epicshaggy / capacitor-native-biometric Goto Github PK

Device is updated to iOS 14. Normally when face id not detected, passcode should prompts. But popup shows with Try again and there is no option to control those using plugin. Is there any other way to handle this scenario and hope this plugin supports latest iOS version. Thanks

Android USE_BIOMETRIC Not getting set on device or asking user. In settings you can see after the install the use_biometric is missing therefore tells me it was never pickedup.

when checking for availability it's false but show shows type as 4 / face

Cap 3.2.5
Android v11, v10

I am testing Biometrics using this plugin. My device is supporting face authentication but always it returns fingerprint. I enrolled with face still it returns fingerprint .
private int getAvailableFeature() {
if (getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)) {
return FINGERPRINT;
} else if (getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_FACE)) {
return FACE_AUTHENTICATION;
} else if (getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_IRIS)) {
return IRIS_AUTHENTICATION;

    } else {
        return NONE;
    }
}

the above method executes and my device supports fingerprint and face.Even though i enrolled with face it will give result as fingerprint only.

Expected Behaviour:::

the getAvailableFeature feature should returns which biometric the device is enrolled..

Hi,

so I've been successfully using this plugin for some time now, and all of a sudden, I can no longer setCredentials(). It throws this error:
CapacitorNativeBiometric.NativeBiometric.KeychainError error 0

Any idea what's going on? The code in the app is unchanged since it was working. Must be something else.
And is working fine in Android.

Here's my env:

`Ionic:

Ionic CLI : 6.20.1 (/opt/homebrew/lib/node_modules/@ionic/cli)
Ionic Framework : @ionic/angular 6.1.7
@angular-devkit/build-angular : 12.1.4
@angular-devkit/schematics : 12.1.4
@angular/cli : 12.1.4
@ionic/angular-toolkit : 4.0.0

Capacitor:

Capacitor CLI : 3.6.0
@capacitor/android : 3.6.0
@capacitor/core : 3.6.0
@capacitor/ios : 3.6.0

Utility:

cordova-res : 0.15.4
native-run : 1.6.0

System:

NodeJS : v14.20.0 (/opt/homebrew/Cellar/node@14/14.20.0/bin/node)
npm : 6.14.17
OS : macOS Monterey`

Hi again!

Please see:
https://capacitorjs.com/docs/updating/3-0 which references https://github.com/ionic-team/capacitor/pull/3427/files#diff-b22b3d0cbb7d8f6fdfe1f6f1d9e84b7d

"lib": ["dom", "es2015"] needs to be changed to "lib": ["dom"] and "target": "es5" to "target": "es2017"

Hello. Are you going to integrate plugin to Capacitor v3?

importing Plugins is deprecated in third version of Capacitor

Hi,

We are using this plugin in our client's Ionic/Capacitor 3 app to trigger biometric validation. Everything is working fine. I have one question tho.
Our client wants to switch to app internal pincode after unsuccessful biometric scan. Currently we see native option to unlock with phone's passcode.
Is there a way either to disable this button or when scan returns an error, to just close the scan alltogether as scan is triggered on app pincode page so client would automatically be able to enter app pin?

Hi @epicshaggy

First of all thanks a lot for this great plugin.

I am wondering if there is any chance to save more than one credential pair on Android. The current behaviour is that any new saved credentials will overwrite existing ones. As per the code username and password are stored on Android's keystore using the fix key "username" and "password". Can this be changed to use a composite key e.g. KEY_ALIAS+".username" and KEY_ALIAS+".password" ?

See NativeBiometric.java, Line 137-139:
SharedPreferences.Editor editor = getContext().getSharedPreferences(NATIVE_BIOMETRIC_SHARED_PREFERENCES, Context.MODE_PRIVATE).edit();
editor.putString("username", encryptString(username, KEY_ALIAS));
editor.putString("password", encryptString(password, KEY_ALIAS));

On iOS it works perfectly fine and more than one credential pair can be saved.

Thanks and best regards,
Steffen

I am able to verify my fingerprints and my face, but how do i get a token that i can use to uniquely identify my fingerprints against a database of tokens ? So that i can identify who actually wants to login. Thanks

Hi,

first of all thanks for this plugin!! We`re using it successfully as a user login and don't have any problems with that.

But we got bold... and started implementing a biometric check when the user reopens the app after switching to another one or just putting it in the background. On different Android Versions we saw an issue with the fingerprint check.
If we can't verifiy the user via biometric we`re calling the verification again and again....

