Display "Enter Password" option once Biometrics fail

oblador / react-native-keychain

:key: Keychain Access for React Native

MIT License

3.19k stars 520 forks source link

Display "Enter Password" option once Biometrics fail #182

Open kulkarniankita opened 5 years ago

kulkarniankita commented 5 years ago

Currently, there are 2 policies:

export enum LAPolicy {
        DEVICE_PASSCODE_OR_BIOMETRICS = "AuthenticationWithBiometricsDevicePasscode",
        BIOMETRICS = "AuthenticationWithBiometrics"
    }

When I use either of those I do not get the following as a fallback screen. Is this implemented?I want to be able to show "Enter Password" once biometrics fails. Once "Enter password" is clicked, we want to go back to the screen again (dismissing the modal)

Any help would be appreciated.

losh11 commented 5 years ago

@oblador is there any solution to this? this is the biggest blocking issue stopping our team from using react-native-keychain.

npkhoa2197 commented 5 years ago

Sorry for unrelated comment but how can you guys implement TouchID and FaceID using react-native-keychain, i.e. how to open those popups using react-native-keychain APIs?

Sorry if my comment is off-topic. All helps are appreciated! Thanks in advance

vasilestefirta commented 5 years ago

@npkhoa2197 here's a tutorial which may answer your question: https://www.freecodecamp.org/news/how-to-implement-secure-biometric-authentication-on-mobile-devices-4dc518558c5c/

florinvasilevilsan commented 5 years ago

Any news on this?

richeterre commented 4 years ago

The key to solving this is to set a localizedFallbackTitle on LAContext before calling evaluatePolicy:localizedReason:reply:, as described in this article.

I tried making that change locally, but couldn't find the line where the above method would be called when retrieving a password from the keychain via biometric access. If anyone could point me to it, I could try opening a PR.

Maybe this reference implementation is helpful to someone: https://github.com/mCodex/react-native-sensitive-info/blob/master/ios/RNSensitiveInfo/RNSensitiveInfo.m

ccjx commented 4 years ago

Hi @richeterre I am interested to resolve this issue as well. @kulkarniankita did not mention if this was during the setGenericPassword or getGenericPassword, I am assuming it is the getGenericPassword.

When setGenericPassword is called, it validates the user's biometrics using LAContext first and then it continues to insertKeychainEntry which calls SecAccessControlCreateWithFlags to store the record. https://github.com/oblador/react-native-keychain/blob/3954a6a9fe76108fcf5ef98480b1ad89bdeba97d/RNKeychainManager/RNKeychainManager.m#L193

When getGenericPassword is called, it calls SecItemCopyMatching which will prompt for biometric authentication if needed (determined during setGenericPassword). The biometric check is implicitly triggered during this call. https://github.com/oblador/react-native-keychain/blob/3954a6a9fe76108fcf5ef98480b1ad89bdeba97d/RNKeychainManager/RNKeychainManager.m#L323

JeffreyLeeDave commented 4 years ago

Update one of our team members was able to get passcode to work on their iOS device. However I am testing on Android and it still does not work

gabimoncha commented 3 years ago

Hi @JeffreyLeeDave . We are really interested to learn how you managed to make it work. Could you share that with us?

JeffreyLeeDave commented 3 years ago

Sorry for the misunderstanding, it still didn't work on Android. But it works in iOS. We didn't do anything special for it.

amolpatil15 commented 1 year ago

@JeffreyLeeDave Any update on fallback to PIN/Pattern/Password on Android?