When an application performs device unlock with invalid credentials, the Android Keystore system failure will cause this application to crash with the following system error:

Fatal Exception: java.lang.Error: java.security.InvalidKeyException: Keystore operation failed

• Okta Identity Engine (OIE)
• Okta Mobile Kotlin SDK
• Android OS

The issue occurs when device credentials, such as biometric or screen unlock data, are modified. This modification invalidates existing keys system-wide for any key that requires biometric or screen unlock authentication.

To resolve the issue, modify the Android application code to perform the following steps:

1. Catch the specific InvalidKeyException thrown by the system.
2. Set Credential.default = null to clear the default credential. NOTE: The invalid credentials are already removed by the OS when the unlock data was modified.
3. Re-authenticate: Prompt the user to sign in again. Because the keys are invalidated, the app will need to ask the user to sign in again to establish a new session and generate valid keys.

Related References

• Okta Mobile Kotlin SDK GitHub Repository