# User Authentication Development<a name="EN-US_TOPIC_0000001234020089"></a>
# User Authentication Development
>**NOTE:**
>This document applies to JS.
## When to Use
## When to Use<a name="section1410661605517"></a>
OpenHarmony supports 2D and 3D facial recognition that can be used for identity authentication during device unlocking, application login, and payment.
HarmonyOS supports 2D and 3D facial recognition that can be used for identity authentication during device unlocking, application login, and payment.
## Available APIs<a name="section187921265614"></a>
## Available APIs
The **userIAM\_userAuth** module provides methods for checking the support for biometric authentication, and performing and canceling authentication. You can perform authentication based on biometric features such as facial characteristics. Before performing biometric authentication, check whether your device supports this capability, including the authentication type, security level, and whether local authentication is used. If biometric authentication is not supported, consider using another authentication type. The following table lists methods in the APIs available for biometric authentication.
**Table 1** Methods available for biometric authentication
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p052435213251"><aname="p052435213251"></a><aname="p052435213251"></a>Obtains an <strongid="b7528121952513"><aname="b7528121952513"></a><aname="b7528121952513"></a>Authenticator</strong> object for user authentication. <supid="sup580316168261"><aname="sup580316168261"></a><aname="sup580316168261"></a>6+</sup></p>
<pid="p18224123611319"><aname="p18224123611319"></a><aname="p18224123611319"></a>Obtains an <strongid="b16234636102517"><aname="b16234636102517"></a><aname="b16234636102517"></a>Authenticator</strong> object to check the device's capability of user authentication, perform or cancel user authentication, and obtain the tips generated in the authentication process. <supid="sup1832921092616"><aname="sup1832921092616"></a><aname="sup1832921092616"></a>7+</sup></p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p695651014402"><aname="p695651014402"></a><aname="p695651014402"></a>Checks whether the device supports the specified authentication type and security level.</p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p144141341165617"><aname="p144141341165617"></a><aname="p144141341165617"></a>Performs user authentication and returns the authentication result using an asynchronous callback.</p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p8257141716153"><aname="p8257141716153"></a><aname="p8257141716153"></a>Performs user authentication and returns the authentication result using a promise.</p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p175161740144013"><aname="p175161740144013"></a><aname="p175161740144013"></a>Cancels the current authentication.</p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p44583514715"><aname="p44583514715"></a><aname="p44583514715"></a>Subscribes to the events of the specified type.</p>
<tdclass="cellrowborder"valign="top"width="50%"headers="mcps1.2.3.1.2 "><pid="p435610551774"><aname="p435610551774"></a><aname="p435610551774"></a>Unsubscribes from the events of the specified type.</p>
</td>
</tr>
</tbody>
</table>
## How to Develop<a name="section13636175015153"></a>
| getAuthenticator(): Authenticator | Obtains an **Authenticator** object for user authentication. <sup>6+</sup><br>Obtains an **Authenticator** object to check the device's capability of user authentication, perform or cancel user authentication, and obtain the tips generated in the authentication process. <sup>7+</sup> |
| checkAvailability(type: AuthType, level: SecureLevel): number | Checks whether the device supports the specified authentication type and security level. |
| execute(type: AuthType, level: SecureLevel, callback: AsyncCallback\<number>): void | Performs user authentication and returns the authentication result using an asynchronous callback. |
| execute(type: AuthType, level: SecureLevel): Promise\<number> | Performs user authentication and returns the authentication result using a promise. |
| cancel(): void | Cancels the current authentication. |
| on(type: "tip", callback: Callback\<Tip>): void | Subscribes to the events of the specified type. |
| off(type: "tip", callback?: Callback\<Tip>): void | Unsubscribes from the events of the specified type. |
## How to Develop
Before starting the development, make the following preparations:
...
...
@@ -88,7 +50,7 @@ The development procedure is as follows:
}
```
3.<aname="li109311114115111"></a>\(Optional\) Subscribe to tip information. The sample code is as follows:
3.\(Optional\) Subscribe to tip information. The sample code is as follows:
```
let authenticator = userIAM_userAuth.getAuthenticator();
...
...
@@ -112,7 +74,7 @@ The development procedure is as follows:
});
```
5.\(Optional\) Unsubscribe from tip information if [you have subscribed to tip information](#li109311114115111)you have subscribed to tip information.
5.\(Optional\) Unsubscribe from tip information if you have subscribed to tip information you have subscribed to tip information.
```
let authenticator = userIAM_userAuth.getAuthenticator();
...
...
@@ -138,4 +100,3 @@ The development procedure is as follows:
# User Authentication Overview<a name="EN-US_TOPIC_0000001050991067"></a>
# User Authentication Overview
OpenHarmony provides biometric recognition that can be used for identity authentication in device unlocking, application login, and payment.
OpenHarmony provides both 2D and 3D facial recognition. You can provide either or both of them on your device based on the hardware and technology applied on the device. 3D facial recognition is superior to 2D facial recognition in terms of recognition rate and anti-counterfeiting capability. However, you can use 3D facial recognition only if your device supports capabilities such as 3D structured light and 3D Time of Flight \(TOF\).
Biometric recognition \(also known as biometric authentication\) uses optical, acoustical, and biological sensors, as well as the biological statistics mechanism to identify individuals.
Facial recognition is a biometric recognition technology that identifies individuals based on facial characteristics. A camera is used to collect images or video streams that contain human faces, and automatically detect, track, and recognize the human faces.
## Working Principles<a name="section87441753103115"></a>
## Working Principles
Facial recognition establishes a secure channel between a camera and a trusted execution environment \(TEE\). Through this channel, face image data is transmitted to the TEE. This protects against any attack from the rich execution environment \(REE\) as the face image data cannot be obtained from the REE. The face image collection, characteristic extraction, alive human body detection, and characteristic comparison are all completed in the TEE. The TEE implements security isolation based on the trust zone. The external face framework only initiates face authentication and processes authentication results. It does not process the human face data.
Facial characteristics are stored in the TEE, which uses strong cryptographic algorithms to encrypt and protect the integrity of facial characteristics. The collected and stored facial characteristics will not be transferred out of the TEE without user authorization. This ensures that system or third-party applications cannot obtain facial characteristics, or send or back them up to any external storage medium.
## Limitations and Constraints<a name="section6226193317475"></a>
## Limitations and Constraints
- OpenHarmony only supports facial recognition and local authentication, and does not support an authentication UI.
- To use biometric recognition, a device must have a camera with a face image pixel greater than 100x100.
