_AUTH_TIP_TOO_HIGH = 5, 565 566 /** 567 * Indicates that the device is too low, and that only the lower part of the face is captured. 568 * 569 * @syscap SystemCapability.UserIAM.UserAuth.Core 570 * @since 8 571 * @deprecated since 11 572 */ 573 FACE_AUTH_TIP_TOO_LOW = 6, 574 575 /** 576 * Indicates that the device is deviated to the right, and that only the right part of the face is captured. 577 * 578 * @syscap SystemCapability.UserIAM.UserAuth.Core 579 * @since 8 580 * @deprecated since 11 581 */ 582 FACE_AUTH_TIP_TOO_RIGHT = 7, 583 584 /** 585 * Indicates that the device is deviated to the left, and that only the left part of the face is captured. 586 * 587 * @syscap SystemCapability.UserIAM.UserAuth.Core 588 * @since 8 589 * @deprecated since 11 590 */ 591 FACE_AUTH_TIP_TOO_LEFT = 8, 592 593 /** 594 * Indicates that the face moves too fast during facial information collection. 595 * 596 * @syscap SystemCapability.UserIAM.UserAuth.Core 597 * @since 8 598 * @deprecated since 11 599 */ 600 FACE_AUTH_TIP_TOO_MUCH_MOTION = 9, 601 602 /** 603 * Indicates that the face is not facing the device. 604 * 605 * @syscap SystemCapability.UserIAM.UserAuth.Core 606 * @since 8 607 * @deprecated since 11 608 */ 609 FACE_AUTH_TIP_POOR_GAZE = 10, 610 611 /** 612 * Indicates that no face is detected. 613 * 614 * @syscap SystemCapability.UserIAM.UserAuth.Core 615 * @since 8 616 * @deprecated since 11 617 */ 618 FACE_AUTH_TIP_NOT_DETECTED = 11 619 } 620 621 /** 622 * The enumeration of prompt codes in the process of fingerprint authentication. 623 * 624 * @enum { number } 625 * @syscap SystemCapability.UserIAM.UserAuth.Core 626 * @since 8 627 * @deprecated since 11 628 */ 629 enum FingerprintTips { 630 /** 631 * Indicates that the image acquired is good. 632 * 633 * @syscap SystemCapability.UserIAM.UserAuth.Core 634 * @since 8 635 * @deprecated since 11 636 */ 637 FINGERPRINT_AUTH_TIP_GOOD = 0, 638 639 /** 640 * Indicates that the fingerprint image is too noisy due to suspected or detected dirt on sensor. 641 * 642 * @syscap SystemCapability.UserIAM.UserAuth.Core 643 * @since 8 644 * @deprecated since 11 645 */ 646 FINGERPRINT_AUTH_TIP_DIRTY = 1, 647 648 /** 649 * Indicates that the fingerprint image is too noisy to process due to a detected condition. 650 * 651 * @syscap SystemCapability.UserIAM.UserAuth.Core 652 * @since 8 653 * @deprecated since 11 654 */ 655 FINGERPRINT_AUTH_TIP_INSUFFICIENT = 2, 656 657 /** 658 * Indicates that only a partial fingerprint image is detected. 659 * 660 * @syscap SystemCapability.UserIAM.UserAuth.Core 661 * @since 8 662 * @deprecated since 11 663 */ 664 FINGERPRINT_AUTH_TIP_PARTIAL = 3, 665 666 /** 667 * Indicates that the fingerprint image is incomplete due to quick motion. 668 * 669 * @syscap SystemCapability.UserIAM.UserAuth.Core 670 * @since 8 671 * @deprecated since 11 672 */ 673 FINGERPRINT_AUTH_TIP_TOO_FAST = 4, 674 675 /** 676 * Indicates that the fingerprint image is unreadable due to lack of motion. 677 * 678 * @syscap SystemCapability.UserIAM.UserAuth.Core 679 * @since 8 680 * @deprecated since 11 681 */ 682 FINGERPRINT_AUTH_TIP_TOO_SLOW = 5 683 } 684 685 /** 686 * Credential type for authentication. 687 * 688 * @enum { number } 689 * @syscap SystemCapability.UserIAM.UserAuth.Core 690 * @since 8 691 */ 692 /** 693 * Enumerates the identity authentication types. 694 * 695 * @enum { int } 696 * @syscap SystemCapability.UserIAM.UserAuth.Core 697 * @atomicservice 698 * @since arkts {'1.1':'12','1.2':'20'} 699 * @arkts 1.1&1.2 700 */ 701 enum UserAuthType { 702 /** 703 * Authentication type pin. 704 * 705 * @syscap SystemCapability.UserIAM.UserAuth.Core 706 * @since 10 707 */ 708 /** 709 * PIN authentication. 710 * 711 * @syscap SystemCapability.UserIAM.UserAuth.Core 712 * @atomicservice 713 * @since arkts {'1.1':'12','1.2':'20'} 714 * @arkts 1.1&1.2 715 */ 716 PIN = 1, 717 718 /** 719 * Authentication type face. 720 * 721 * @syscap SystemCapability.UserIAM.UserAuth.Core 722 * @since 8 723 */ 724 /** 725 * Facial authentication. 726 * 727 * @syscap SystemCapability.UserIAM.UserAuth.Core 728 * @atomicservice 729 * @since arkts {'1.1':'12','1.2':'20'} 730 * @arkts 1.1&1.2 731 */ 732 FACE = 2, 733 734 /** 735 * Authentication type fingerprint. 736 * 737 * @syscap SystemCapability.UserIAM.UserAuth.Core 738 * @since 8 739 */ 740 /** 741 * Fingerprint authentication. 742 * 743 * @syscap SystemCapability.UserIAM.UserAuth.Core 744 * @atomicservice 745 * @since arkts {'1.1':'12','1.2':'20'} 746 * @arkts 1.1&1.2 747 */ 748 FINGERPRINT = 4, 749 750 /** 751 * Privacy password authentication. 752 * 753 * @syscap SystemCapability.UserIAM.UserAuth.Core 754 * @systemapi Hide this for inner system use. 755 * @since arkts {'1.1':'14','1.2':'20'} 756 * @arkts 1.1&1.2 757 */ 758 PRIVATE_PIN = 16 759 } 760 761 /** 762 * Trust level of authentication results. 763 * 764 * @enum { number } 765 * @syscap SystemCapability.UserIAM.UserAuth.Core 766 * @since 8 767 */ 768 /** 769 * Enumerates the trust levels of the authentication result. 770 * For details about typical scenarios and examples, see Principles for Classifying Biometric 771 * Authentication Trust Levels. 772 * 773 * @enum { int } 774 * @syscap SystemCapability.UserIAM.UserAuth.Core 775 * @atomicservice 776 * @since arkts {'1.1':'12','1.2':'20'} 777 * @arkts 1.1&1.2 778 */ 779 enum AuthTrustLevel { 780 /** 781 * Authentication result trusted level 1. 782 * 783 * @syscap SystemCapability.UserIAM.UserAuth.Core 784 * @since 8 785 */ 786 /** 787 * Authentication trust level 1. The authentication of this level can identify individual users and provides 788 * limited liveness detection capabilities. It is applicable to scenarios such as service risk control and 789 * access to common personal data. 790 * 791 * @syscap SystemCapability.UserIAM.UserAuth.Core 792 * @atomicservice 793 * @since arkts {'1.1':'12','1.2':'20'} 794 * @arkts 1.1&1.2 795 */ 796 ATL1 = 10000, 797 798 /** 799 * Authentication result trusted level 2. 800 * 801 * @syscap SystemCapability.UserIAM.UserAuth.Core 802 * @since 8 803 */ 804 /** 805 * Authentication trust level 2. The authentication of this level can accurately identify individual users and 806 * provides regular liveness detection capabilities. It is applicable to scenarios such as device unlocking 807 * and application login. 808 * 809 * @syscap SystemCapability.UserIAM.UserAuth.Core 810 * @atomicservice 811 * @since arkts {'1.1':'12','1.2':'20'} 812 * @arkts 1.1&1.2 813 */ 814 ATL2 = 20000, 815 816 /** 817 * Authentication result trusted level 3. 818 * 819 * @syscap SystemCapability.UserIAM.UserAuth.Core 820 * @since 8 821 */ 822 /** 823 * Authentication trust level 3. The authentication of this level can accurately identify individual users and 824 * provides strong liveness detection capabilities. It is applicable to scenarios such as device unlocking. 825 * 826 * @syscap SystemCapability.UserIAM.UserAuth.Core 827 * @atomicservice 828 * @since arkts {'1.1':'12','1.2':'20'} 829 * @arkts 1.1&1.2 830 */ 831 ATL3 = 30000, 832 833 /** 834 * Authentication result trusted level 4. 835 * 836 * @syscap SystemCapability.UserIAM.UserAuth.Core 837 * @since 8 838 */ 839 /** 840 * Authentication trust level 4. The authentication of this level can accurately identify individual users and 841 * provides powerful liveness detection capabilities. It is applicable to scenarios such as small-amount payment. 