Skip to main content

configure-digital-asset-links

Android uses a Digital Asset Links file named assetlinks.json to verify the association between your application and your website.

Find Your Package Name

You can find your application's package name in the app module's build.gradle.kts file under defaultConfig:

android {
defaultConfig {
applicationId = "<PACKAGE_NAME>"
}
}

Generate the SHA-256 Certificate Fingerprint

Use the keytool utility included with the Java Development Kit to retrieve the SHA-256 fingerprint of your application's signing certificate:

keytool -list -v \
-keystore KEYSTORE_PATH \
-alias KEYSTORE_ALIAS \
-storepass KEYSTORE_PASSWORD \
-keypass KEY_PASSWORD

Replace the following values:

  • KEYSTORE_PATH with the path to your keystore
  • KEYSTORE_ALIAS with the signing-key alias
  • KEYSTORE_PASSWORD with the keystore password
  • KEY_PASSWORD with the signing-key password

The command output includes the certificate's SHA-256 fingerprint.

Local Development

For local development, you can use the default Android debug keystore with the following values:

  • KEYSTORE_ALIAS: androiddebugkey
  • KEYSTORE_PASSWORD: android
  • KEY_PASSWORD: android

Use a dedicated signing key for production applications. For applications distributed through Google Play, you can find the app-signing certificate fingerprint in the Google Play Console.

Register the Fingerprint

Register your application's SHA-256 certificate fingerprint in your LoginID application's FIDO2 section before continuing. For instructions, see Adding Android Fingerprint.

Host the assetlinks.json File

Create an assetlinks.json file containing your application's package name and SHA-256 certificate fingerprint:

[
{
"relation": [
"delegate_permission/common.get_login_creds"
],
"target": {
"namespace": "android_app",
"package_name": "<PACKAGE_NAME>",
"sha256_cert_fingerprints": [
"<SHA256_FINGERPRINT>"
]
}
}
]

Replace <PACKAGE_NAME> and <SHA256_FINGERPRINT> with your application's values.

Host the file at the following location:

https://<WEBSITE_DOMAIN>/.well-known/assetlinks.json

The file must be publicly accessible over HTTPS.

Declare the Association in Your Android Application

Add an asset_statements resource to res/values/strings.xml:

<resources>
<string name="asset_statements" translatable="false">
[{
\"include\": \"https://<WEBSITE_DOMAIN>/.well-known/assetlinks.json\"
}]
</string>
</resources>

Then add the corresponding <meta-data> element inside the <application> element of your AndroidManifest.xml file:

<manifest xmlns:android="http://schemas.android.com/apk/res/android">
<application>
<meta-data
android:name="asset_statements"
android:resource="@string/asset_statements" />
</application>
</manifest>