Flutter Locker🔒

Flutter plugin that secures your secrets in keychain using biometric authentication (Fingerprint, Touch ID, Face ID...).

It uses:

• Locker on iOS (https://github.com/infinum/Locker)
• Goldfinger on Android (https://github.com/infinum/Android-Goldfinger)

Migrate to 2.1.0

The models now accept named parameters instead of unnamed, e.g.:

RetrieveSecretRequest(
  key: 'key',
  androidPrompt: AndroidPrompt(title: 'title', cancelLabel: 'cancel'),
  iOsPrompt: IOsPrompt(touchIdText: 'description'),
)

Usage

FlutterLocker.canAuthenticate();

Checks if the devices has biometric features.

await FlutterLocker.save(SaveSecretRequest(
  key: 'key',
  secret: 'secret',
  androidPrompt: AndroidPrompt(title: 'Authenticate', cancelLabel: 'Cancel'),
));

Saves the secret. On Android prompt is shown, while on iOS there is no need for the prompt when saving.

await FlutterLocker.retrieve(RetrieveSecretRequest(
  key: key,
  androidPrompt: AndroidPrompt(title: 'Authenticate', cancelLabel: 'Cancel'),
  iOsPrompt: IOsPrompt(touchIdText: 'Authenticate'),
));

Retrieves the secret. You need to provide a prompt for Android and iOS. Prompt for iOS is used only with TouchID. FaceID uses strings from Info.plist.

await FlutterLocker.delete('key');

Deletes the secret.

Exceptions

For common exceptions, a LockerException is thrown.

Use LockerException.reason to find out what went wrong:

• secretNotFound - Happens when you try to retrieve a secret that was never saved for that key
• authenticationCanceled - User canceled the authentication prompt
• authenticationFailed - User failed authentication, e.g. by too many wrong attempts

For other exception, a PlatformException is thrown. You can use PlatformException.message to get more info.

Notes

• iOS only: app will not show authentication dialog when saving (authentication will always succeed)
• please follow Locker and Goldfinger setup to prevent any issues

Setup

iOS

To use Locker you need to add the NSFaceIDUsageDescription to you Info.plist.

If NSFaceIDUsageDescription is not provided, the app will crash with the following error:

This app has crashed because it attempted to access privacy-sensitive data without a usage description.  The app's Info.plist must contain an NSFaceIDUsageDescription key with a string value explaining to the user how the app uses this data.

Android

Ensure MainActivity extends FlutterFragmentActivity.

class MainActivity: FlutterFragmentActivity() {
    // ...
}

When showing authentication prompt, the app might crash on some Samsung devices if you don't use an appropriate theme: https://github.com/infinum/flutter-plugins-locker/commit/fcb1f6401d89f860d24ea9a75027d62a03e87926.