842 * 843 * @syscap SystemCapability.UserIAM.UserAuth.Core 844 * @atomicservice 845 * @since arkts {'1.1':'12','1.2':'20'} 846 * @arkts 1.1&1.2 847 */ 848 ATL4 = 40000 849 } 850 851 /** 852 * Authentication events. 853 * 854 * @typedef { 'result' | 'tip' } 855 * @syscap SystemCapability.UserIAM.UserAuth.Core 856 * @since 9 857 * @deprecated since 11 858 */ 859 type AuthEventKey = 'result' | 'tip'; 860 861 /** 862 * Return information of Authentication events. 863 * 864 * @typedef { AuthResultInfo | TipInfo } 865 * @syscap SystemCapability.UserIAM.UserAuth.Core 866 * @since 9 867 * @deprecated since 11 868 * @useinstead ohos.userIAM.userAuth.UserAuthResult 869 */ 870 type EventInfo = AuthResultInfo | TipInfo; 871 872 /** 873 * Asynchronous callback of authentication event. 874 * 875 * @interface AuthEvent 876 * @syscap SystemCapability.UserIAM.UserAuth.Core 877 * @since 9 878 * @deprecated since 11 879 * @useinstead ohos.userIAM.userAuth.IAuthCallback 880 */ 881 interface AuthEvent { 882 /** 883 * The authentication event callback. 884 * 885 * @param { EventInfo } result - Event info. 886 * @syscap SystemCapability.UserIAM.UserAuth.Core 887 * @since 9 888 * @deprecated since 11 889 * @useinstead ohos.userIAM.userAuth.IAuthCallback.onResult 890 */ 891 callback(result: EventInfo): void; 892 } 893 894 /** 895 * Authentication result information. 896 * 897 * @typedef AuthResultInfo 898 * @syscap SystemCapability.UserIAM.UserAuth.Core 899 * @since 9 900 * @deprecated since 11 901 */ 902 interface AuthResultInfo { 903 /** 904 * The authentication result. 905 * 906 * @type { number } 907 * @syscap SystemCapability.UserIAM.UserAuth.Core 908 * @since 9 909 * @deprecated since 11 910 */ 911 result: number; 912 913 /** 914 * The authentication token if the authentication is passed. 915 * 916 * @type { ?Uint8Array } 917 * @syscap SystemCapability.UserIAM.UserAuth.Core 918 * @since 9 919 * @deprecated since 11 920 */ 921 token?: Uint8Array; 922 923 /** 924 * The remaining authentication attempts if the authentication fails. 925 * 926 * @type { ?number } 927 * @syscap SystemCapability.UserIAM.UserAuth.Core 928 * @since 9 929 * @deprecated since 11 930 */ 931 remainAttempts?: number; 932 933 /** 934 * The lockout duration if the authentication executor is locked. 935 * 936 * @type { ?number } 937 * @syscap SystemCapability.UserIAM.UserAuth.Core 938 * @since 9 939 * @deprecated since 11 940 */ 941 lockoutDuration?: number; 942 } 943 944 /** 945 * Authentication tip info. 946 * 947 * @typedef TipInfo 948 * @syscap SystemCapability.UserIAM.UserAuth.Core 949 * @since 9 950 * @deprecated since 11 951 */ 952 interface TipInfo { 953 /** 954 * The authentication module of sending tip information. 955 * 956 * @type { number } 957 * @syscap SystemCapability.UserIAM.UserAuth.Core 958 * @since 9 959 * @deprecated since 11 960 */ 961 module: number; 962 963 /** 964 * Tip information, used to prompt the business to perform some operations. 965 * 966 * @type { number } 967 * @syscap SystemCapability.UserIAM.UserAuth.Core 968 * @since 9 969 * @deprecated since 11 970 */ 971 tip: number; 972 } 973 974 /** 975 * Authentication instance, used to initiate a complete authentication. 976 * 977 * @interface AuthInstance 978 * @syscap SystemCapability.UserIAM.UserAuth.Core 979 * @since 9 980 * @deprecated since 10 981 * @useinstead ohos.userIAM.userAuth.UserAuthInstance 982 */ 983 interface AuthInstance { 984 /** 985 * Turn on authentication event listening. 986 * 987 * @throws { BusinessError } 401 - Parameter error. 988 * @throws { BusinessError } 12500002 - General operation error. 989 * @syscap SystemCapability.UserIAM.UserAuth.Core 990 * @since 9 991 * @deprecated since 10 992 */ 993 on: (name: AuthEventKey, callback: AuthEvent) => void; 994 995 /** 996 * Turn off authentication event listening. 997 * 998 * @throws { BusinessError } 401 - Parameter error. 999 * @throws { BusinessError } 12500002 - General operation error. 1000 * @syscap SystemCapability.UserIAM.UserAuth.Core 1001 * @since 9 1002 * @deprecated since 10 1003 */ 1004 off: (name: AuthEventKey) => void; 1005 1006 /** 1007 * Start this authentication, an instance can only perform authentication once. 1008 * 1009 * @permission ohos.permission.ACCESS_BIOMETRIC 1010 * @type { function } 1011 * @throws { BusinessError } 201 - Permission denied. 1012 * @throws { BusinessError } 401 - Parameter error. 1013 * @throws { BusinessError } 12500001 - Authentication failed. 1014 * @throws { BusinessError } 12500002 - General operation error. 1015 * @throws { BusinessError } 12500003 - The operation is canceled. 1016 * @throws { BusinessError } 12500004 - The operation is time-out. 1017 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1018 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1019 * @throws { BusinessError } 12500007 - The authentication task is busy. 1020 * @throws { BusinessError } 12500009 - The authenticator is locked. 1021 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1022 * @syscap SystemCapability.UserIAM.UserAuth.Core 1023 * @since 9 1024 * @deprecated since 10 1025 */ 1026 start: () => void; 1027 1028 /** 1029 * Cancel this authentication. 1030 * 1031 * @permission ohos.permission.ACCESS_BIOMETRIC 1032 * @type { function } 1033 * @throws { BusinessError } 201 - Permission denied. 1034 * @throws { BusinessError } 401 - Parameter error. 1035 * @throws { BusinessError } 12500002 - General operation error. 1036 * @syscap SystemCapability.UserIAM.UserAuth.Core 1037 * @since 9 1038 * @deprecated since 10 1039 */ 1040 cancel: () => void; 1041 } 1042 1043 /** 1044 * Check whether the authentication capability is available. 1045 * 1046 * @permission ohos.permission.ACCESS_BIOMETRIC 1047 * @param { UserAuthType } authType - Credential type for authentication. 1048 * @param { AuthTrustLevel } authTrustLevel - Trust level of authentication result. 1049 * @throws { BusinessError } 201 - Permission denied. 1050 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1051 * <br>1. Mandatory parameters are left unspecified. 1052 * @throws { BusinessError } 12500002 - General operation error. 1053 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1054 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1055 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1056 * @syscap SystemCapability.UserIAM.UserAuth.Core 1057 * @since 9 1058 */ 1059 /** 1060 * Checks whether the specified authentication capability is supported. 1061 * 1062 * <p><strong>NOTE</strong>: 1063 * <br>Error code 12500005 is returned if the authentication executor is not registered and the specified 1064 * authentication capability is not supported. 1065 * <br>Error code 12500006 is returned if the authentication executor has been registered, the authentication 1066 * functionality is not disabled, but the authentication trust level is lower than that specified by the service. 1067 * <br>Error code 12500010 is returned if the authentication executor has been registered, the authentication 1068 * functionality is not disabled, but the user has not enrolled credential. 1069 * <br>Error code 12500013 is returned if the authentication executor has been registered, the authentication 1070 * functionality is not disabled, but the password has expired. 