• trying to authenticate with a not registered finger print
• then we`re in a catch because we could not verify
• so we call verify again (like 5-7 times with the wrong finger and the same outcome)
• after that the OS tells the user that it can`t verify via fingerprint, closes the verification dialog and returns undefined
• well just call verify again 😅
• then we have like 20 seconds a nice calm frozen app, in the background the console.log gets spammed
  err: { message: "Verification error", code: "0" }
• but then, tadaa a new verification dialog comes back, but that one does not accept the correct biometric login, it just returns undefined

I hope that describes our issue, if not I would gladly provide a small repo to test this :)

edit:
found the interesting part of the code:

thanks
marc

Plugin works good, but in android studio doesn't work with android api 30, console write deprecations. Issue is only when i try to confirm biometric, fingerprint for example, plugin always return error with message -> "operation cancelled", in the same case unblock device with fingerprint works, please update plugin)))

Hi. I was trying to load up my ionic project on stackblitz. My project uses this library as dependency. It was giving me an issue.

So, to troubleshoot, I made an angular-ionic project and loaded capacitor-native-biometric as a dependency. However, it is giving the same error. I am unable to understand if the error is from this library or from stackblitz. I also made sure that capacitor/core@3 is imported on it. But the result is the same.

Kindly check the below stackblitz link for more details.
https://stackblitz.com/edit/ionic-5-angular-10-start-template-19wwkv?file=src%2Fapp%2Fapp.component.ts

NativeBiometric not implements exported functions.
I'm using the latest version of capacitor-native-biometric;
Running on iPhone 12 mini.

Here is my code:

import` {NativeBiometric, AvailableResult} from 'capacitor-native-biometric';

export class PinComponent implements OnInit {
    constructor(
    ) {
      NativeBiometric.isAvailable().then((res: AvailableResult) => console.log(res)})
    }
}

console.log(NativeBiometric) returns:

[Log] NativeBiometricWeb {config: {name: "NativeBiometric", platforms: ["web"]}, loaded: false, listeners: {}, windowListeners: {}, addWindowListener: function, …} (vendor.js, line 16937)

The same stuff on android...

What could be the problem?

iOS
Set username/password using server key, then try to save another username/password using the same server key.
Now if you call getCredentials, you would get the previous username/password.

Android
Works as expected

It would be useful to have the ability to set a custom label for "Cancel" button.

Thanks

The "Usage" part of the readme is not very clear. The import statement can not correct as there is a typo in it and I do not find an interface with that name either. The only possible import I find is NativeBiometricPlugin

Yet as soon as I add the following:

import {NativeBiometricPlugin} from 'capacitor-native-biometric';

constructor(private biometrics: NativeBiometricPlugin) {}

The app crashes as soon as I enter the page.

I am using Ionic 5 and Capacitor 3. I ran the following command to get started
npm i capacitor-native-biometric --save
and I added the "NSFaceIDUsageDescription" to the Info.plist

Does anyone know what I did wrong?

I am facing a weird issue, the verifyIdentity does not work the first time after opening the application, no logs, no success or failure message. The second time onwards, it works and keeps working every single time without any problems.
Requesting any possible help on this please!
package.json

Ionic:

   Ionic CLI                     : 6.16.3 (C:\Users\chitk\AppData\Roaming\npm\node_modules\@ionic\cli)
   Ionic Framework               : @ionic/angular 5.8.1
   @angular-devkit/build-angular : 0.1002.3
   @angular-devkit/schematics    : 10.0.8
   @angular/cli                  : 10.0.8
   @ionic/angular-toolkit        : 4.0.0

Capacitor:

   Capacitor CLI      : 3.2.0
   @capacitor/android : 3.2.3
   @capacitor/core    : 3.2.3
   @capacitor/ios     : 2.4.9

Cordova:

   Cordova CLI       : not installed
   Cordova Platforms : none
   Cordova Plugins   : not available

Utility:

   cordova-res : 0.15.3
   native-run  : 1.4.0

System:

   NodeJS : v14.16.1 (C:\Program Files\nodejs\node.exe)
   npm    : 6.14.12
   OS     : Windows 10

I keep getting this error when attempting to use this plugin.

I've registered a fingerprint on my emulator, added USE_BIOMETRIC to the manifest,

Running an angular 13 app, Pixel 5 emulator with API 30, and capacitor v3

Heres my code:

Ionic: 6.17.0
Capacitor: 3.2.5
XCode: 13.0

I'm running the Usage code and getting a keychain error. Anyone else experience this or have a workaround?

