Configure Project
When configuring your Android project for passkeys or deep linking, there are two key components you need to set up
Keystore
A digital certificate that securely stores your app’s signing keys. Every Android app must be signed with a keystore to run on real devices.
SHA-256 Fingerprint
A unique identifier derived from your keystore. This fingerprint, combined with your app’s package name, enables Android to verify your app’s authenticity through Digital Asset Links (assetlinks.json
).
Handling the keystore
In Android development, every app is digitally signed using a keystore. Each keystore generates a unique fingerprint, essential for securely associating your app with a domain through asset links.
In our example project, we provided a shared keystore specifically for debugging purposes. This shared debug keystore was defined explicitly in the project’s android/app/build.gradle
file, ensuring all developers using the example project share a common fingerprint.
This approach simplifies collaboration because:
- Everyone uses the same fingerprint.
- We avoid adding multiple developer-specific fingerprints to the
assetlinks.json
.
For your own project, you have two practical options, which we will explain in the following sections.
Each developer typically has their own default debug keystore (generated automatically by Android Studio).
- Pros: No extra setup; simplest option.
- Cons: Requires adding each developer’s fingerprint to the
assetlinks.json
.
How:
By default, your android app uses your debug key generated by Android Studio when you first run the project to sign your debug app. However if you’re using our example as your basis, simply remove the override in your project’s android/app/build.gradle
file:
Get the debug fingerprint:
Open Android Studio
As the key is generated when you first open your app on run/debug your app through Android Studio, you will need to:
- Open the
android
folder in Android Studio - Run your app directly through Android Studio
Get the Debug Keystore Fingerprint
Once Gradle is done syncing, open your terminal and execute the appropriate command for your operating system:
Enter Password
When prompted for a password, use the default Android debug keystore password: android
Find Your SHA256 Key
The output will include your SHA256 key in this format:
Each developer typically has their own default debug keystore (generated automatically by Android Studio).
- Pros: No extra setup; simplest option.
- Cons: Requires adding each developer’s fingerprint to the
assetlinks.json
.
How:
By default, your android app uses your debug key generated by Android Studio when you first run the project to sign your debug app. However if you’re using our example as your basis, simply remove the override in your project’s android/app/build.gradle
file:
Get the debug fingerprint:
Open Android Studio
As the key is generated when you first open your app on run/debug your app through Android Studio, you will need to:
- Open the
android
folder in Android Studio - Run your app directly through Android Studio
Get the Debug Keystore Fingerprint
Once Gradle is done syncing, open your terminal and execute the appropriate command for your operating system:
Enter Password
When prompted for a password, use the default Android debug keystore password: android
Find Your SHA256 Key
The output will include your SHA256 key in this format:
Generate a dedicated keystore, which can be shared securely among developers.
- Pros: One shared fingerprint; easy team management.
- Cons: Requires initial setup and secure sharing among developers.
How
Generate Keystore
Generate a keystore via the terminal using the following command:
Set Password
When prompted, add a password for your keystore. Make sure to save this password securely as you’ll need it to access the keystore later.
Update build.gradle
Update your android/app/build.gradle
file to reference the new keystore by adding the following configuration inside the android block:
Get the generated fingerprint:
Execute keytool command
Open your terminal and execute the following command:
Enter keystore password
When prompted, enter the password you set when generating the keystore.
Find SHA256 fingerprint
In the output, locate your SHA256 fingerprint which will look like this:
Set package name and fingerprint
As explained in Android: Overview
, the Digital Asset Links (DAL) file is essential for using passkeys in your Flutter app. To include your package name and fingerprint in the DAL file, you need to provide them here:
- On the developer panel, Go to
Settings → Native apps
- Click on
Add new
. - Insert your
Package Name
and theSHA-256 Fingerprint
from earlier.Make sure to use the exact package name from your Android app’s build.gradle file and the SHA-256 fingerprint you obtained from the keytool command. - Submit the new Android App
You can view your changes live through the Digital Asset Links file link found in
Settings → Native apps
You can open the Digital Asset Links (DAL) file hosted by Corbado to verify your settings. Make sure to save your settings first:
https://<Your RPID>/.well-known/assetlinks.json