Closed pavelkozlov-okta closed 1 year ago
LGTM! Do we have any documentation of the UV_PERMANENTLY_UNAVAILABLE or UV_TEMPORARILY_UNAVAILABLE cases and what should happen?
@stevelind-okta , https://github.com/okta/okta-verify-contracts/blob/master/Documentation/FastPass/authentication.md#response-context-collection-and-validation
Problem Analysis (Technical)
Face ID reset leads to invalidation of enrolled
userVerification
key and attempts to sign challenge response JWT returnTKError.Code.corruptedData
error. This error is handled to sendUV_PERMANENTLY_UNAVAILABLE
userConsent
using PoP key.If device passcode is turned off,
userVerification
key is not invalidated but all attempts to sign challenge response JWT using this key returnLAError.Code.passcodeNotSet
error which doesn't have a specific handler and treated as general error leading to UC prompting.Solution (Technical)
In order to provide the same experience for both cases, added handling of
LAError.Code.passcodeNotSet
error to sendUV_TEMPORARILY_UNAVAILABLE
userConsent
value. After setting a new passcode the Face ID becomes available again and theuserVerification
key works as before.