1071 * <br>If getAvailableStatus is called to check whether lock screen password authentication at ATL4 is supported 1072 * for a user who has enrolled a 4-digit PIN as the lock screen password (the authentication trust level is ATL3), 1073 * error code 12500010 will be returned. 1074 * </p> 1075 * 1076 * @permission ohos.permission.ACCESS_BIOMETRIC 1077 * @param { UserAuthType } authType - Authentication type. PIN is supported since API version 11. 1078 * @param { AuthTrustLevel } authTrustLevel - Authentication trust level. 1079 * @throws { BusinessError } 201 - Permission denied. 1080 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1081 * <br>1. Mandatory parameters are left unspecified. 1082 * @throws { BusinessError } 12500002 - General operation error. 1083 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1084 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1085 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1086 * @throws { BusinessError } 12500013 - Operation failed because of PIN expired. 1087 * @syscap SystemCapability.UserIAM.UserAuth.Core 1088 * @atomicservice 1089 * @since arkts {'1.1':'12','1.2':'20'} 1090 * @arkts 1.1&1.2 1091 */ 1092 function getAvailableStatus(authType: UserAuthType, authTrustLevel: AuthTrustLevel): void; 1093 1094 /** 1095 * Represents the state of a credential enrolled. 1096 * 1097 * @typedef EnrolledState 1098 * @syscap SystemCapability.UserIAM.UserAuth.Core 1099 * @atomicservice 1100 * @since arkts {'1.1':'12','1.2':'20'} 1101 * @arkts 1.1&1.2 1102 */ 1103 interface EnrolledState { 1104 /** 1105 * Credential digest, which is randomly generated when a credential is added. 1106 * 1107 * @type { int } 1108 * @syscap SystemCapability.UserIAM.UserAuth.Core 1109 * @atomicservice 1110 * @since arkts {'1.1':'12','1.2':'20'} 1111 * @arkts 1.1&1.2 1112 */ 1113 credentialDigest: int; 1114 1115 /** 1116 * Number of enrolled credentials. 1117 * 1118 * @type { int } 1119 * @syscap SystemCapability.UserIAM.UserAuth.Core 1120 * @atomicservice 1121 * @since arkts {'1.1':'12','1.2':'20'} 1122 * @arkts 1.1&1.2 1123 */ 1124 credentialCount: int; 1125 } 1126 1127 /** 1128 * Obtains the credential state. 1129 * 1130 * @permission ohos.permission.ACCESS_BIOMETRIC 1131 * @param { UserAuthType } authType - Authentication type. 1132 * @returns { EnrolledState } Credential state obtained if the operation is successful. 1133 * @throws { BusinessError } 201 - Permission denied. 1134 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1135 * <br>1. Mandatory parameters are left unspecified. 1136 * @throws { BusinessError } 12500002 - General operation error. 1137 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1138 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1139 * @syscap SystemCapability.UserIAM.UserAuth.Core 1140 * @atomicservice 1141 * @since arkts {'1.1':'12','1.2':'20'} 1142 * @arkts 1.1&1.2 1143 */ 1144 function getEnrolledState(authType: UserAuthType): EnrolledState; 1145 1146 /** 1147 * Get Authentication instance. 1148 * 1149 * @param { Uint8Array } challenge - Pass in challenge value. 1150 * @param { UserAuthType } authType - Credential type for authentication. 1151 * @param { AuthTrustLevel } authTrustLevel - Trust level of authentication result. 1152 * @returns { AuthInstance } Returns an authentication instance. 1153 * @throws { BusinessError } 401 - Parameter error. 1154 * @throws { BusinessError } 12500002 - General operation error. 1155 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1156 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1157 * @syscap SystemCapability.UserIAM.UserAuth.Core 1158 * @since 9 1159 * @deprecated since 10 1160 * @useinstead ohos.userIAM.userAuth.getUserAuthInstance 1161 */ 1162 function getAuthInstance(challenge: Uint8Array, authType: UserAuthType, authTrustLevel: AuthTrustLevel): AuthInstance; 1163 1164 /** 1165 * Enumerates the window types of the authentication widget. 1166 * 1167 * @enum { int } 1168 * @syscap SystemCapability.UserIAM.UserAuth.Core 1169 * @systemapi Hide this for inner system use. 1170 * @since arkts {'1.1':'10','1.2':'20'} 1171 * @arkts 1.1&1.2 1172 */ 1173 enum WindowModeType { 1174 /** 1175 * Window mode type is dialog box. 1176 * 1177 * @syscap SystemCapability.UserIAM.UserAuth.Core 1178 * @systemapi Hide this for inner system use. 1179 * @since arkts {'1.1':'10','1.2':'20'} 1180 * @arkts 1.1&1.2 1181 */ 1182 DIALOG_BOX = 1, 1183 1184 /** 1185 * Window mode type is full screen. 1186 * 1187 * @syscap SystemCapability.UserIAM.UserAuth.Core 1188 * @systemapi Hide this for inner system use. 1189 * @since arkts {'1.1':'10','1.2':'20'} 1190 * @arkts 1.1&1.2 1191 */ 1192 FULLSCREEN = 2 1193 } 1194 1195 /** 1196 * Enumerates the modes for reusing authentication results. 1197 * 1198 * @enum { int } 1199 * @syscap SystemCapability.UserIAM.UserAuth.Core 1200 * @atomicservice 1201 * @since arkts {'1.1':'12','1.2':'20'} 1202 * @arkts 1.1&1.2 1203 */ 1204 enum ReuseMode { 1205 /** 1206 * The device unlock authentication result can be reused within the validity period if the authentication type 1207 * matches any of the authentication types specified for this authentication. 1208 * 1209 * @syscap SystemCapability.UserIAM.UserAuth.Core 1210 * @atomicservice 1211 * @since arkts {'1.1':'12','1.2':'20'} 1212 * @arkts 1.1&1.2 1213 */ 1214 AUTH_TYPE_RELEVANT = 1, 1215 1216 /** 1217 * The device unlock authentication result can be reused within the validity period regardless of the 1218 * authentication type. 1219 * 1220 * @syscap SystemCapability.UserIAM.UserAuth.Core 1221 * @atomicservice 1222 * @since arkts {'1.1':'12','1.2':'20'} 1223 * @arkts 1.1&1.2 1224 */ 1225 AUTH_TYPE_IRRELEVANT = 2, 1226 1227 /** 1228 * Any identity authentication result (including device unlock authentication result) can be reused within the 1229 * validity period if the authentication type matches any of the authentication types specified for 1230 * this authentication. 1231 * 1232 * @syscap SystemCapability.UserIAM.UserAuth.Core 1233 * @atomicservice 1234 * @since arkts {'1.1':'14','1.2':'20'} 1235 * @arkts 1.1&1.2 1236 */ 1237 CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT = 3, 1238 1239 /** 1240 * Any identity authentication result (including device unlock authentication result) can be reused within the 1241 * validity period regardless of the authentication type. 1242 * 1243 * @syscap SystemCapability.UserIAM.UserAuth.Core 1244 * @atomicservice 1245 * @since arkts {'1.1':'14','1.2':'20'} 1246 * @arkts 1.1&1.2 1247 */ 1248 CALLER_IRRELEVANT_AUTH_TYPE_IRRELEVANT = 4 1249 } 1250 1251 /** 1252 * Represents information about the authentication result reuse. 1253 * 1254 * <p><strong>NOTE</strong>: 1255 * <br>If the credential changes within the reuse duration after a successful identity authentication 1256 * (including device unlock authentication), the authentication result can still be reused and the actual 1257 * EnrolledState is returned in the authentication result. 1258 * <br>If the credential used for the previous authentication has been deleted when the authentication 1259 * result is used: 1260 * 1.If the deleted credential is face or fingerprint, the authentication result can still be reused, but 1261 * credentialCount and credentialDigest in the EnrolledState returned are both 0. 