search

authpass / biometric_storage

Flutter plugin to store data behind biometric authentication (ie. fingerprint)
https://pub.dev/packages/biometric_storage
MIT License
171 stars 101 forks source link

Fixed native versions + Null safety #20

Closed radvansky-tomas closed 2 years ago

radvansky-tomas commented 3 years ago

My changes with latest null-safety branch

radvansky-tomas commented 3 years ago

Thank you for comments, will check it tonight. With regards to keychain sharing, that was somewhere mentioned that is required...but will recheck it on physical device.

radvansky-tomas commented 3 years ago

So update, I spent hours yesterday trying to make this work...

However something had change since last time I played with it. To give more overview you can read through this https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id#see-also

Basically to use touchIDAuthenticationAllowableReuseDuration we have to reuse LAContext which I've done. However since last version, behaviour has changed completely.

Before, without reused LAContext, Face/TouchID has been used for every access of keychain, no matter of grace period set. With my reusing of LAContext it worked as expect, but now - it asks for Face/TouchID ONCE ONLY, and then any sub-sequential request is allowed. (like infinite touchIDAuthenticationAllowableReuseDuration period)

I already filed report to apple, as same behaviour can be replicated using their example project on native app. I would like to kindly ask anyone who can to try that example project and let me know if they have similar experience...you can use their app how it is...and then even try to reuse LAContext (by placing in on top and then add this line to queries):

kSecUseAuthenticationContext as String: context,

Anyhow, till this is resolved I am suggested NOT TO MERGE it.

If this is expected behaviour and I will get confirmation from APPLE that this is new and better way :D then I will implement timer and invalidate context in selected time period (which is really stupid)

amelmusic commented 3 years ago

Any news regarding this?

MatthewLM commented 3 years ago

I'd be appreciative of the authenticationValidityDurationSeconds enhancement (e370c71).

MatteoGheza commented 2 years ago

Any update on this?

radvansky-tomas commented 2 years ago

@MatteoGheza I will revisit this again probably this weekend and see if new iOS updates fixed anything, or if there is more official documentation about usage of it. If not I will probably contact apple directly, as it bit weird how it was working last time

hpoul commented 2 years ago

i'm going to close this PR, because it's probably un-mergeable at this point due to a lot of changes. If anyone is in interested in the authenticationValidityDurationSeconds implementation, please create a new PR with only that change. thanks!