Passkey
Passkey is enabled through the SDK Portal. No changes are required in the Android integration — activation is handled entirely on the platform side.
Passkey is currently available for Android only. The iOS SDK does not support this feature.
Passkey on Android uses the Digital Asset Links protocol to establish a verifiable and secure association between the client's native application and Unico's web domain. This link is mandatory by the Android operating system's design for authentication with passkeys in Google mobile applications.
Before generating a key pair for a passkey, the Android authenticator verifies the Relying Party ID (RP ID) present in the server's response against the domain name specified in the Digital Asset Links file. Without this successful verification, Passkey simply will not work.
What is SHA-256 and why is it necessary?
The SHA-256 fingerprint is a unique hash generated from the application's signing certificate, used to identify the app's authenticity and integrity.
This certificate corresponds to the key used to sign the APK/AAB before distribution on the Google Play Store. It is necessary to register this fingerprint in the assetlinks.json file hosted by Unico under the path /.well-known/assetlinks.json. This file is managed entirely by Unico and can only be updated by submitting a support ticket.
The file must include two specific permissions:
delegate_permission/common.handle_all_urls— for Android App Linksdelegate_permission/common.get_login_creds— for sharing credentials between the website and the Android app
…along with the client's package name and SHA-256 fingerprint.
The SHA-256 must be registered in two places: the public assetlinks.json file and the server configuration (expected origin). Register fingerprints for every signing configuration in use — debug, release, and any product flavors — since each produces a different fingerprint.
It is possible to extract the SHA-256 fingerprint using the Java Development Kit (JDK) keytool tool, or find it directly in the Google Play Console in the App Signing section under Setup > App integrity.
keytool -list -v -keystore <your-keystore.jks> -alias <key-alias>
Before any passkey operation can succeed, the following must be in place:
- App's package name and SHA-256 fingerprint registered in Unico's
assetlinks.jsonfile (submit a support ticket to register or update fingerprints) - App's SHA-256 fingerprint registered in the server configuration (expected origin)
- Fingerprints registered for every signing configuration in use (debug, release, product flavors)