1262 * 2.If the deleted credential is a lock screen password, the reuse will fail. 1263 * </p> 1264 * 1265 * @typedef ReuseUnlockResult 1266 * @syscap SystemCapability.UserIAM.UserAuth.Core 1267 * @atomicservice 1268 * @since arkts {'1.1':'12','1.2':'20'} 1269 * @arkts 1.1&1.2 1270 */ 1271 interface ReuseUnlockResult { 1272 /** 1273 * Authentication result reuse mode. 1274 * 1275 * @type { ReuseMode } 1276 * @syscap SystemCapability.UserIAM.UserAuth.Core 1277 * @atomicservice 1278 * @since arkts {'1.1':'12','1.2':'20'} 1279 * @arkts 1.1&1.2 1280 */ 1281 reuseMode: ReuseMode; 1282 1283 /** 1284 * Period for which the authentication result can be reused. The value must be greater than 0 and less 1285 * than MAX_ALLOWABLE_REUSE_DURATION. 1286 * 1287 * @type { int } 1288 * @syscap SystemCapability.UserIAM.UserAuth.Core 1289 * @atomicservice 1290 * @since arkts {'1.1':'12','1.2':'20'} 1291 * @arkts 1.1&1.2 1292 */ 1293 reuseDuration: int; 1294 } 1295 1296 /** 1297 * Auth parameter. 1298 * 1299 * @typedef AuthParam 1300 * @syscap SystemCapability.UserIAM.UserAuth.Core 1301 * @since 10 1302 */ 1303 /** 1304 * Defines the user authentication parameters. 1305 * 1306 * @typedef AuthParam 1307 * @syscap SystemCapability.UserIAM.UserAuth.Core 1308 * @atomicservice 1309 * @since arkts {'1.1':'12','1.2':'20'} 1310 * @arkts 1.1&1.2 1311 */ 1312 interface AuthParam { 1313 /** 1314 * Pass in challenge value. 1315 * 1316 * @type { Uint8Array } 1317 * @syscap SystemCapability.UserIAM.UserAuth.Core 1318 * @since 10 1319 */ 1320 /** 1321 * Random challenge value, which can be used to prevent replay attacks. 1322 * It cannot exceed 32 bytes and can be passed in Uint8Array([]) format. 1323 * 1324 * @type { Uint8Array } 1325 * @syscap SystemCapability.UserIAM.UserAuth.Core 1326 * @atomicservice 1327 * @since arkts {'1.1':'12','1.2':'20'} 1328 * @arkts 1.1&1.2 1329 */ 1330 challenge: Uint8Array; 1331 1332 /** 1333 * Credential type for authentication. 1334 * 1335 * @type { UserAuthType[] } 1336 * @syscap SystemCapability.UserIAM.UserAuth.Core 1337 * @since 10 1338 */ 1339 /** 1340 * Authentication type list, which specifies the types of authentication provided on the user authentication page. 1341 * 1342 * @type { UserAuthType[] } 1343 * @syscap SystemCapability.UserIAM.UserAuth.Core 1344 * @atomicservice 1345 * @since arkts {'1.1':'12','1.2':'20'} 1346 * @arkts 1.1&1.2 1347 */ 1348 authType: UserAuthType[]; 1349 1350 /** 1351 * Trust level of authentication result. 1352 * 1353 * @type { AuthTrustLevel } 1354 * @syscap SystemCapability.UserIAM.UserAuth.Core 1355 * @since 10 1356 */ 1357 /** 1358 * Authentication trust level. For details, see Principles for Classifying Biometric Authentication Trust Levels. 1359 * 1360 * @type { AuthTrustLevel } 1361 * @syscap SystemCapability.UserIAM.UserAuth.Core 1362 * @atomicservice 1363 * @since arkts {'1.1':'12','1.2':'20'} 1364 * @arkts 1.1&1.2 1365 */ 1366 authTrustLevel: AuthTrustLevel; 1367 1368 /** 1369 * Information about the authentication result reuse. 1370 * 1371 * @type { ?ReuseUnlockResult } 1372 * @syscap SystemCapability.UserIAM.UserAuth.Core 1373 * @atomicservice 1374 * @since arkts {'1.1':'12','1.2':'20'} 1375 * @arkts 1.1&1.2 1376 */ 1377 reuseUnlockResult?: ReuseUnlockResult; 1378 1379 /** 1380 * ID of the user to be authenticated. 1381 * 1382 * @type { ?int } 1383 * @default The ID of the current user. The value is a positive integer greater than or equal to 0. 1384 * @syscap SystemCapability.UserIAM.UserAuth.Core 1385 * @systemapi Hide this for inner system use. 1386 * @since arkts {'1.1':'18','1.2':'20'} 1387 * @arkts 1.1&1.2 1388 */ 1389 userId?: int; 1390 1391 /** 1392 * Indicates whether to skip biometric authentication which has been locked by continuous failures. 1393 * 1394 * @type { ?boolean } 1395 * @syscap SystemCapability.UserIAM.UserAuth.Core 1396 * @atomicservice 1397 * @since 20 1398 */ 1399 skipLockedBiometricAuth?: boolean; 1400 } 1401 1402 /** 1403 * Auth widget parameter. 1404 * 1405 * @typedef WidgetParam 1406 * @syscap SystemCapability.UserIAM.UserAuth.Core 1407 * @since 10 1408 */ 1409 /** 1410 * Represents the information presented on the user authentication page. 1411 * 1412 * @typedef WidgetParam 1413 * @syscap SystemCapability.UserIAM.UserAuth.Core 1414 * @atomicservice 1415 * @since arkts {'1.1':'12','1.2':'20'} 1416 * @arkts 1.1&1.2 1417 */ 1418 interface WidgetParam { 1419 /** 1420 * Title of widget. 1421 * 1422 * @type { string } 1423 * @syscap SystemCapability.UserIAM.UserAuth.Core 1424 * @since 10 1425 */ 1426 /** 1427 * Title of the user authentication page. It cannot exceed 500 characters. 1428 * 1429 * @type { string } 1430 * @syscap SystemCapability.UserIAM.UserAuth.Core 1431 * @atomicservice 1432 * @since arkts {'1.1':'12','1.2':'20'} 1433 * @arkts 1.1&1.2 1434 */ 1435 title: string; 1436 1437 /** 1438 * The description text of navigation button. 1439 * 1440 * @type { ?string } 1441 * @syscap SystemCapability.UserIAM.UserAuth.Core 1442 * @since 10 1443 */ 1444 /** 1445 * Text on the navigation button. It cannot exceed 60 characters. It is supported in single fingerprint or facial 1446 * authentication before API version 18. Since API version 18, it is also supported in combined facial and 1447 * fingerprint authentication. 1448 * 1449 * @type { ?string } 1450 * @syscap SystemCapability.UserIAM.UserAuth.Core 1451 * @atomicservice 1452 * @since arkts {'1.1':'12','1.2':'20'} 1453 * @arkts 1.1&1.2 1454 */ 1455 navigationButtonText?: string; 1456 1457 /** 1458 * Display format of the user authentication page. 1459 * 1460 * @type { ?WindowModeType } 1461 * @default WindowModeType.DIALOG_BOX 1462 * @syscap SystemCapability.UserIAM.UserAuth.Core 1463 * @systemapi Hide this for inner system use. 1464 * @since arkts {'1.1':'10','1.2':'20'} 1465 * @arkts 1.1&1.2 1466 */ 1467 windowMode?: WindowModeType; 1468 1469 /** 1470 * Whether to display the authentication dialog box in modal application mode. This mode is applicable only 1471 * to 2-in-1 devices. If this mode is not used or other types of devices are used, the authentication dialog 1472 * box is displayed in modal system mode. 1473 * 1474 * @type { ?Context } 1475 * @syscap SystemCapability.UserIAM.UserAuth.Core 1476 * @atomicservice 1477 * @since arkts {'1.1':'18','1.2':'20'} 1478 * @arkts 1.1&1.2 1479 */ 1480 uiContext?: Context; 1481 } 1482 1483 /** 1484 * Authentication result: authentication token, credential type for authentication succeed. 1485 * 1486 * @typedef UserAuthResult 1487 * @syscap SystemCapability.UserIAM.UserAuth.Core 1488 * @since 10 1489 */ 1490 /** 1491 * Represents the user authentication result. If the authentication is successful, the authentication type and token 1492 * information are returned. 1493 * 1494 * @typedef UserAuthResult 1495 * @syscap SystemCapability.UserIAM.UserAuth.Core 1496 * @atomicservice 1497 * @since arkts {'1.1':'12','1.2':'20'} 1498 * @arkts 1.1&1.2 1499 */ 1500 interface UserAuthResult { 1501 /** 1502 * The authentication result. 1503 * 1504 * @type { number } 1505 * @syscap SystemCapability.UserIAM.UserAuth.Core 1506 * @since 10 1507 */ 1508 /** 1509 * User authentication result. If the authentication is successful, SUCCESS is returned. Otherwise, an error code 1510 * is returned. For details, see UserAuthResultCode. 1511 * 1512 * @type { int } 1513 * @syscap SystemCapability.UserIAM.UserAuth.Core 1514 * @atomicservice 1515 * @since arkts {'1.1':'12','1.2':'20'} 1516 * @arkts 1.1&1.2 1517 */ 1518 result: int; 1519 1520 /** 1521 * The authentication result if the authentication is passed. 