search

status-im / status-mobile

a free (libre) open source, mobile OS for Ethereum
https://status.app
Mozilla Public License 2.0
3.85k stars 982 forks source link

User can't log in with biometrics anymore after logging out #18004

Open clauxx opened 7 months ago

clauxx commented 7 months ago

Bug Report

Problem

Currently if the user logs out (through settings) from their account that has biometrics enabled, they can't use biometrics to login again nor can they enable it from the settings. The enabling from the settings would come with Settings V2, but the user should still be able to use biometrics after they log out or switch accounts. ATM all biometry information is erased during logout (auth-method & password) from the keychain.

Expected behavior

The user can log-out and log in again using biometrics. I guess the user shouldn't be prompted with the biometrics check right after logging out, but when the app is opened again biometrics should be prompted.

Actual behavior

The user can't log in with biometrics ever again after logging out

Reproduction

  1. Create account with biometrics
  2. Go to profile -> Log out -> Confirm
  3. Can only log in with password, even after closing the app and opening again

Additional Information

yqrashawn commented 5 months ago

hi @clauxx, will https://github.com/status-im/status-mobile/pull/18258 solve this issue? Or these are separate issues?

clauxx commented 5 months ago

Hi @yqrashawn, it doesn't solve it, but we decided to put a hold on it for now as we don't have a defined flow for handling biometrics during the logout phase. The issue you mentioned allows to re-enable it from the settings, which helps a bit until we have a flow.

clauxx commented 2 months ago

As discussed during the crew sync (Usability and readiness for public beta), should discuss the flow with the design team and prioritize this task accordingly. If the flow would become overly complex, should be removed from the scope of this release.

During the sync we discussed two potential options:

  1. keeping the biometric data in the keychain when logging out (without triggering the automatic biometric check on the login screen)
  2. keeping the biometric data, but disabling biometrics until the user logs in again, after which the biometric check will be available again.
clauxx commented 2 months ago

After discussing with @John-44, we decided to go with the 1st option to avoid user friction.

cammellos commented 1 month ago

Removing this from 2.29 as we might not have enough time to implement cc @clauxx

clauxx commented 1 month ago

@cammellos Yeah makes sense :+1: