bug: User not authenticated on setCredentials (Android 14)

[juldrig]

Bug Report

Capacitor Version

 Capacitor Doctor  

Latest Dependencies:

  @capacitor/cli: 5.6.0
  @capacitor/core: 5.6.0
  @capacitor/android: 5.6.0
  @capacitor/ios: 5.6.0

Installed Dependencies:

  @capacitor/cli: 5.3.0
  @capacitor/core: 5.6.0
  @capacitor/android: 5.6.0
  @capacitor/ios: 5.6.0

[info] Using Gemfile: RubyGems bundle installed
[success] iOS looking great! 👌
[success] Android looking great! 👌

Plugin Version

   Capgo Doctor  

 OS: darwin Darwin Kernel Version 22.6.0: Wed Jul  5 22:22:52 PDT 2023; root:xnu-8796.141.3~6/RELEASE_ARM64_T8103

 Node: v20.8.1

 Installed Dependencies:

   @capgo/cli: 3.14.54
   @capgo/capacitor-native-biometric: 5.1.0

✓ Latest Dependencies:

   @capgo/cli: 3.14.54
   @capgo/capacitor-native-biometric: 5.1.0

✅ All dependencies are up to date

Platform(s)

• Android

Current Behavior

Error on call setCredentials on Android API 34 Error: Failed to save credentials

Expected Behavior

Save credential

Code Reproduction

call setCredentials using Android version 14

Other Technical Details

npm --version output: 10.1.0 node --version output: v20.8.1

pod --version output (iOS issues only):

Additional Context

Failed to save credentials
  android.security.keystore.UserNotAuthenticatedException: User not authenticated

Device: Samsung S23 One UI 6.0 Android version 14

[f1ght4fun]

Another issue with Android reported for me as well by 1 user (Pixel 6, Android 14). Credentials are not saved, so after closing/opening app - biometric authentication + retrieving credentials is failing.

Please advise

[big-zak]

Same here, not working for android 14

[geckozr]

We have encountered this issue in our application as well. I was able to reproduce the problem when, for some time, I didn't use biometrics, after which the application seems unable to save credentials anymore. I am investigating further, but it seems the issue resolves ~when biometrics are used in another app that supports it.~ forced to lock and unlock using biometrics.

We definitely have several users complaining about the problem.

 Capacitor/Plugin  E  Failed to save credentials
    android.security.keystore.UserNotAuthenticatedException: User not authenticated
        at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException(KeyStoreCryptoOperationUtils.java:126)
        at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:152)
        at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:354)
        at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:248)
        at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2981)
        at javax.crypto.Cipher.tryCombinations(Cipher.java:2892)
        at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2797)
        at javax.crypto.Cipher.chooseProvider(Cipher.java:774)
        at javax.crypto.Cipher.init(Cipher.java:1289)
        at javax.crypto.Cipher.init(Cipher.java:1224)
        at ee.forgr.biometric.NativeBiometric.encryptString(NativeBiometric.java:317)
        at ee.forgr.biometric.NativeBiometric.setCredentials(NativeBiometric.java:202)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:138)
        at com.getcapacitor.Bridge.lambda$callPluginMethod$0(Bridge.java:797)
        at com.getcapacitor.Bridge.$r8$lambda$ehFTi5f4HhVNFKTbCKAYDkpQYRA(Unknown Source:0)
        at com.getcapacitor.Bridge$$ExternalSyntheticLambda3.run(Unknown Source:8)
        at android.os.Handler.handleCallback(Handler.java:958)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loopOnce(Looper.java:257)
        at android.os.Looper.loop(Looper.java:368)
        at android.os.HandlerThread.run(HandlerThread.java:67)
 Capacitor   D  Sending plugin error: {"save":false,"callbackId":"85292839","pluginId":"NativeBiometric","methodName":"setCredentials","success":false,"error":{"message":"Failed to save credentials"}}

💊   Capacitor Doctor  💊 

Latest Dependencies:

  @capacitor/cli: 5.7.4
  @capacitor/core: 5.7.4
  @capacitor/android: 5.7.4
  @capacitor/ios: 5.7.4

Installed Dependencies:

  @capacitor/core: 5.7.0
  @capacitor/cli: 5.7.0
  @capacitor/android: 5.7.0
  @capacitor/ios: 5.7.0

[success] Android looking great! 👌
[error] Xcode is not installed

---

💊   Capgo Doctor  💊
OS: linux #28~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 15 10:51:06 UTC 2

Node: v18.17.0

Installed Dependencies:
  * @capgo/cli: 4.3.0
  * @capgo/capacitor-native-biometric: 5.1.0

✓   Latest Dependencies:
  * @capgo/cli: 4.3.0
  * @capgo/capacitor-native-biometric: 5.1.0

✅ All dependencies are up to date

[icebergtsn]

I also encountered this problem, and later found that it was a problem with the Google API. When I checked this line of code, it was executed correctly without any errors. After checking the Google documentation, I found that there was a bug in this method in Android 12 - Android 14, which has been fixed in Android 15.

https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUnlockedDeviceRequired(boolean)

[icebergtsn]

I also encountered this problem, and later found that it was a problem with the Google API. When I checked this line of code, it was executed correctly without any errors. After checking the Google documentation, I found that there was a bug in this method in Android 12 - Android 14, which has been fixed in Android 15.

https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUnlockedDeviceRequired(boolean)

I wrote a plugin temporarily. Android 12 to 14 versions stopped using this API. https://github.com/Above-Os/capacitor-native-biometric

[riderx]

Thanks @icebergtsn i back ported your changes: https://github.com/Cap-go/capacitor-native-biometric/commits/main/