1522 * 1523 * @type { ?Uint8Array } 1524 * @syscap SystemCapability.UserIAM.UserAuth.Core 1525 * @since 10 1526 */ 1527 /** 1528 * Authentication token information. 1529 * 1530 * @type { ?Uint8Array } 1531 * @syscap SystemCapability.UserIAM.UserAuth.Core 1532 * @atomicservice 1533 * @since arkts {'1.1':'12','1.2':'20'} 1534 * @arkts 1.1&1.2 1535 */ 1536 token?: Uint8Array; 1537 1538 /** 1539 * Credential type for authentication succeed. 1540 * 1541 * @type { ?UserAuthType } 1542 * @syscap SystemCapability.UserIAM.UserAuth.Core 1543 * @since 10 1544 */ 1545 /** 1546 * Authentication type. 1547 * 1548 * @type { ?UserAuthType } 1549 * @syscap SystemCapability.UserIAM.UserAuth.Core 1550 * @atomicservice 1551 * @since arkts {'1.1':'12','1.2':'20'} 1552 * @arkts 1.1&1.2 1553 */ 1554 authType?: UserAuthType; 1555 1556 /** 1557 * Credential state. 1558 * 1559 * @type { ?EnrolledState } 1560 * @syscap SystemCapability.UserIAM.UserAuth.Core 1561 * @atomicservice 1562 * @since arkts {'1.1':'12','1.2':'20'} 1563 * @arkts 1.1&1.2 1564 */ 1565 enrolledState?: EnrolledState; 1566 } 1567 1568 /** 1569 * Asynchronous callback of authentication operation. 1570 * 1571 * @interface IAuthCallback 1572 * @syscap SystemCapability.UserIAM.UserAuth.Core 1573 * @since 10 1574 */ 1575 /** 1576 * Provides callbacks to return the authentication result. 1577 * 1578 * @interface IAuthCallback 1579 * @syscap SystemCapability.UserIAM.UserAuth.Core 1580 * @atomicservice 1581 * @since arkts {'1.1':'12','1.2':'20'} 1582 * @arkts 1.1&1.2 1583 */ 1584 interface IAuthCallback { 1585 /** 1586 * The authentication result code is returned through the callback. 1587 * If the authentication is passed, the authentication token is returned in extraInfo. 1588 * 1589 * @param { UserAuthResult } result - Authentication result information. 1590 * @syscap SystemCapability.UserIAM.UserAuth.Core 1591 * @since 10 1592 */ 1593 /** 1594 * Called to return the authentication result. If the authentication is successful, 1595 * UserAuthResult contains the token information. 1596 * 1597 * @param { UserAuthResult } result - Authentication result information. 1598 * @syscap SystemCapability.UserIAM.UserAuth.Core 1599 * @atomicservice 1600 * @since 12 1601 */ 1602 onResult(result: UserAuthResult): void; 1603 /** 1604 * Called to return the authentication result. If the authentication is successful, 1605 * UserAuthResult contains the token information. 1606 * 1607 * @type { function } 1608 * @syscap SystemCapability.UserIAM.UserAuth.Core 1609 * @atomicservice 1610 * @since 20 1611 * @arkts 1.2 1612 */ 1613 onResult: (result: UserAuthResult) => void; 1614 } 1615 1616 /** 1617 * Authentication tip code. 1618 * 1619 * @enum { int } 1620 * @syscap SystemCapability.UserIAM.UserAuth.Core 1621 * @atomicservice 1622 * @since 20 1623 */ 1624 enum UserAuthTipCode { 1625 /** 1626 * Authentication tip for authentication failed. 1627 * 1628 * @syscap SystemCapability.UserIAM.UserAuth.Core 1629 * @atomicservice 1630 * @since 20 1631 */ 1632 COMPARE_FAILURE = 1, 1633 1634 /** 1635 * Authentication tip for authentication timeout. 1636 * 1637 * @syscap SystemCapability.UserIAM.UserAuth.Core 1638 * @atomicservice 1639 * @since 20 1640 */ 1641 TIMEOUT = 2, 1642 1643 /** 1644 * Authentication tip for authentication temporarily frozen. 1645 * 1646 * @syscap SystemCapability.UserIAM.UserAuth.Core 1647 * @atomicservice 1648 * @since 20 1649 */ 1650 TEMPORARILY_LOCKED = 3, 1651 1652 /** 1653 * Authentication tip for authentication permanent frozen. 1654 * 1655 * @syscap SystemCapability.UserIAM.UserAuth.Core 1656 * @atomicservice 1657 * @since 20 1658 */ 1659 PERMANENTLY_LOCKED = 4, 1660 1661 /** 1662 * Authentication tip for widget load success. 1663 * 1664 * @syscap SystemCapability.UserIAM.UserAuth.Core 1665 * @atomicservice 1666 * @since 20 1667 */ 1668 WIDGET_LOADED = 5, 1669 1670 /** 1671 * Authentication tip for widget released. 1672 * 1673 * @syscap SystemCapability.UserIAM.UserAuth.Core 1674 * @atomicservice 1675 * @since 20 1676 */ 1677 WIDGET_RELEASED = 6, 1678 1679 /** 1680 * Authentication tip for authentication failed which causes authentication frozen. 1681 * 1682 * @syscap SystemCapability.UserIAM.UserAuth.Core 1683 * @atomicservice 1684 * @since 20 1685 */ 1686 COMPARE_FAILURE_WITH_FROZEN = 7 1687 } 1688 1689 /** 1690 * Authentication tip information. 1691 * 1692 * @typedef AuthTipInfo 1693 * @syscap SystemCapability.UserIAM.UserAuth.Core 1694 * @atomicservice 1695 * @since 20 1696 */ 1697 interface AuthTipInfo { 1698 /** 1699 * Authentication tip type. 1700 * 1701 * @type { UserAuthType } 1702 * @syscap SystemCapability.UserIAM.UserAuth.Core 1703 * @atomicservice 1704 * @since 20 1705 */ 1706 tipType: UserAuthType; 1707 1708 /** 1709 * Authentication tip code. 1710 * 1711 * @type { UserAuthTipCode } 1712 * @syscap SystemCapability.UserIAM.UserAuth.Core 1713 * @atomicservice 1714 * @since 20 1715 */ 1716 tipCode: UserAuthTipCode; 1717 } 1718 1719 /** 1720 * The authentication tip information is returned through the callback. 1721 * 1722 * @typedef { function } AuthTipCallback 1723 * @param { AuthTipInfo } authTipInfo - Tips returned during authentication process. 1724 * @syscap SystemCapability.UserIAM.UserAuth.Core 1725 * @atomicservice 1726 * @since 20 1727 */ 1728 type AuthTipCallback = (authTipInfo: AuthTipInfo) => void; 1729 1730 /** 1731 * User authentication instance, used to initiate a complete authentication. 1732 * 1733 * @interface UserAuthInstance 1734 * @syscap SystemCapability.UserIAM.UserAuth.Core 1735 * @since 10 1736 */ 1737 /** 1738 * Provides APIs for user authentication. The user authentication widget is supported. Before using the APIs 1739 * of UserAuthInstance, you must obtain a UserAuthInstance instance by using getUserAuthInstance. 1740 * 1741 * @interface UserAuthInstance 1742 * @syscap SystemCapability.UserIAM.UserAuth.Core 1743 * @atomicservice 1744 * @since arkts {'1.1':'12','1.2':'20'} 1745 * @arkts 1.1&1.2 1746 */ 1747 interface UserAuthInstance { 1748 /** 1749 * Turn on widget authentication result event listening. 1750 * 1751 * @param { 'result' } type - Indicates the type of event. 1752 * @param { IAuthCallback } callback - Indicates the listener. 1753 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1754 * <br>1. Mandatory parameters are left unspecified. 1755 * <br>2. Incorrect parameter types. 1756 * <br>3. Parameter verification failed. 1757 * @throws { BusinessError } 12500002 - General operation error. 1758 * @syscap SystemCapability.UserIAM.UserAuth.Core 1759 * @since 10 1760 */ 1761 /** 1762 * Subscribes to the user authentication result. 1763 * 1764 * @param { 'result' } type - Event type. The value is result, which indicates the authentication result. 1765 * @param { IAuthCallback } callback - Callback used to return the user authentication result. 1766 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1767 * <br>1. Mandatory parameters are left unspecified. 1768 * <br>2. Incorrect parameter types. 1769 * <br>3. Parameter verification failed. 1770 * @throws { BusinessError } 12500002 - General operation error. 1771 * @syscap SystemCapability.UserIAM.UserAuth.Core 1772 * @atomicservice 1773 * @since arkts {'1.1':'12','1.2':'20'} 1774 * @arkts 1.1&1.2 1775 */ 1776 on(type: 'result', callback: IAuthCallback): void; 1777 1778 /** 1779 * Turn off widget authentication result event listening. 1780 * 1781 * @param { 'result' } type - Indicates the type of event. 