NoobSolver/BiometricPromptForDecryption.kt

## BiometricPromptForDecryption.kt
override fun onResume() {
   super.onResume()

   if (ciphertextWrapper != null) {
       if (SampleAppUser.fakeToken == null) {
           showBiometricPromptForDecryption()
       } else {
           // The user has already logged in, so proceed to the rest of the app
           // this is a todo for you, the developer
           updateApp(getString(R.string.already_signedin))
       }
   }
}

....

private fun showBiometricPromptForDecryption() {
   ciphertextWrapper?.let { textWrapper ->
       val canAuthenticate = BiometricManager.from(applicationContext).canAuthenticate()
       if (canAuthenticate == BiometricManager.BIOMETRIC_SUCCESS) {
           val secretKeyName = getString(R.string.secret_key_name)
           val cipher = cryptographyManager.getInitializedCipherForDecryption(
               secretKeyName, textWrapper.initializationVector
           )
           biometricPrompt =
               BiometricPromptUtils.createBiometricPrompt(
                   this,
                   ::decryptServerTokenFromStorage
               )
           val promptInfo = BiometricPromptUtils.createPromptInfo(this)
           biometricPrompt.authenticate(promptInfo, BiometricPrompt.CryptoObject(cipher))
       }
   }
}

private fun decryptServerTokenFromStorage(authResult: BiometricPrompt.AuthenticationResult) {
   ciphertextWrapper?.let { textWrapper ->
       authResult.cryptoObject?.cipher?.let {
           val plaintext =
               cryptographyManager.decryptData(textWrapper.ciphertext, it)
           SampleAppUser.fakeToken = plaintext
           // Now that you have the token, you can query server for everything else
           // the only reason we call this fakeToken is because we didn't really get it from
           // the server. In your case, you will have gotten it from the server the first time
           // and therefore, it's a real token.

           updateApp(getString(R.string.already_signedin))
       }
   }
}
	override fun onResume() {
	super.onResume()

	if (ciphertextWrapper != null) {
	if (SampleAppUser.fakeToken == null) {
	showBiometricPromptForDecryption()
	} else {
	// The user has already logged in, so proceed to the rest of the app
	// this is a todo for you, the developer
	updateApp(getString(R.string.already_signedin))
	}
	}
	}

	....

	private fun showBiometricPromptForDecryption() {
	ciphertextWrapper?.let { textWrapper ->
	val canAuthenticate = BiometricManager.from(applicationContext).canAuthenticate()
	if (canAuthenticate == BiometricManager.BIOMETRIC_SUCCESS) {
	val secretKeyName = getString(R.string.secret_key_name)
	val cipher = cryptographyManager.getInitializedCipherForDecryption(
	secretKeyName, textWrapper.initializationVector
	)
	biometricPrompt =
	BiometricPromptUtils.createBiometricPrompt(
	this,
	::decryptServerTokenFromStorage
	)
	val promptInfo = BiometricPromptUtils.createPromptInfo(this)
	biometricPrompt.authenticate(promptInfo, BiometricPrompt.CryptoObject(cipher))
	}
	}
	}

	private fun decryptServerTokenFromStorage(authResult: BiometricPrompt.AuthenticationResult) {
	ciphertextWrapper?.let { textWrapper ->
	authResult.cryptoObject?.cipher?.let {
	val plaintext =
	cryptographyManager.decryptData(textWrapper.ciphertext, it)
	SampleAppUser.fakeToken = plaintext
	// Now that you have the token, you can query server for everything else
	// the only reason we call this fakeToken is because we didn't really get it from
	// the server. In your case, you will have gotten it from the server the first time
	// and therefore, it's a real token.

	updateApp(getString(R.string.already_signedin))
	}
	}
	}