-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[expo-local-authentication] Add method to know enrolled security level of device #11780
[expo-local-authentication] Add method to know enrolled security level of device #11780
Conversation
975720a
to
343d102
Compare
// But there is no equivalent APIs prior to M. | ||
// Newer version (>= 1.1.0-alpha01) of `androidx.biometric` library has an introduced | ||
// `BiometricManager#canAuthenticate(int)` which will be an alternative of `KeyguardManager#isDeviceSecure()`, | ||
// it is not a stable release version yet though. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stable version of androidx.biometric
is out today (version 1.1.0), so it might be a first option.
https://developer.android.com/jetpack/androidx/releases/biometric
It deprecates some methods used in expo-local-authentication
though. (e.g. BiometricManager#canAuthenticate() and BiometricPrompt.PromptInfo.Builder#setDeviceCredentialAllowed(boolean)
I can update and replace some deprecated function usage if that's OK to members of expo :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be nice ;)
What do you think? cc @byCedric
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lukmccall @byCedric
Updated androidx.biometric library at 37ad0c9...67ba846
At first, I thought I could call BiometricManager#canAuthenticate(int)
with BiometricManager.Authenticators#DEVICE_CREDENTIAL
alone.
But it turned out that DEVICE_CREDENTIAL
alone was not supported prior to API 30.
So we need to use KeyguardManager#isKeyguardSecure() still.
Note that not all combinations of authenticator types are supported prior to Android 11 (API 30). Specifically, DEVICE_CREDENTIAL alone is unsupported prior to API 30
https://developer.android.com/reference/androidx/biometric/BiometricManager#canAuthenticate(int)
btw I can split PR into API addition and library update, if you want to :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It isn't a big PR so you don't have to split it ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is awesome 🚀🚀🚀
Thanks for your contribution 🥇
We are not supporting `getHardwareLevelAsync` on iOS, for there is no available API to know if a device has any specific sensor but only if authentication with biometric sensor is enrolled or not.
…edentialAllowed with #setAllowedAuthenticators
…cate() with #canAuthenticate(Int)
343d102
to
67ba846
Compare
@lukmccall @byCedric |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more thing and it'll good to go 😉
Could you update the documentation page?
Ohh I almost forgot about the changelog 😅 |
Thanks @lukmccall ! |
Co-authored-by: Łukasz Kosmaty <kosmatylukasz@gmail.com>
…thentication.md Co-authored-by: Łukasz Kosmaty <kosmatylukasz@gmail.com>
Why
Some apps wants to know local authentication security level on a device.
Providing this information may be helpful for those
How
API design
I basically followed to @LinusU's API proposal at #7032 (comment).
getEnrolledLevelAsync
returns enum representing security levelNONE
,SECRET
andBIOMETRIC
, which seems very reasonsable.Big up to @LinusU 🎉
iOS
I used
LAPolicyDeviceOwnerAuthentication
to know if any authentication is available. AndLAPolicyDeviceOwnerAuthenticationWithBiometrics
for biometrics.Android
for SDK_VERSION >= M
KeyguardDeviceManager#isDeviceSecure()
, which is the very method recommended in BiometricPrompt documentation.BiometricManager#canAuthenticate()
. It is same on prior to M.for SDK_VERSION < M
Sadly,
KeyguardDeviceManager#isDeviceSecure()
is not supported on devices prior to Android M. The most similar API I found wasisKeyguardSecure()
, but it counts in SIM lock state, which is not very ideal. Because SIM lock is not whereBiometricPrompt
authentication falls back to.Newer version (>= 1.1.0-alpha01) ofandroidx.biometric
library has an introducedBiometricManager#canAuthenticate(int)
, which may be an option, but it is not a stable release version yet.[update: 21/02/02]
Stable version of androidx.biometric v1.1.0 came out, but calling
BiometricManager#canAuthenticate
withBiometricManager.Authenticators.DEVICE_CREDENTIAL
alone is not supported prior to API 30.So we still need to use
KeyguardManager#isKeyguardSecure()
on devices prior to M.Test Plan
I though I could use app/sandbox for testing, but I could not make it run. So I tested it on my own bare app and applied patch to it. Here is some screenshots of the result.
Here is the code I used on testing