Comment on page
Add Passage
Add Passage to your Android project
- Make sure that your project meets these requirements:
- Targets API level 33 or higher
- Uses Android 13 or higher
If you don't already have an Android project and just want to try out Passage, you can clone our Android Example App.
In your module (app-level) Gradle file (usually
<project>/<app-module>/build.gradle
), add the Passage dependency like this, and then sync your Android project with Gradle files:dependencies {
// ...
implementation 'id.passage.android:passage:1.5.1'
}
Declare an instance of
Passage
.lateinit var passage: Passage
In your Activity’s
onCreate()
or Fragment’s onViewCreated
method, initialize the Passage
instance.passage = Passage(requireActivity(), "YOUR_APP_ID")
If you are NOT using passkeys, that's it - you're ready to start using Passage!
If you ARE using passkeys, follow the below instructions
Google's Digital Asset Links protocol enables an app or website to make public, verifiable statements about other apps or websites.Your website must declare that it is associated with your specific Android app, and declare that it wants to share user credentials in order for passkey authentication to work.
To securely associate your website with your Android app, Google requires your Digital Asset Links JSON file to contain the SHA256 fingerprint of your app’s signing certificate.
To get your signing certificate fingerprint, copy and paste this code in your terminal, replacing the placeholder all caps values:
keytool -list -v -keystore PATH_TO_KEYSTORE -alias KEYSTORE_ALIAS -storepass STORE_PASSWORD -keypass KEY_PASSWORD
The output should include something like this:
SHA256: 5C:A2:55:53:25:86:7B:5A:21:82:EE:14:5A:3B:9C:99...
Create a new
assetlinks.json
file like this one, replacing the YOUR_WEBSITE
, YOUR_ANDROID_PACKAGE_NAME
, and YOUR_CERT_FINGERPRINT
values:[
{
"relation" : [
"delegate_permission/common.handle_all_urls",
"delegate_permission/common.get_login_creds"
],
"target" : {
"namespace" : "web",
"site" : "https://YOUR_WEBSITE"
}
},
{
"relation": [
"delegate_permission/common.handle_all_urls",
"delegate_permission/common.get_login_creds"
],
"target": {
"namespace": "android_app",
"package_name": "YOUR_ANDROID_PACKAGE_NAME",
"sha256_cert_fingerprints": ["YOUR_CERT_FINGERPRINT"]
}
}
]
Note that
YOUR_WEBSITE
must match your Passage app's auth originPublish this file to your site’s
.well-known/
directory.
For passkeys to work in any Android app, Google requires the app's "APK key hash" to be set as the relying party's auth origin.
To get the key hash from your signing certificate, simply copy and paste this code in your terminal, replacing
YOUR_SHA256_FINGERPRINT
with the SHA256 fingerprint generated from the previous step:echo "android:apk-key-hash:$(echo -n YOUR_SHA256_FINGERPRINT | xxd -r -p | base64 | tr -- '+/' '-_' | tr -d '=')"
Which should produce something like:
android:apk-key-hash:eiV7fQqjB85Hdtf2IpIV0ZsldECmDJRX9ajDxafpr
In Passage Console, you’ll need to submit your android apk key hash in Settings -> General -> Android SDK.

Add your APK key hash in your app's Passage console.
In your app’s
strings.xml
file, copy and past the following, replacing YOUR_AUTH_ORIGIN
:<resources>
//..
<!-- Required Passage app settings -->
<string name="passage_auth_origin">YOUR_AUTH_ORIGIN</string>
<string name="asset_statements">
[{
\\"include\\": \\"https://@string/passage_auth_origin/.well-known/assetlinks.json\\"
}]
</string>
</resources>
Finally, paste the following
meta-data
into your app’s AndroidManifest.xml
:<manifest ...>
<application ...>
<meta-data
android:name="asset_statements"
android:resource="@string/asset_statements" />
</application>
</manifest>
Last modified 3d ago