UNPKG

@capgo/capacitor-native-biometric

Version:

This plugin gives access to the native biometric apis for android and iOS

capgo.app/docs/plugins/native-biometric/

Cap-go/capacitor-native-biometric

356 lines (355 loc) 11.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
import type { PluginListenerHandle } from '@capacitor/core'; export declare enum BiometryType { NONE = 0, TOUCH_ID = 1, FACE_ID = 2, FINGERPRINT = 3, FACE_AUTHENTICATION = 4, IRIS_AUTHENTICATION = 5, MULTIPLE = 6, DEVICE_CREDENTIAL = 7 } export declare enum AuthenticationStrength { /** * No authentication available, even if PIN is available but useFallback = false */ NONE = 0, /** * Strong authentication: Face ID on iOS, fingerprints on devices that consider fingerprints strong (Android). * Note: PIN/pattern/password is NEVER considered STRONG, even when useFallback = true. */ STRONG = 1, /** * Weak authentication: Face authentication on Android devices that consider face weak, * or PIN/pattern/password if useFallback = true (PIN is always WEAK, never STRONG). */ WEAK = 2 } export declare enum AccessControl { /** * No biometric protection. Credentials are accessible without authentication. * This is the default behavior for backward compatibility. */ NONE = 0, /** * Biometric authentication required for credential access. * Credentials are invalidated if biometrics change (e.g., new fingerprint enrolled). * More secure but credentials are lost if user modifies their biometric enrollment. */ BIOMETRY_CURRENT_SET = 1, /** * Biometric authentication required for credential access. * Credentials survive new biometric enrollment (e.g., adding a new fingerprint). * More lenient — recommended for most apps. */ BIOMETRY_ANY = 2 } export interface Credentials { username: string; password: string; } export interface IsAvailableOptions { /** * Only for iOS. * Specifies if should fallback to passcode authentication if biometric authentication is not available. * On Android, this parameter is ignored due to BiometricPrompt API constraints: * DEVICE_CREDENTIAL authenticator and negative button (cancel) are mutually exclusive. */ useFallback: boolean; } /** * Result from isAvailable() method indicating biometric authentication availability. */ export interface AvailableResult { /** * Whether authentication is available (biometric or fallback if useFallback is true) */ isAvailable: boolean; /** * The strength of available authentication method (STRONG, WEAK, or NONE) */ authenticationStrength: AuthenticationStrength; /** * The primary biometry type available on the device. * On Android devices with multiple biometry types, this returns MULTIPLE. * Use this for display purposes only - always use isAvailable for logic decisions. */ biometryType: BiometryType; /** * Whether the device has a secure lock screen (PIN, pattern, or password). * This is independent of biometric enrollment. */ deviceIsSecure: boolean; /** * Whether strong biometry (Face ID, Touch ID, or fingerprint on devices that consider it strong) * is specifically available, separate from weak biometry or device credentials. */ strongBiometryIsAvailable: boolean; /** * Error code from BiometricAuthError enum. Only present when isAvailable is false. * Indicates why biometric authentication is not available. * @see BiometricAuthError */ errorCode?: BiometricAuthError; } export interface BiometricOptions { reason?: string; title?: string; subtitle?: string; description?: string; negativeButtonText?: string; /** * Only for iOS. * Specifies if should fallback to passcode authentication if biometric authentication fails. * On Android, this parameter is ignored due to BiometricPrompt API constraints: * DEVICE_CREDENTIAL authenticator and negative button (cancel) are mutually exclusive. */ useFallback?: boolean; /** * Only for iOS. * Set the text for the fallback button in the authentication dialog. * If this property is not specified, the default text is set by the system. */ fallbackTitle?: string; /** * Only for Android. * Set a maximum number of attempts for biometric authentication. The maximum allowed by android is 5. * @default 1 */ maxAttempts?: number; /** * Only for Android. * Specify which biometry types are allowed for authentication. * If not specified, all available types will be allowed. * @example [BiometryType.FINGERPRINT, BiometryType.FACE_AUTHENTICATION] */ allowedBiometryTypes?: BiometryType[]; } export interface GetCredentialOptions { server: string; } export interface SetCredentialOptions { username: string; password: string; server: string; /** * Access control level for the stored credentials. * When set to BIOMETRY_CURRENT_SET or BIOMETRY_ANY, the credentials are * hardware-protected and require biometric authentication to access. * * On iOS, this adds SecAccessControl to the Keychain item. * On Android, this creates a biometric-protected Keystore key and requires * BiometricPrompt authentication for both storing and retrieving credentials. * * @default AccessControl.NONE * @since 8.4.0 */ accessControl?: AccessControl; } export interface GetSecureCredentialsOptions { server: string; /** * Reason for requesting biometric authentication. * Displayed in the biometric prompt on both iOS and Android. */ reason?: string; /** * Title for the biometric prompt. * Only for Android. */ title?: string; /** * Subtitle for the biometric prompt. * Only for Android. */ subtitle?: string; /** * Description for the biometric prompt. * Only for Android. */ description?: string; /** * Text for the negative/cancel button. * Only for Android. */ negativeButtonText?: string; } export interface DeleteCredentialOptions { server: string; } export interface IsCredentialsSavedOptions { server: string; } export interface IsCredentialsSavedResult { isSaved: boolean; } /** * Biometric authentication error codes. * These error codes are used in both isAvailable() and verifyIdentity() methods. * * Keep this in sync with BiometricAuthError in README.md * Update whenever `convertToPluginErrorCode` functions are modified */ export declare enum BiometricAuthError { /** * Unknown error occurred */ UNKNOWN_ERROR = 0, /** * Biometrics are unavailable (no hardware or hardware error) * Platform: Android, iOS */ BIOMETRICS_UNAVAILABLE = 1, /** * User has been locked out due to too many failed attempts * Platform: Android, iOS */ USER_LOCKOUT = 2, /** * No biometrics are enrolled on the device * Platform: Android, iOS */ BIOMETRICS_NOT_ENROLLED = 3, /** * User is temporarily locked out (Android: 30 second lockout) * Platform: Android */ USER_TEMPORARY_LOCKOUT = 4, /** * Authentication failed (user did not authenticate successfully) * Platform: Android, iOS */ AUTHENTICATION_FAILED = 10, /** * App canceled the authentication (iOS only) * Platform: iOS */ APP_CANCEL = 11, /** * Invalid context (iOS only) * Platform: iOS */ INVALID_CONTEXT = 12, /** * Authentication was not interactive (iOS only) * Platform: iOS */ NOT_INTERACTIVE = 13, /** * Passcode/PIN is not set on the device * Platform: Android, iOS */ PASSCODE_NOT_SET = 14, /** * System canceled the authentication (e.g., due to screen lock) * Platform: Android, iOS */ SYSTEM_CANCEL = 15, /** * User canceled the authentication * Platform: Android, iOS */ USER_CANCEL = 16, /** * User chose to use fallback authentication method * Platform: Android, iOS */ USER_FALLBACK = 17 } /** * Callback type for biometry change listener */ export type BiometryChangeListener = (result: AvailableResult) => void; export interface NativeBiometricPlugin { /** * Checks if biometric authentication hardware is available. * @param {IsAvailableOptions} [options] * @returns {Promise<AvailableResult>} * @memberof NativeBiometricPlugin * @since 1.0.0 */ isAvailable(options?: IsAvailableOptions): Promise<AvailableResult>; /** * Adds a listener that is called when the app resumes from background. * This is useful to detect if biometry availability has changed while * the app was in the background (e.g., user enrolled/unenrolled biometrics). * * @param eventName - Must be 'biometryChange' * @param {BiometryChangeListener} listener - Callback function that receives the updated AvailableResult * @returns {Promise<PluginListenerHandle>} Handle to remove the listener * @since 7.6.0 * * @example * ```typescript * const handle = await NativeBiometric.addListener('biometryChange', (result) => { * console.log('Biometry availability changed:', result.isAvailable); * }); * * // To remove the listener: * await handle.remove(); * ``` */ addListener(eventName: 'biometryChange', listener: BiometryChangeListener): Promise<PluginListenerHandle>; /** * Prompts the user to authenticate with biometrics. * @param {BiometricOptions} [options] * @returns {Promise<any>} * @memberof NativeBiometricPlugin * @since 1.0.0 */ verifyIdentity(options?: BiometricOptions): Promise<void>; /** * Gets the stored credentials for a given server. * @param {GetCredentialOptions} options * @returns {Promise<Credentials>} * @memberof NativeBiometricPlugin * @since 1.0.0 */ getCredentials(options: GetCredentialOptions): Promise<Credentials>; /** * Stores the given credentials for a given server. * @param {SetCredentialOptions} options * @returns {Promise<any>} * @memberof NativeBiometricPlugin * @since 1.0.0 */ setCredentials(options: SetCredentialOptions): Promise<void>; /** * Deletes the stored credentials for a given server. * @param {DeleteCredentialOptions} options * @returns {Promise<any>} * @memberof NativeBiometricPlugin * @since 1.0.0 */ deleteCredentials(options: DeleteCredentialOptions): Promise<void>; /** * Gets the stored credentials for a given server, requiring biometric authentication. * Credentials must have been stored with accessControl set to BIOMETRY_CURRENT_SET or BIOMETRY_ANY. * * On iOS, the system automatically shows the biometric prompt when accessing the protected Keychain item. * On Android, BiometricPrompt is shown with a CryptoObject bound to the credential decryption key. * * @param {GetSecureCredentialsOptions} options * @returns {Promise<Credentials>} * @memberof NativeBiometricPlugin * @since 8.4.0 */ getSecureCredentials(options: GetSecureCredentialsOptions): Promise<Credentials>; /** * Checks if credentials are already saved for a given server. * @param {IsCredentialsSavedOptions} options * @returns {Promise<IsCredentialsSavedResult>} * @memberof NativeBiometricPlugin * @since 7.3.0 */ isCredentialsSaved(options: IsCredentialsSavedOptions): Promise<IsCredentialsSavedResult>; /** * Get the native Capacitor plugin version. * * @returns Promise that resolves with the plugin version * @since 1.0.0 */ getPluginVersion(): Promise<{ version: string; }>; }