Xcode is spitting these errors:

To Native ->  NativeBiometric getCredentials 66251209
ERROR MESSAGE:  {"message":"The operation couldn’t be completed (CapacitorNativeBiometric.NativeBiometric.KeychainError error 1.)","errorMessage":"The operation couldn’t be completed. (CapacitorNativeBiometric.NativeBiometric.KeychainError error 1.)"}
[error] - {"message":"The operation couldn’t be completed. (CapacitorNativeBiometric.NativeBiometric.KeychainError error 1.)","errorMessage":"The operation couldn’t be completed. (CapacitorNativeBiometric.NativeBiometric.KeychainError error 1.)"}

After upgrading to Capacitor 4, when building an APK via AppFlow the build is failing with the following error:

ERROR:AAPT: error: resource style/AppTheme (aka com.epicshaggy.biometric.capacitornativebiometric:style/AppTheme) not found.

The APK will build fine within Android Studio, even though Android Studio is reporting Cannot Resolve Symbol 'AppTheme' for line 4 of styles.xml within the plugin.

Adding a parent attribute to that line resolves the Android Studio complaint, but I am not familiar enough with native Android to understand if that's the best/most correct fix, and if it will also resolve the build error.

Hi,

In your package.json you have the dependency "@capacitor/core": "latest". This is incorrectly applied in the 2.1.0 NPM release, instead of only in the 2.1.1-cap3.0, since the current latest is 3+ on capacitor/core.

This leads to multiple problems being the first one Type issues when compiling.

I would open a PR but since you're using Master for both releases I'm not sure how you want to go about it.

The correct version for 2.1.0 should be "@capacitor/core": "2.4.*".

Thanks in advance

Phone : galaxy S9
biometrics support : face auth, fingerprint, eye auth

registered biometrics : face auth

use : ionic capacitor (Angular)

biometry Type only shown 3

Hi!
I am wondering if your plugin is compatible with Capacitor v3+ ?
After I deployed my code to android, it seems like Android Studio doesn't see your imported package :
Here is what I have on the MainActivity.java

import android.os.Bundle;

import com.getcapacitor.BridgeActivity;
import com.getcapacitor.Plugin;

import java.util.ArrayList;
import com.epicshaggy.biometric.NativeBiometric;

public class MainActivity extends BridgeActivity {
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
+   registerPlugin(NativeBiometric.class);
  }
}

This fails as it does not recognise epicshaggy and therefore NativeBiometric

When using this plugin, this warning message appears in the browser console: Capacitor WebPlugin "NativeBiometric" config object was deprecated in v3 and will be removed in v4. This is because NativeBiometricWeb passes a config object to the WebPlugin constructor, which results in the mentioned error.

Hi Team,

The following code is what I used to build the app with Ionic and Capacitor, but I am unable to get credentials from the server. How do I specify the server name? When setting credentials, we set these values in keychain (iOS), but when I move the checked-in passwords, the saved credentials aren't visible.

code:

async ngOnInit() {
	NativeBiometric.isAvailable().then(
		async (result: AvailableResult) => {
			const isAvailable = result.isAvailable;
			alert('RESULT ' + JSON.stringify(result));
			const isFaceId = result.biometryType === BiometryType.FACE_ID;
			if (isAvailable) {
				// Get user's credentials
				await NativeBiometric.verifyIdentity({
					reason: 'For easy log in',
					title: 'Log in',
					subtitle: 'Maybe add subtitle here?',
					description: 'Maybe a description too?'
				}).then(
					async () => {
						// Authentication successful
						await NativeBiometric.getCredentials({
							server: 'www.server.com'
						}).then(
							(credentials: Credentials) => {
								alert('CREDENTIAL ' + JSON.stringify(credentials));
								this.email = credentials.username;
								this.password = credentials.password;
								this.submit();
							},
							(error) => {
								// Failed to authenticate
								console.log('$$$$$$$Failed to authenticate');
							}
						);
					},
					(error) => {
						// Failed to authenticate
						console.log('$$$$$$$Failed to getCredentials', error);
					}
				);
			}
		},
		(error) => {
			// Couldn't check availability
		}
	);
}

submit function:

submit() {
	if (Capacitor.getPlatform() === 'ios') {
		SavePassword.promptDialog({
			username: this.email,
			password: this.password
		});
	}
	this.authenticationError = false;
	this.loading = true;
	this.loader.show();
	this.passwordinfo = this.password;
	this.loginService.fetchAuthToken(this.email, this.password).subscribe(
		(tokens) => {
			NativeBiometric.setCredentials({
				username: this.email,
				password: this.password,
				server: 'www.server.com'
			}).then();
			console.log('$$c setCredentials ', this.email, this.password);

})

Please delete.

I want the modal to not be closed on authentication error but seems imposible.

