Overview
Hawcx SDK delivers revolutionary Smart Connect technology - the most intuitive passwordless authentication ever created for Android applications. Smart Connect intelligently handles both sign up and sign in through a single, unified interface, eliminating decision fatigue while maintaining enterprise-grade security.Smart Connect Technology
One-click intelligent authentication that automatically determines user context
Contextual Intelligence
No more “Sign Up” vs “Sign In” confusion - just one smart entry point
Seamless Cross-Platform
Smart Connect maintains user context across all devices and platforms
Web Login Approval
Allow users to approve web logins from their mobile device
Enterprise-Grade Security
Revolutionary security with consumer-grade simplicity
Architecture
Quick Start
1
Installation
2
Initialize SDK
3
Implement Smart Connect authentication:
Core Features
Smart Connect Authentication
Smart Connect Authentication
The revolutionary V4 SDK featuring Hawcx Smart Connect provides intelligent one-click authentication that automatically handles everything:What Smart Connect Does Automatically:
- Intelligent User Recognition: Automatically detects if user is new or existing
- Contextual Device Awareness: Knows if device is registered or new
- Seamless Flow Management: Guides new users through verification, gives existing users instant access
- Unified Experience: Single entry point - no more “Sign Up” vs “Sign In” confusion
- Secure OTP Delivery: Sends verification codes only when needed
- Advanced Cryptography: Manages all security operations transparently
- Secure Token Storage: Stores credentials safely in Android Keystore
- Complete Authentication Intelligence: Handles the entire flow behind one smart button
authenticateV4(userid: String, callback: AuthV4Callback)
- Initiates Smart Connect flowsubmitOtpV4(otp: String)
- Submits OTP for verification when neededcancelV4Auth()
- Cancels ongoing authentication
onOtpRequired()
- Called when new user/device verification is neededonAuthSuccess(accessToken: String?, refreshToken: String?, isLoginFlow: Boolean)
- Called on successful authenticationonError(errorCode: AuthV4ErrorCode, errorMessage: String)
- Called when errors occur
Web Login Approval
Web Login Approval
Web login enables cross-platform authentication where users can log into your web application using their mobile device with Smart Connect intelligence.Use Case:
- Your application has both web and mobile versions using Hawcx Smart Connect SDK
- User visits your web app and initiates login
- Web app displays a QR code (generated using Hawcx Web SDK with Smart Connect)
- User scans QR code with mobile app
- Mobile app shows login session details (browser, location, IP)
- User approves the login from mobile
- Web app automatically logs the user in with Smart Connect
- Validates PIN with backend
- Retrieves and stores session details (browser, location, IP)
- Manages web token for approval
- Sends approval to complete web login
webLogin(pin: String, callback: WebLoginCallback)
- Validates PIN from QR codewebApprove(token: String, callback: WebLoginCallback)
- Approves web login session
onSuccess()
- Called when operation succeedsonError(webLoginErrorCode: WebLoginError, errorMessage: String)
- Called on error
- Saves
web_token
to SharedPreferences after successful PIN validation - Saves
sessionDetails
with browser/location info to SharedPreferences
Biometric Authentication
Biometric Authentication
The SDK works seamlessly with Android biometric authentication and Smart Connect. You implement biometric prompt and verification, then call the SDK’s Smart Connect authentication method:What You Implement:
- Biometric prompt using BiometricPrompt API
- Biometric availability checks
- Biometric preference storage
getLastLoggedInUsername()
to retrieve the last authenticated user (suspend function)- Smart Connect
authenticateV4()
for intelligent passwordless login after biometric success - Automatic handling of known device login (no OTP required)
- Check biometric availability using
BiometricManager
- Show BiometricPrompt
- On success, call SDK’s Smart Connect
authenticateV4()
method
Device Session Management
Device Session Management
What the SDK Manages:
Purpose: Standard logout functionality
What it does:
Purpose: Complete device removal
What it does:
