fix(liveness): Added Rekognition backend for Android app and updated README (#59)

Co-authored-by: Zuhayr Raghib <[email protected]>
Co-authored-by: Matt Creaser <[email protected]>

Author: 3 people

samples/backend-lambda-functions/createSession/index.js

@@ -0,0 +1,23 @@
+import {
+  RekognitionClient,
+  CreateFaceLivenessSessionCommand,
+} from '@aws-sdk/client-rekognition';
+
+/**
+ * @type {import('@types/aws-lambda').APIGatewayProxyHandler}
+ */
+
+export const handler = async (event, req) => {
+  const client = new RekognitionClient({ region: 'us-east-1' });
+  const command = new CreateFaceLivenessSessionCommand({});
+  const response = await client.send(command);
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Headers': '*',
+    },
+    body: JSON.stringify({ sessionId: response.SessionId }),
+  };
+};

samples/backend-lambda-functions/createSession/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "create",
+  "version": "2.0.0",
+  "main": "index.js",
+  "license": "Apache-2.0",
+  "type": "module",
+  "dependencies": {
+    "@aws-sdk/client-rekognition": "latest"
+  },
+  "devDependencies": {
+    "@types/aws-lambda": "^8.10.92"
+  }
+}

samples/backend-lambda-functions/getResults/index.js

@@ -0,0 +1,35 @@
+import {
+  RekognitionClient,
+  GetFaceLivenessSessionResultsCommand,
+} from '@aws-sdk/client-rekognition';
+
+/**
+ * @type {import('@types/aws-lambda').APIGatewayProxyHandler}
+ */
+
+export const handler = async (event, req) => {
+  console.log({ req });
+  console.log({ event });
+  const client = new RekognitionClient({ region: 'us-east-1' });
+  const command = new GetFaceLivenessSessionResultsCommand({
+    SessionId: event.pathParameters.sessionId,
+  });
+  const response = await client.send(command);
+
+  const isLive = response.Confidence > 90;
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Access-Control-Allow-Origin': '*',
+      'Access-Control-Allow-Headers': '*',
+    },
+    body: JSON.stringify({
+      isLive,
+      confidenceScore: response.Confidence,
+      auditImageBytes: Buffer.from(
+                           new Uint8Array(Object.values(response.ReferenceImage.Bytes))
+                         ).toString('base64'),
+    }),
+  };
+};

samples/backend-lambda-functions/getResults/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "getresults",
+  "version": "2.0.0",
+  "main": "index.js",
+  "license": "Apache-2.0",
+  "type": "module",
+  "dependencies": {
+    "@aws-sdk/client-rekognition": "latest"
+  },
+  "devDependencies": {
+    "@types/aws-lambda": "^8.10.92"
+  }
+}

samples/liveness/README.md

@@ -26,15 +26,15 @@ amplify init
 Provide the responses shown after each of the following prompts.
 ```
 ? Enter a name for the environment
-`dev`
+    `dev`
 ? Choose your default editor:
-`Android Studio`
+    `Android Studio`
 ? Where is your Res directory:
-`app/src/main/res`
+    `app/src/main/res`
 ? Select the authentication method you want to use:
-`AWS profile`
+    `AWS profile`
 ? Please choose the profile you want to use
-`default`
+    `default`
 ```
 Wait until provisioning is finished. Upon successfully running `amplify init`, you will see a configuration file created in `./app/src/main/res/raw/` called `amplifyconfiguration.json`. This file will be bundled into your application so that the Amplify libraries know how to reach your provisioned backend resources at runtime.
 