Giving that Capacitor now officially supports Windows and biometrics are available on the web can we get this functionality implemented?

Ionic Windows: (Edge WebView 2 not electron) https://ionic.io/integrations/windows
Web Biometrics: https://w3c.github.io/webauthn/

I am down to contribute finically if that helps

Using "@capacitor/core": "^3.3.2" I can't install this library because it requires 3.0.0, is this a typo or is it intended?

Thanks in advance.

This capacitor plugin is missing an important security option which should allow to invalidate password when a new biometric is added or removed. This option is available in https://github.com/niklasmerz/cordova-plugin-fingerprint-aio#optional-parameters-2 with the name invalidateOnEnrollment.

in Plugin.swift -> verifyIdentity(), XCode throws an error:

removing the defaultValue label fixes the build:

It really really needs encryption to password to server it's purpose, here is good tutorial on how it should look like
https://dev.to/ranilch/securing-data-with-biometricprompt-35mo

IMHO, it's a must - to encrypt password on save, and we get credentials without biometric prompt, it should be encrypted password.
Then when we perform biometrics, it should provide decrypted password to app.

This way - this plugin will be complete.

This issue is arising in MainActivity.java android. I've run npm install and copy android commands.Invalidate caches and restart. Still getting the same error.

Just added [email protected] to my working projects and now builds are failing with this error:

/Users/alex/Projects/silo/node_modules/capacitor-native-biometric/ios/Plugin/Plugin.swift:2:8: Compiling for iOS 11.0, but module 'Capacitor' has a minimum deployment target of iOS 12.0: /Users/alex/Library/Developer/Xcode/DerivedData/App-gfkzyhtgfjiewlbkcionrnbtvhdf/Build/Products/Debug-iphonesimulator/Capacitor/Capacitor.framework/Modules/Capacitor.swiftmodule/x86_64-apple-ios-simulator.swiftmodule

I'm not using the plugin JS bridge yet, I've just installed and cap synced so far.

Hi,
I have a problem with FaceID. When I open the app and use FaceID first time, everything is correct. But when I request FaceID auth again, it is automatically evaluated as authenticated.

Hi, I believe there is no way to do this currently, so this is a feature request. We have a settings page in our app where we ask users whether they want to use biometrics or not. If they enable, we call verifyIdentity on app login. It would be good to ask for FaceId permission in settings rather than the login page when they actually attempt to use it for the first time. I believe this would improve the UX. Thanks in advance 🙏

Please add database check if anyone changed fingerprint on device. otherwise anyone can add new fingerprint and do login with different accounts

Hi,

We need to check the performance of the biometric solution based on the FAR and FRR. Is there any resource to find this? If so, kindly share.

Hi,

Everything working well, though when a user declines biometric access, will popup the device passcode, how can we know if a user declindes the biometric permissioin?
so we can handle this information and do not ask the user again for it!

Also if user declines and we try to verify the user with Biometrics it will always ask for the user passcode.

any advice will be helpful.

It'd be great to choose between the two possible evaluatePolicy options when calling verifyIdentity.

Right now, with verifyIdentity only using deviceOwnerAuthentication, it'd be great to have the option to use deviceOwnerAuthenticationWithBiometrics instead.

So in the verifyIdentity payload, an option key could be something like useFallback which if set to false, would evaluate only with Biometrics, but if left empty or set to true, it would also prompt the user to enter their passcode.

Having flexibility on this would a nice improvement, as this is not ideal in all user auth flows.

Is there a method to delete or reset and add a new fingerprint after it is being set?

Hi,

Sorry for the lack of details but I implemented this almost exactly like the example you provide and it works fine on Android (both touch id and face id) and on iOS up to version 13.x. However we have another device on iOS 14.4 and in there isAvailable() returns false. The same device uses Touch Id with other (native) apps so it seems to be specific for this plugin.

Do I need to be aware of special considerations for iOS 14.4?

Hey,

I've expected the biometricType to be 0 when the isAvailable returns false.

What exactly is isAvailable expressing then?

Hello,

I'd have a question regarding the security of the data stored in the device.

I noticed that the password is decrypted before you are prompted for the fingerprint. It means that the password is not safely secured, correct?

Is there any plan to encrypt the password with the biometric data in order not to be able to decrypt it without actually using your biometric data?

• "capacitor-native-biometric": "^4.1.3",

All the errors that are returned by the verifyIdentity inside the catch block, returns only a message property, example:

{
message: "Verification error: error"
}

The code property (tells the VerifyIdentityErrors) is missing. At least on Android, I haven't try it on iOS.

can i use this library for angular pwa