Purpose: UI convenience for Smart Connect screen
What it returns:
Purpose: Clear the UI pre-fill record
What it does:
- JWT tokens (access & refresh) in Android Keystore
- Device registration keys in Android Keystore
- Last logged-in user identifier
- Secure cleanup of credentials
suspend fun clearSessionTokens(userid: String): Boolean
Purpose: Standard logout functionalityWhat it does:
- Removes JWT access and refresh tokens from Keystore
- Preserves device registration (Er1r2 and persistent device token)
- User can log back in without OTP verification
- Device remains trusted
- Standard “Log Out” button functionality
- Switching between accounts on same device
- Temporary sign out
suspend fun clearUserKeychainData(userid: String): Boolean
⚠️
Purpose: Complete device removalWhat it does:
- Removes ALL user data from Keystore:
- JWT tokens (access & refresh)
- Device registration keys (Er1r2)
- Persistent device token
- All cryptographic material
- User will need OTP to use this device again
- Device is no longer trusted
- “Remove this device” functionality
- Security breach response
- Before selling/giving away device
- Complete account removal
suspend fun getLastLoggedInUsername(): String
Purpose: UI convenience for Smart Connect screenWhat it returns:
- Email/identifier of last successfully authenticated user
- Empty string if no user has logged in
- Pre-filling email field on Smart Connect screen
- Enabling biometric login for returning users
- Showing “Welcome back, [email]” messages
suspend fun clearLastLoggedInUser(): Boolean
Purpose: Clear the UI pre-fill recordWhat it does:
- Only removes the “last user” marker
- Does NOT affect authentication state
- Does NOT remove any tokens or keys
- Next app launch won’t pre-fill email
- “Switch Account” functionality
- Privacy mode where email shouldn’t be shown
- App reset (keeping users logged in)
Understanding the Difference
Action | Method to Use | User Experience | OTP Required? |
---|---|---|---|
Log Out | clearSessionTokens() | Must use Smart Connect again | ❌ No |
Remove Device | clearUserKeychainData() | Device registration lost | ✅ Yes |
Hide Email Pre-fill | clearLastLoggedInUser() | No change to auth | N/A |
Check Last User | getLastLoggedInUsername() | Shows last email | N/A |
Error Handling
Error Handling
The SDK provides detailed error codes through the callback. Here’s how to handle them:SDK Provides:
AuthV4ErrorCode
enum with specific error cases- Human-readable error messages
- Error details in callback
- Error UI (alerts, snackbars, toasts)
- Retry logic
- Navigation based on error type
Troubleshooting
Smart Connect Authentication Fails with Network Error
Smart Connect Authentication Fails with Network Error
Symptoms:
NETWORK_ERROR
returned in callback- Smart Connect doesn’t proceed
- Check internet connectivity
- Verify API key is correct
- Ensure no firewall/proxy blocking
- Add network permission to manifest:
- Implement retry logic with exponential backoff:
OTP Verification Fails
OTP Verification Fails
Symptoms:
OTP_VERIFICATION_FAILED
error- User cannot proceed past OTP screen
- Ensure OTP is exactly 6 digits
- Check if OTP expired (5 minute validity)
- Enable auto-fill for better UX:
Biometric Authentication Issues
Biometric Authentication Issues
Symptoms:
- Biometric prompt doesn’t appear
- Authentication fails immediately
- Add to AndroidManifest.xml:
- Check biometric availability:
- Handle specific biometric errors:
Keystore Access Issues
Keystore Access Issues
Symptoms:
KEYCHAIN_SAVE_FAILED
errors- Login state not persisted
- Ensure device has secure lock screen:
- Handle Keystore exceptions:
Error Codes
Error Code | Description |
---|---|
FINGERPRINT_ERROR | Failed to generate device fingerprint |
KEYCHAIN_SAVE_FAILED | Failed to save data to Android Keystore |
CLIENT_CRYPTO_ERROR | Cryptographic operation failed on device |
AUTH_INIT_FAILED | Authentication initialization failed |
OTP_VERIFICATION_FAILED | Invalid or expired OTP |
DEVICE_VERIFICATION_FAILED | Device registration verification failed |
CIPHER_VERIFICATION_FAILED | Login cipher verification failed |
NETWORK_ERROR | Network connectivity issue or request timeout |
INTERNAL_STATE_ERROR | SDK internal state corruption |
MISSING_DEVICE_TOKEN_SESSION | Session token missing during flow |
UNKNOWN_ERROR | Unexpected error occurred |