1782 * @param { IAuthCallback } callback - Indicates the listener. 1783 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1784 * <br>1. Mandatory parameters are left unspecified. 1785 * <br>2. Incorrect parameter types. 1786 * <br>3. Parameter verification failed. 1787 * @throws { BusinessError } 12500002 - General operation error. 1788 * @syscap SystemCapability.UserIAM.UserAuth.Core 1789 * @since 10 1790 */ 1791 /** 1792 * Unsubscribes from the user authentication result. 1793 * 1794 * <p><strong>NOTE</strong>: 1795 * <br>The UserAuthInstance instance used to invoke this API must be the one used to subscribe to the event. 1796 * </p> 1797 * 1798 * @param { 'result' } type - Event type. The value is result, which indicates the authentication result. 1799 * @param { IAuthCallback } callback - Callback to unregister. 1800 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1801 * <br>1. Mandatory parameters are left unspecified. 1802 * <br>2. Incorrect parameter types. 1803 * <br>3. Parameter verification failed. 1804 * @throws { BusinessError } 12500002 - General operation error. 1805 * @syscap SystemCapability.UserIAM.UserAuth.Core 1806 * @atomicservice 1807 * @since arkts {'1.1':'12','1.2':'20'} 1808 * @arkts 1.1&1.2 1809 */ 1810 off(type: 'result', callback?: IAuthCallback): void; 1811 1812 /** 1813 * Start this authentication, an instance can only perform authentication once. 1814 * 1815 * @permission ohos.permission.ACCESS_BIOMETRIC 1816 * @throws { BusinessError } 201 - Permission denied. 1817 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1818 * <br>1. Incorrect parameter types. 1819 * @throws { BusinessError } 12500001 - Authentication failed. 1820 * @throws { BusinessError } 12500002 - General operation error. 1821 * @throws { BusinessError } 12500003 - Authentication canceled. 1822 * @throws { BusinessError } 12500004 - Authentication timeout. 1823 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1824 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1825 * @throws { BusinessError } 12500007 - Authentication service is busy. 1826 * @throws { BusinessError } 12500009 - Authentication is locked out. 1827 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1828 * @throws { BusinessError } 12500011 - Switched to the custom authentication process. 1829 * @syscap SystemCapability.UserIAM.UserAuth.Core 1830 * @since 10 1831 */ 1832 /** 1833 * Start this authentication, an instance can only perform authentication once. 1834 * 1835 * @permission ohos.permission.ACCESS_BIOMETRIC 1836 * @throws { BusinessError } 201 - Permission denied. 1837 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1838 * <br>1. Incorrect parameter types. 1839 * @throws { BusinessError } 12500001 - Authentication failed. 1840 * @throws { BusinessError } 12500002 - General operation error. 1841 * @throws { BusinessError } 12500003 - Authentication canceled. 1842 * @throws { BusinessError } 12500004 - Authentication timeout. 1843 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1844 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1845 * @throws { BusinessError } 12500007 - Authentication service is busy. 1846 * @throws { BusinessError } 12500009 - Authentication is locked out. 1847 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1848 * @throws { BusinessError } 12500011 - Switched to the custom authentication process. 1849 * @throws { BusinessError } 12500013 - Operation failed because of PIN expired. 1850 * @syscap SystemCapability.UserIAM.UserAuth.Core 1851 * @atomicservice 1852 * @since 12 1853 */ 1854 /** 1855 * Starts authentication. 1856 * 1857 * <p><strong>NOTE</strong>: 1858 * <br>Each UserAuthInstance can be used for authentication only once. 1859 * <br>Starting from API version 20, only system applications can apply for the 1860 * ohos.permission.USER_AUTH_FROM_BACKGROUND permission. 1861 * </p> 1862 * 1863 * @permission ohos.permission.ACCESS_BIOMETRIC or ohos.permission.USER_AUTH_FROM_BACKGROUND 1864 * @throws { BusinessError } 201 - Permission denied. Possible causes: 1865 * <br>1. No permission to access biometric. 1866 * <br>2. No permission to start authentication from background. 1867 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1868 * <br>1. Incorrect parameter types. 1869 * @throws { BusinessError } 12500002 - General operation error. 1870 * @throws { BusinessError } 12500003 - Authentication canceled. 1871 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1872 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1873 * @throws { BusinessError } 12500009 - Authentication is locked out. 1874 * @throws { BusinessError } 12500010 - The type of credential has not been enrolled. 1875 * @throws { BusinessError } 12500011 - Switched to the customized authentication process. 1876 * @throws { BusinessError } 12500013 - Operation failed because of PIN expired. 1877 * @syscap SystemCapability.UserIAM.UserAuth.Core 1878 * @atomicservice 1879 * @since 20 1880 * @arkts 1.1&1.2 1881 */ 1882 start(): void; 1883 1884 /** 1885 * Cancel this authentication. 1886 * 1887 * @permission ohos.permission.ACCESS_BIOMETRIC 1888 * @throws { BusinessError } 201 - Permission denied. 1889 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1890 * <br>1. Incorrect parameter types. 1891 * @throws { BusinessError } 12500002 - General operation error. 1892 * @syscap SystemCapability.UserIAM.UserAuth.Core 1893 * @since 10 1894 */ 1895 /** 1896 * Cancels this authentication. 1897 * 1898 * <p><strong>NOTE</strong>: 1899 * <br>UserAuthInstance must be the instance being authenticated. 1900 * </p> 1901 * 1902 * @permission ohos.permission.ACCESS_BIOMETRIC 1903 * @throws { BusinessError } 201 - Permission denied. 1904 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1905 * <br>1. Incorrect parameter types. 1906 * @throws { BusinessError } 12500002 - General operation error. 1907 * @syscap SystemCapability.UserIAM.UserAuth.Core 1908 * @atomicservice 1909 * @since arkts {'1.1':'12','1.2':'20'} 1910 * @arkts 1.1&1.2 1911 */ 1912 cancel(): void; 1913 1914 /** 1915 * Turn on authentication tip event listening. 1916 * 1917 * @param { 'authTip' } type - Indicates the type of event. 1918 * @param { AuthTipCallback } callback - Indicates the listener. 1919 * @throws { BusinessError } 12500002 - General operation error. 1920 * @syscap SystemCapability.UserIAM.UserAuth.Core 1921 * @atomicservice 1922 * @since 20 1923 */ 1924 on(type: 'authTip', callback: AuthTipCallback): void; 1925 1926 /** 1927 * Turn off authentication tip event listening. 1928 * 1929 * @param { 'authTip' } type - Indicates the type of event. 1930 * @param { AuthTipCallback } [callback] - Indicates the listener. 1931 * @throws { BusinessError } 12500002 - General operation error. 1932 * @syscap SystemCapability.UserIAM.UserAuth.Core 1933 * @atomicservice 1934 * @since 20 1935 */ 1936 off(type: 'authTip', callback?: AuthTipCallback): void; 1937 } 1938 1939 /** 1940 * Get user authentication instance with widget. 1941 * 1942 * @param { AuthParam } authParam - Auth parameter. 1943 * @param { WidgetParam } widgetParam - Widget parameter. 1944 * @returns { UserAuthInstance } Returns an authentication instance with widget. 1945 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1946 * <br>1. Mandatory parameters are left unspecified. 1947 * <br>2. Incorrect parameter types. 1948 * <br>3. Parameter verification failed. 