Lock/unlock biometric authentication factor for a VC

[kneckinator]

Note: This concerns locking and unlocking biometric authentication factors on the MOSIP server side, so that biometric authentication cannot be used by any system.

This issue is not related to logging in to the app using biometrics.

It should be possible to lock the biometric authentication factor for a VC from the app.

There are four different authentication factors:

• bio (assumes lock/unlock of all biometric authentication factors – this is what we will have in the first deliverable)
• bio-FMR (Fingerprint Minutiae Record – ISO 19794-4)
• bio-IIR (Iris Image Record – ISO 19794-6)
• bio-FID (Face Image Data – ISO 19794-5)

Note: these authentication factors come from:

• https://docs.mosip.io/1.1.5/apis/resident-service-apis#post-resident-v1-req-auth-lock
• https://docs.mosip.io/1.1.5/apis/resident-service-apis#post-resident-v1-req-auth-unlock

The tentative way to access the setting is to open a VC and click the "lock" button. @walidkhouryNL will add input and screens.

As part of locking and unlocking an authentication factor, an OTP has to be provided.

The lock/unlock event should be logged in the app so that it can be displayed.

[typelogic]

I'm still checking it. So far I tested, it seems to work using demo but not bio which is what we want.. I'm sending now an inquiry to MOSIP team regarding this.

As documented, Allowed Type = demo, bio, bio-FMR, bio-IIR, bio-FID .

[typelogic]

Latest update comments by Rounak,

auth.types.allowed:

• demo
• otp
• bio-Finger
• bio-Iris
• bio-Face

But as I tested, using otp gave back an error message.

[danicaerediano]

@walidkhouryNL can we have updates on the screens please

[typelogic]

@kneckinator , as the bio is not within the permissible values for authType, the closest item in lieu of it, would be the otp. Will this be a correct replacement for bio that is described in this ticket?

As of now, the authType = otp is disabled for MOSIP-side Resident configuration. I just confirmed minimum pieces of information for us to proceed on certain things. Hi @danicaerediano , you may commence frontend development of this ticket with regards to its error-handling aspect, as the authType = otp is currently disabled at the MOSIP side for Resident app. Please coordinate with @walidkhouryNL or @kneckinator in terms of UI screens.

[walidkhouryNL]

Hello everyone, Here are tentative screens for the lock/unlock flow,

You can also find a quick prototype here

Locking a VC Open ID (VC) > Tap on the “more option” dropdown button (top right corner) > Tap on “unlock” > Scan biometrics (in this case, fingerprint) > Enter OTP > ID is unlocked

Unlocking a VC Open VC > More options > Lock > ID is locked

Few notes:

• A newly generated ID is locked by default
• Unlocking an ID doesn’t require authentication (unless I misunderstood)
• The “ID successfully unlocked/locked” notifications should automatically disappear after 2s
• Replaced top right corner actions (edit + lock) with a “more options” dropdown button. I think Jeremi had mentioned we would have “Revoke” and “Delete” as added options in later stages, which I’m accounting for in this design. If we’d rather not have this “more options” button right away, we can leave the two edit + lock buttons as it is for now.

[kneckinator]

@kneckinator , as the bio is not within the permissible values for authType, the closest item in lieu of it, would be the otp. Will this be a correct replacement for bio that is described in this ticket?

I would skip otp for now @typelogic

[typelogic]

I checked in MOSIP 1.2.0 and found the list below what it seems to be the list of permissible values for auth.types.allowed:

• bio
• bio-Face
• bio-FACE
• bio-FID
• bio-Finger
• bio-FMR
• bio-Iris
• demo
• FMR
• otp
• pin
• fulladdress

It seems that this authlock/authunlock feature needs a persistent global storage. I am still clarifying this.

[typelogic]

MOSIP API Reference

• https://docs.mosip.io/1.1.5/apis/resident-service-apis#post-resident-v1-req-auth-lock
• https://docs.mosip.io/1.1.5/apis/resident-service-apis#post-resident-v1-req-auth-unlock

Postman POST Payload Request

1) Firt step is an OTP request:

{

    "individualId": "9851941769",
    "individualIdType": "UIN",
    "otpChannel": [
        "EMAIL",
        "PHONE"
    ],

    "transactionID": "1430000006"
}

2) /req/auth-lock POST payload body

{

    "individualId": "9851941769",
    "individualIdType": "UIN",
    "otp": "111111",
    "transactionID": "1430000006",
    "authType": ["bio"]
}

3) /req/auth-unlock POST payload body

{

    "individualId": "9851941769",
    "individualIdType": "UIN",
    "otp": "111111",
    "transactionID": "1430000006",
    "authType": [
        "bio"        
    ],
    "unlockForSeconds": "120"
}

Postman POST Payload Response

Success response for /req/auth-lock and /req/auth-unlock:

{
    "id": "mosip.resident.authunlock",
    "version": "v1",
    "str": null,
    "responsetime": "2022-04-13T07:35:44.735Z",
    "metadata": null,
    "response": {
        "status": null,
        "message": "Notification has been sent to the provided contact detail(s)"
    },
    "errors": null
}

Error response for /req/auth-lock and /req/auth-unlock:

{
    "id": "mosip.resident.authlock",
    "version": "v1",
    "str": null,
    "responsetime": "2022-04-13T05:27:02.588Z",
    "metadata": null,
    "response": null,
    "errors": [
        {
            "errorCode": "RES-SER-410",
            "errorMessage": "Invalid Input Parameter- authType"
        }
    ]
}

[jannahadlaon]

Testing was blocked due to server error

[jannahadlaon]

MOCK_io.mosip.residentapp-0.4.0-rc3-17-5f7c994-develop-temp-dirty-newlogic_20221003_0914.apk - Android 0.4.0 (9.2) - iOS

Resident app build: v0.4.0 R3-17-5f7c994 (android) v0.4.0 (9.2) -iOS

MOSIP server: Mock

Device: Samsung Galaxy A23 iPhone 11

Lock button is not working when clicked. So as the Rename button

Assign back to dev @pmigueld @danicaerediano @kyanthony

https://user-images.githubusercontent.com/102940764/194000644-ea36876c-d4eb-4766-89a0-c160e69df192.mp4

[jannahadlaon]

Tested on: Android - MOCK_io.mosip.residentapp-0.4.0-rc5-newlogic_20221012_1559.apk iOS - 0.4.0 (10.4)

MOSIP server: Mock

Devices: Samsung Galaxy A23 iPhone 11

Works as expected on ANDROID FAILED ON iOS @pmigueld @kyanthony @danicaerediano

• Lock/Unlock Feature does not work if the UIN is not Valid (Status has green check beside Valid in ID profile)

STEPS

1. Download UIN
2. Click on the profile and wait for the green check beside Valid to appear
3. Click the kebab menu on the upper right corner
4. Select Lock
5. App should request OTP
6. Enter correct OTP
7. Success toast should display
8. Click the kebab menu on the upper right corner again
9. Select Unlock
10. App should request OTP
11. Enter correct OTP
12. Success toast should display

Additional comments/ notes

• Improve the success toast message to: ID successfully locked -> @danicaerediano

[jannahadlaon]

Tested on: Android - MOCK_io.mosip.residentapp-0.4.0-rc6-newlogic_20221014_1757.apk iOS - 0.4.0 (11.1)

MOSIP server: Mock

Devices: Samsung Galaxy A23 iPhone 11

WORKS AS EXPECTED for both android and iOS @pmigueld @danicaerediano @kyanthony