@@ -65,12 +65,11 @@ Provide the responses shown after each of the following prompts.
 ? Select the social providers you want to configure for your user pool: 
     `<hit enter>`
 ```
-4. Update the `AndroidManifest.xml` file in your project according to the steps [here](https://docs.amplify.aws/lib/auth/signin_web_ui/q/platform/android/#update-androidmanifestxml).
-5. Once finished, run `amplify push` to publish your changes.
+4. Once finished, run `amplify push` to publish your changes.
    Upon completion, `amplifyconfiguration.json` should be updated to reference these provisioned backend resources.
-6. Follow the steps below to create an inline policy to enable authenticated app users to access Rekognition, which powers the FaceLivenessDetector.
+5. Follow the steps below to create an inline policy to enable authenticated app users to access Rekognition, which powers the FaceLivenessDetector.
    1. Go to AWS IAM console, then Roles
-   2. Select the newly created `unauthRole` for the project (`amplify-<project_name>-<env_name>-<id>-authRole`).
+   2. Select the newly created `authRole` for the project (`amplify-<project_name>-<env_name>-<id>-authRole`).
    3. Choose **Add Permissions**, then select **Create Inline Policy**, then choose **JSON** and paste the following:
 
     ```
@@ -90,8 +89,117 @@ Provide the responses shown after each of the following prompts.
    5. Name the policy
    6. Choose **Create Policy**
 
-7. Set up a backend to create the liveness session and retrieve the liveness session results. The liveness sample app is set up to use API Gateway endpoints for creating and retrieving the liveness session. Follow the [Amazon Rekognition Liveness guide](https://docs.aws.amazon.com/rekognition/latest/dg/face-liveness-programming-api.html) to set up your backend and edit the [LivenessSampleBackend class](https://github.com/aws-amplify/amplify-ui-android/blob/main/samples/liveness/app/src/main/java/com/amplifyframework/ui/sample/liveness/LivenessSampleBackend.kt) in your project as necessary to work with your backend.
+### Provision Backend API
+Set up a backend API using [Amplify API category](https://docs.amplify.aws/lib/restapi/getting-started/q/platform/android/) to create the liveness session and retrieve the liveness session results. The liveness sample app is set up to use API Gateway endpoints for creating and retrieving the liveness session. 
 
+1. Run the following command to create a new REST API:
+```
+amplify add api
+```
+Provide the responses shown after each of the following prompts.
+```
+? Please select from one of the below mentioned services
+    `REST`
+? Would you like to add a new path to an existing REST API:
+    `N`
+? Provide a friendly name for your resource to be used as a label for this category in the project: 
+    `livenessBackendAPI`
+? Provide a path (e.g., /book/{isbn}): 
+    `/liveness/create`
+? Choose a Lambda source
+    `Create a new Lambda function`
+?  Provide an AWS Lambda function name:
+    `createSession`
+? Choose the runtime that you want to use: 
+    `NodeJS`
+? Choose the function template that you want to use: 
+    `Serverless ExpressJS function (Integration with API Gateway)`
+? Do you want to configure advanced settings? 
+    `N`
+? Do you want to edit the local lambda function now? 
+    `Y`
+? Restrict API access?
+    `Y`
+? Who should have access? 
+    `N`
+? Do you want to configure advanced settings? 
+    `Authenticated users only`
+? What permissions do you want to grant to Authenticated users? 
+    `create,read,update`
+? Do you want to add another path?  
+    `Y`
+? Provide a path (e.g., /book/{isbn}): 
+    `/liveness/{sessionId}`
+? Choose a Lambda source
+    `Create a new Lambda function`
+?  Provide an AWS Lambda function name:
+    `getResults`
+? Choose the runtime that you want to use: 
+    `NodeJS`
+? Choose the function template that you want to use: 
+    `Serverless ExpressJS function (Integration with API Gateway)`
+? Do you want to configure advanced settings? 
+    `N`
+? Do you want to edit the local lambda function now? 
+    `Y`
+? Restrict API access?
+    `Y`
+? Who should have access? 
+    `Authenticated users only`
+? What permissions do you want to grant to Authenticated users? 
+    `create,read,update`
+? Do you want to add another path?  
+    `N`
+```
+2. Copy the code for from amplify-ui-android/samples/backend-lambda-functions to the path provided
+3. Once finished, run `amplify push` to publish your changes. 
+4. Follow the steps below to create an inline policy to enable the **createSession** lambda function to access Rekognition.
+   1. Go to AWS Lambda console -> **CreateSession**  -> Configuration -> Permissions
+   2. Click the role name under 'Execution role'
+   3. Choose **Add Permissions**, then select **Create Inline Policy**, then choose **JSON** and paste the following:
+
+    ```
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": "rekognition:CreateFaceLivenessSession",
+                "Resource": "*"
+            }
+        ]
+    }
+    ```
+   4. Choose **Review Policy**
+   5. Name the policy
+   6. Choose **Create Policy**
+5. Follow the steps below to create an inline policy to enable the **getResults** lambda function to access Rekognition.
+   1. Go to AWS Lambda console -> **getResults**  -> Configuration -> Permissions
+   2. Click the role name under 'Execution role'
+   3. Choose **Add Permissions**, then select **Create Inline Policy**, then choose **JSON** and paste the following:
+
+    ```
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": "rekognition:GetFaceLivenessSessionResults",
+                "Resource": "*"
+            }
+        ]
+    }   
+    ```
+   4. Choose **Review Policy**
+   5. Name the policy
+   6. Choose **Create Policy**
 ### Run the App
 
-Build and run the project on an Android device in Android Studio. The project requires Android SDK API level 24 (Android 7.0) or higher.
+Delete the generated API files app/src/main/java/[YOUR_API_NAME]
+
+You may need to go to File -> Sync Project with Gradle Files if you get an error "SDK location not found".
+
+Build and run the project on an Android device in Android Studio. 
+
+
+The project requires Android SDK API level 24 (Android 7.0) or higher.