1949 * @throws { BusinessError } 12500002 - General operation error. 1950 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1951 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1952 * @syscap SystemCapability.UserIAM.UserAuth.Core 1953 * @since 10 1954 */ 1955 /** 1956 * Obtains a UserAuthInstance instance for user authentication. The user authentication widget is also supported. 1957 * 1958 * <p><strong>NOTE</strong>: 1959 * <br>Each UserAuthInstance can be used for authentication only once. 1960 * </p> 1961 * 1962 * @param { AuthParam } authParam - Auth parameter. 1963 * @param { WidgetParam } widgetParam - Widget parameter. 1964 * @returns { UserAuthInstance } Returns an authentication instance with widget. 1965 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1966 * <br>1. Mandatory parameters are left unspecified. 1967 * <br>2. Incorrect parameter types. 1968 * <br>3. Parameter verification failed. 1969 * @throws { BusinessError } 12500002 - General operation error. 1970 * @throws { BusinessError } 12500005 - The authentication type is not supported. 1971 * @throws { BusinessError } 12500006 - The authentication trust level is not supported. 1972 * @syscap SystemCapability.UserIAM.UserAuth.Core 1973 * @atomicservice 1974 * @since arkts {'1.1':'12','1.2':'20'} 1975 * @arkts 1.1&1.2 1976 */ 1977 function getUserAuthInstance(authParam: AuthParam, widgetParam: WidgetParam): UserAuthInstance; 1978 1979 /** 1980 * Defines the type of the user authentication notification. 1981 * 1982 * @enum { int } 1983 * @syscap SystemCapability.UserIAM.UserAuth.Core 1984 * @systemapi Hide this for inner system use. 1985 * @since arkts {'1.1':'10','1.2':'20'} 1986 * @arkts 1.1&1.2 1987 */ 1988 enum NoticeType { 1989 /** 1990 * Notification from the user authentication widget. 1991 * 1992 * @syscap SystemCapability.UserIAM.UserAuth.Core 1993 * @systemapi Hide this for inner system use. 1994 * @since arkts {'1.1':'10','1.2':'20'} 1995 * @arkts 1.1&1.2 1996 */ 1997 WIDGET_NOTICE = 1 1998 } 1999 2000 /** 2001 * Sends a notification from the user authentication widget. 2002 * 2003 * @permission ohos.permission.SUPPORT_USER_AUTH 2004 * @param { NoticeType } noticeType - Notification type. 2005 * @param { string } eventData - Event data. The data cannot exceed 65536 bytes. 2006 * @throws { BusinessError } 201 - Permission denied. 2007 * @throws { BusinessError } 202 - Permission denied. Called by non-system application. 2008 * @throws { BusinessError } 401 - Parameter error. Possible causes: 2009 * <br>1. Mandatory parameters are left unspecified. 2010 * <br>2. Incorrect parameter types. 2011 * <br>3. Parameter verification failed. 2012 * @throws { BusinessError } 12500002 - General operation error. 2013 * @syscap SystemCapability.UserIAM.UserAuth.Core 2014 * @systemapi Hide this for inner system use. 2015 * @since arkts {'1.1':'10','1.2':'20'} 2016 * @arkts 1.1&1.2 2017 */ 2018 function sendNotice(noticeType: NoticeType, eventData: string): void; 2019 2020 /** 2021 * Enum for operation result. 2022 * 2023 * @enum { number } 2024 * @syscap SystemCapability.UserIAM.UserAuth.Core 2025 * @since 9 2026 */ 2027 /** 2028 * Enumerates the authentication result codes. 2029 * 2030 * @enum { int } 2031 * @syscap SystemCapability.UserIAM.UserAuth.Core 2032 * @atomicservice 2033 * @since arkts {'1.1':'12','1.2':'20'} 2034 * @arkts 1.1&1.2 2035 */ 2036 enum UserAuthResultCode { 2037 /** 2038 * Indicates that the result is success or ability is supported. 2039 * 2040 * @syscap SystemCapability.UserIAM.UserAuth.Core 2041 * @since 9 2042 */ 2043 /** 2044 * The authentication is successful. 2045 * 2046 * @syscap SystemCapability.UserIAM.UserAuth.Core 2047 * @atomicservice 2048 * @since arkts {'1.1':'12','1.2':'20'} 2049 * @arkts 1.1&1.2 2050 */ 2051 SUCCESS = 12500000, 2052 2053 /** 2054 * Indicates that the authentication result is failed. 2055 * 2056 * @syscap SystemCapability.UserIAM.UserAuth.Core 2057 * @since 9 2058 */ 2059 /** 2060 * The authentication failed. 2061 * 2062 * @syscap SystemCapability.UserIAM.UserAuth.Core 2063 * @atomicservice 2064 * @since arkts {'1.1':'12','1.2':'20'} 2065 * @arkts 1.1&1.2 2066 */ 2067 FAIL = 12500001, 2068 2069 /** 2070 * Indicates other errors. 2071 * 2072 * @syscap SystemCapability.UserIAM.UserAuth.Core 2073 * @since 9 2074 */ 2075 /** 2076 * A general operation error occurred. 2077 * 2078 * @syscap SystemCapability.UserIAM.UserAuth.Core 2079 * @atomicservice 2080 * @since arkts {'1.1':'12','1.2':'20'} 2081 * @arkts 1.1&1.2 2082 */ 2083 GENERAL_ERROR = 12500002, 2084 2085 /** 2086 * Indicates that this operation is canceled. 2087 * 2088 * @syscap SystemCapability.UserIAM.UserAuth.Core 2089 * @since 9 2090 */ 2091 /** 2092 * The authentication is canceled. 2093 * 2094 * @syscap SystemCapability.UserIAM.UserAuth.Core 2095 * @atomicservice 2096 * @since arkts {'1.1':'12','1.2':'20'} 2097 * @arkts 1.1&1.2 2098 */ 2099 CANCELED = 12500003, 2100 2101 /** 2102 * Indicates that this operation is time-out. 2103 * 2104 * @syscap SystemCapability.UserIAM.UserAuth.Core 2105 * @since 9 2106 */ 2107 /** 2108 * The authentication has timed out. 2109 * 2110 * @syscap SystemCapability.UserIAM.UserAuth.Core 2111 * @atomicservice 2112 * @since arkts {'1.1':'12','1.2':'20'} 2113 * @arkts 1.1&1.2 2114 */ 2115 TIMEOUT = 12500004, 2116 2117 /** 2118 * Indicates that this authentication type is not supported. 2119 * 2120 * @syscap SystemCapability.UserIAM.UserAuth.Core 2121 * @since 9 2122 */ 2123 /** 2124 * The authentication type is not supported. 2125 * 2126 * @syscap SystemCapability.UserIAM.UserAuth.Core 2127 * @atomicservice 2128 * @since arkts {'1.1':'12','1.2':'20'} 2129 * @arkts 1.1&1.2 2130 */ 2131 TYPE_NOT_SUPPORT = 12500005, 2132 2133 /** 2134 * Indicates that the authentication trust level is not supported. 2135 * 2136 * @syscap SystemCapability.UserIAM.UserAuth.Core 2137 * @since 9 2138 */ 2139 /** 2140 * The authentication trust level is not supported. 2141 * 2142 * @syscap SystemCapability.UserIAM.UserAuth.Core 2143 * @atomicservice 2144 * @since arkts {'1.1':'12','1.2':'20'} 2145 * @arkts 1.1&1.2 2146 */ 2147 TRUST_LEVEL_NOT_SUPPORT = 12500006, 2148 2149 /** 2150 * Indicates that the authentication task is busy. Wait for a few seconds and try again. 2151 * 2152 * @syscap SystemCapability.UserIAM.UserAuth.Core 2153 * @since 9 2154 */ 2155 /** 2156 * The system does not respond. 2157 * 2158 * @syscap SystemCapability.UserIAM.UserAuth.Core 2159 * @atomicservice 2160 * @since arkts {'1.1':'12','1.2':'20'} 2161 * @arkts 1.1&1.2 2162 */ 2163 BUSY = 12500007, 2164 2165 /** 2166 * Indicates that the paramter is out of range. 2167 * 2168 * @syscap SystemCapability.UserIAM.UserAuth.Core 2169 * @atomicservice 2170 * @since 20 2171 */ 2172 INVALID_PARAMETERS = 12500008, 2173 2174 /** 2175 * Indicates that the authenticator is locked. 2176 * 2177 * @syscap SystemCapability.UserIAM.UserAuth.Core 2178 * @since 9 2179 */ 2180 /** 2181 * The authentication executor is locked. 2182 * 2183 * @syscap SystemCapability.UserIAM.UserAuth.Core 2184 * @atomicservice 2185 * @since arkts {'1.1':'12','1.2':'20'} 2186 * @arkts 1.1&1.2 2187 */ 2188 LOCKED = 12500009, 2189 2190 /** 2191 * Indicates that the user has not enrolled the authenticator. 2192 * 2193 * @syscap SystemCapability.UserIAM.UserAuth.Core 2194 * @since 9 2195 */ 2196 /** 2197 * The user has not enrolled the specified system identity authentication credential. 