[Enhancement]: Allow using pin for iOS

[darkyen]

From the screenshots the android version supports fetching key from PIN, maybe support this on iOS ?

[sjhoeksma]

Can you be a more specific what you mean ? (Pin --> Key ?)

[darkyen]

I mean why can't there be a 4 digit PIN to fallback instead of mandatory fingerprint scan

[darkyen]

Also I'm wondering would you be interested if I make a PR to this with an API like

<Promise(Boolean)> window.secureStorage.isSupported

Returns a promise that resolves to true or false depending on if the plugin isSupported. Optionally this can be moved to a synchronous call with explaining what features are supported.

<Promise(String)> window.secureStorage.getItem(key, [message='Please confirm your identity'])

Returns a promise that resolves with the value if key was found, an empty string if key was not stored in keychain otherwise Reject with. The useragent must display a consent window either for entering a PIN or with password.

• secureStorage.NotSupportedError (if the plugin is not supported either by hardware or some other reason)
• secureStorage.RuntimeError (if the plugin is supported and there was some error fetching the key)
• secureStorage.UserDeniedError (if the user denied the flow)

<Promise(Void)> window.secureStorage.setItem(key, value)

Returns a promise that resolves if the key was stored, and must otherwise Reject with

• secureStorage.NotSupportedError (if the plugin is not supported either by hardware or some other reason)
• secureStorage.RuntimeError (if the plugin is supported and there was some error fetching the key)

In this case in the light of ES7 Async/Await this would be as simple as

const keyPair = await createPubPrivKey();
await secureStorage.setItem('some-secure-key', keyPair.private);
// Later on
const privateKey = await secureStorage.getItem('some-secure-key', 'Please scan your fingerprint to confirm you want to make a secure transaction');

if ( privateKey ) {
   fetch({ 
      url: '/api/some-protected-operation',
      headers: {
          'Authorization': `Bearer ${token}`,
          'X-ACTION-VERIFIER': await sign(challenge, privateKey)
      }
   });
}

This works similar to localStorage/sessionStorage and stores strings only, and I believe works better with other API's.

[berndlackinger]

+1 fallback from fingerprint to pin entry

[andreamaioli]

+1 fallback from fingerprint to pin entry

[tom94zoe]

+1 fallback from fingerprint to pin entry

[crapthings]

so enter password on ios just does nothing, is this pin = password on screen ?