2198 * 2199 * @syscap SystemCapability.UserIAM.UserAuth.Core 2200 * @atomicservice 2201 * @since arkts {'1.1':'12','1.2':'20'} 2202 * @arkts 1.1&1.2 2203 */ 2204 NOT_ENROLLED = 12500010, 2205 2206 /** 2207 * Indicates that this operation is canceled from widget's navigation button. 2208 * 2209 * @syscap SystemCapability.UserIAM.UserAuth.Core 2210 * @since 10 2211 */ 2212 /** 2213 * The user cancels the system authentication and selects a custom authentication of the application. 2214 * The caller needs to launch the custom authentication page. 2215 * 2216 * @syscap SystemCapability.UserIAM.UserAuth.Core 2217 * @atomicservice 2218 * @since arkts {'1.1':'12','1.2':'20'} 2219 * @arkts 1.1&1.2 2220 */ 2221 CANCELED_FROM_WIDGET = 12500011, 2222 2223 /** 2224 * The authentication failed because the lock screen password has expired. 2225 * 2226 * @syscap SystemCapability.UserIAM.UserAuth.Core 2227 * @atomicservice 2228 * @since arkts {'1.1':'12','1.2':'20'} 2229 * @arkts 1.1&1.2 2230 */ 2231 PIN_EXPIRED = 12500013, 2232 2233 /** 2234 * The AuthToken is invalid. 2235 * 2236 * @syscap SystemCapability.UserIAM.UserAuth.Core 2237 * @systemapi Hide this for inner system use. 2238 * @since arkts {'1.1':'18','1.2':'20'} 2239 * @arkts 1.1&1.2 2240 */ 2241 AUTH_TOKEN_CHECK_FAILED = 12500015, 2242 2243 /** 2244 * The interval between the AuthToken issuance time and the AuthToken verification time exceeds 2245 * the maximum validity period. 2246 * 2247 * @syscap SystemCapability.UserIAM.UserAuth.Core 2248 * @systemapi Hide this for inner system use. 2249 * @since arkts {'1.1':'18','1.2':'20'} 2250 * @arkts 1.1&1.2 2251 */ 2252 AUTH_TOKEN_EXPIRED = 12500016, 2253 2254 /** 2255 * Indicates that reuse of last authentication result is failed. 2256 * 2257 * @syscap SystemCapability.UserIAM.UserAuth.Core 2258 * @systemapi Hide this for inner system use. 2259 * @since 20 2260 */ 2261 REUSE_AUTH_RESULT_FAILED = 12500017 2262 } 2263 2264 /** 2265 * Provides APIs for managing the user authentication widget. You can use the APIs to register the user 2266 * authentication widget with UserAuthWidgetMgr for management and scheduling. 2267 * 2268 * @interface UserAuthWidgetMgr 2269 * @syscap SystemCapability.UserIAM.UserAuth.Core 2270 * @systemapi Hide this for inner system use. 2271 * @since arkts {'1.1':'10','1.2':'20'} 2272 * @arkts 1.1&1.2 2273 */ 2274 interface UserAuthWidgetMgr { 2275 /** 2276 * Subscribes to commands from the user authentication framework for the user authentication widget. 2277 * 2278 * @param { 'command' } type - Event type. The vlaue is command, which indicates the command sent from the user 2279 * authentication framework to the user authentication widget. 2280 * @param { IAuthWidgetCallback } callback - Callback used to return the command from the user authentication 2281 * framework to the user authentication widget. 2282 * @throws { BusinessError } 401 - Parameter error. Possible causes: 2283 * <br>1. Mandatory parameters are left unspecified. 2284 * <br>2. Incorrect parameter types. 2285 * <br>3. Parameter verification failed. 2286 * @throws { BusinessError } 12500002 - General operation error. 2287 * @syscap SystemCapability.UserIAM.UserAuth.Core 2288 * @systemapi Hide this for inner system use. 2289 * @since arkts {'1.1':'10','1.2':'20'} 2290 * @arkts 1.1&1.2 2291 */ 2292 on(type: 'command', callback: IAuthWidgetCallback): void; 2293 2294 /** 2295 * Unsubscribes from commands sent from the user authentication framework. 2296 * 2297 * @param { 'command' } type - Event type. The value is command, which indicates the command sent from the user 2298 * authentication framework to the user authentication widget. 2299 * @param { IAuthWidgetCallback } callback - Callback to unregister. 2300 * @throws { BusinessError } 401 - Parameter error. Possible causes: 2301 * <br>1. Mandatory parameters are left unspecified. 2302 * <br>2. Incorrect parameter types. 2303 * <br>3. Parameter verification failed. 2304 * @throws { BusinessError } 12500002 - General operation error. 2305 * @syscap SystemCapability.UserIAM.UserAuth.Core 2306 * @systemapi Hide this for inner system use. 2307 * @since arkts {'1.1':'10','1.2':'20'} 2308 * @arkts 1.1&1.2 2309 */ 2310 off(type: 'command', callback?: IAuthWidgetCallback): void; 2311 } 2312 2313 /** 2314 * Obtains a UserAuthWidgetMgr instance for user authentication. 2315 * 2316 * <p><strong>NOTE</strong>: 2317 * <br>A UserAuthInstance instance can be used for an authentication only once. 2318 * </p> 2319 * 2320 * @permission ohos.permission.SUPPORT_USER_AUTH 2321 * @param { int } version - Version of the user authentication widget. 2322 * @returns { UserAuthWidgetMgr } UserAuthWidgetMgr instance obtained. 2323 * @throws { BusinessError } 201 - Permission denied. 2324 * @throws { BusinessError } 202 - Permission denied. Called by non-system application. 2325 * @throws { BusinessError } 401 - Parameter error. Possible causes: 2326 * <br>1. Mandatory parameters are left unspecified. 2327 * <br>2. Incorrect parameter types. 2328 * @throws { BusinessError } 12500002 - General operation error. 2329 * @syscap SystemCapability.UserIAM.UserAuth.Core 2330 * @systemapi Hide this for inner system use. 2331 * @since arkts {'1.1':'10','1.2':'20'} 2332 * @arkts 1.1&1.2 2333 */ 2334 function getUserAuthWidgetMgr(version: int): UserAuthWidgetMgr; 2335 2336 /** 2337 * Provides the callback for returning the commands sent from the user authentication framework 2338 * to the user authentication widget. 2339 * 2340 * @interface IAuthWidgetCallback 2341 * @syscap SystemCapability.UserIAM.UserAuth.Core 2342 * @systemapi Hide this for inner system use. 2343 * @since 10 2344 */ 2345 interface IAuthWidgetCallback { 2346 /** 2347 * Called to return the command sent from the user authentication framework to the user authentication widget. 2348 * 2349 * @param { string } cmdData - Command sent from the user authentication framework to the user 2350 * authentication widget. 2351 * @syscap SystemCapability.UserIAM.UserAuth.Core 2352 * @systemapi Hide this for inner system use. 2353 * @since 10 2354 */ 2355 sendCommand(cmdData: string): void; 2356 /** 2357 * Called to return the command sent from the user authentication framework to the user authentication widget. 2358 * 2359 * @type { function } 2360 * @syscap SystemCapability.UserIAM.UserAuth.Core 2361 * @systemapi Hide this for inner system use. 2362 * @since 20 2363 * @arkts 1.2 2364 */ 2365 sendCommand: (cmdData: string) => void; 2366 } 2367 2368 /** 2369 * Obtains the reusable authentication result. 2370 * 2371 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 2372 * @param { AuthParam } authParam - Auth parameter. 2373 * @returns { Uint8Array } The reuse authentication token. 2374 * @throws { BusinessError } 201 - Permission denied. 2375 * @throws { BusinessError } 202 - Permission denied. Called by non-system application. 2376 * @throws { BusinessError } 12500002 - General operation error. 2377 * @throws { BusinessError } 12500008 - The parameter is out of range. 2378 * @throws { BusinessError } 12500017 - Failed to reuse authentication result. 2379 * @syscap SystemCapability.UserIAM.UserAuth.Core 2380 * @systemapi Hide this for inner system use. 2381 * @since 20 2382 */ 2383 function queryReusableAuthResult(authParam: AuthParam): Uint8Array; 2384} 2385 2386export default userAuth; 2387