sjhoeksma / cordova-plugin-keychain-touch-id Goto Github PK

In verify we passing only key & message. I need to restrict max attempts in android.. its taking default as 5 ..

I'm using the plugin for login. The basic idea is:

1. When the user tries to login for the first time the password is stored by using this.keychainAuthService.saveIntoKeyChain("mykey", password).
2. Then when the user tries to login again then the touchid/faceid alert appears and if the fingerprint is correct the password is restored with this.keychainAuthService.getFromKeyChain.

The problem is on this.keychainAuthService.saveIntoKeyChain in android devices (not ios). I suppose for security purposes it asks again the user to use touch (fingerprint) in order to allow to store the password.

In order to avoid this I have found in https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id/blob/master/www/touchid.js:
userAuthenticationRequired if true will save after authentication with fingerprint, if false there's no need to authenticate to save.

In versions that have been released, i.e. through "cordova plugin add cordova-plugin-keychain-touch-id", the latest is 3.2.1, it doesn't have this functionality.

Is there any reason why it's not officially released?

What encryption specification is this plugin using for Android and iOS? Is this something that is uniform for all secure storage on these platforms? Or is this plugin specifying a certain key size, strength, etc?

Hi guys, on iPhone 11 after face id failed. I get the option to use a passcode, however, this is not showing up for me to enter the password, instead the error callback method is called.
This happens for to both .save and .verify

window.plugins.touchid.has('refresh_token', function () {
    window.plugins.touchid.verify('refresh_token', 'Verify yourself', function (password) {
        console.log("Touch " + password);
    }, function (error) {
       //this the errorCallback I am referring to
        console.log(JSON.stringify(error)); 
        //{"OS": "IOS", "ErrorCode":"-3", "Error-Message":"Fallback authentication mechanism selected"}
    });
    }, function () {
        window.plugins.touchid.save('refresh_token', credentials.refresh_token, true, function (res) {
            console.log("Password saved");
        }, function (error) {
            console.log('we got an error');
    });
}); 

just wondering if I need to do something exist. Thank you

fpauth-strings.xml in res/values and res/values-es have 2 strings declared

<string name="ok">Ok</string>
<string name="cancel">Cancel</string>

These are fairly common string names used in other plugins and causes build issue when making an android build with the error: I'm getting this issue when using this plugin with IBM MFP plugin.

Execution failed for task ':mergeDebugResources'.
> [string/cancel] /Users/***/platforms/android/res/values/fpauth-strings.xml	[string/cancel] /Users/***/platforms/android/res/values/mfp-strings.xml: Error: Duplicate resources

[string-es/cancel] /Users/***/platforms/android/res/values-es/fpauth-strings.xml	[string-es/cancel] /Users/***/platforms/android/res/values-es/mfp-strings.xml: Error: Duplicate resources

Please fix this issue..

Hello Sir, we are using latest version in plugin inonic 5. When we use "save" method means

if (window.plugins) {
    window.plugins.touchid.save("MyKey", "My Password", true, function() {
        alert("Password saved");
    });
}

authentication with fingerprint dialog never comes.

Dialog only comes when we use verify method.

Hi, I am using this plugin to add Touch ID/Face ID in my cordova hybrid app. Touch ID is working fine but Face ID is not working on iPhone XS. It doesn't return any biometric type on iPhone XS. Please fix this issue or give any work around for this.

This plugin no longer seems to be getting updates.

It has numerous issues that can cause build failures and crashes on both iOS and Android.

The docs are incorrect.

I would recommend not using this plugin as it will only cause you issues.

Hi,

Thanks for this plugin! One issue though, the version on NPM does not work as advertised in the ionic documentation. If I use the latest from github it does work. So would you please do a new release on NPM? Thanks!

Ref:
https://forum.ionicframework.com/t/keychain-touch-id-save-method-callback-sucess-apply-undefined/192824

Calling 'save' on iPhone X returns a null error, but actually saves

When trying to save a value on an Android device like so:

window.plugins.touchid.save("MyKey", "My Password", false, function() {
    alert("Password saved");
});

A fingerprint auth dialogue is displayed. This seems to work correctly on iOS.
Note: setting to true has no effect.

From the screenshots the android version supports fetching key from PIN, maybe support this on iOS ?

Dear Mr. @sjhoeksma and all Contributors,

for your information, me and my team are using your plugin for feature fingerprint scanner on our app. Accidentally, on iOS platform, when we tried to input wrong fingerprint for several times and later our app show error message "Touch Id not available". But on Android platform, with same scenario, the error message not show up.

Here the information:
"name": "cordova-plugin-keychain-touch-id",
"version": "3.2.1",
We build using Xcode 9
Our device testing is iPhone 5S with iOS version 12.0
We using Ionic Framework version 3.13.0

The questions are:
a. Is there any possibility to know or maybe generate the log with full information that can tell us the root cause that only happened on iOS?
b. Is there any way to make sure that the fingerprint is still there or the fingerprint is really disappear?

Here the screenshot that show the part of our code, where, how and when we call the plugin and trigger the alert:

Here the screenshot that show the alert: (I'm sorry before for the typo on alert message)

Here the scenario:
a. Login to app using password 4 digits
b. Successfully login
c. Save the Touch Id
d. Logout
e. Login to app using Touch Id
f. Intentionally, input wrong fingerprint for several times
g. Then input the right fingerprint.
h. Alert show message "Touch Id not available"

Please let me know if you need more information regarding this issue.

Best Regard.

Hi,
Looks like ionic's native wrapper read the Readme.md information which does not show userAuthenticationRequired as one of the parameters to the save() function.

This causes their wrapper to fail. If you could update the docs to show all needed parameters then maybe ionics will realize their mistake and fix the issue.

Thanks,

For those who care, on Android such as the S8 where it has fingerprint and face biometrics, it returns "OK" rather than "face" or "touch"

Hi,

I've seen on the screenshots that there supposedly is a backup for the fingerprint.

When I get the dialog I do not get this backup (currently testing on android), not even after a bad attempt.

How do I add the backup to be available directly, I have PIN and Fingerprint set up?

The success callback of isAvailable() returns null instead of the biometryType.
Is it possible that this functionality is currently broken?
I'm working with version 3.2.1 in IONIC 3.

I see that there is currently support for FaceID on iPhoneX in master, but as far as I can tell it hasn't been released yet. Can I ask when it will next be released?

The readme says this:

isAvailable(successCallback(biometryType), errorCallback(msg)) will Check if touchid is available on the used device. The successCallback gets the biometryType argument with 'face' on iPhone X, 'touch' on other devices.

But on Android it returns 'OK' instead of 'touch'.
Not a big issue but it can be fixed...

Please update the below property name to cancel
Cancelar

to

Cancelar

Tried to save two passwords with with different keys, but first password was overridden by the second.

Thanks for this awesome plugin!

I'm having an issue calling isAvailable() for a certain android device. Neither of the callbacks ever get fired, so my app just hangs while waiting for it.

The device is a Samsung Galaxy 4 mini.
Here's the device info (as reported by ionic.Platform.device()
{"available":true,"platform":"Android","version":"4.4.2","uuid":"{...omitted...}","cordova":"6.1.2","model":"SAMSUNG-SGH-I257","manufacturer":"samsung","isVirtual":false,"serial":"{...omitted...}"}

Here's the code I'm using to make this call

      var checkSupport = function () {
        var defer = $q.defer();
        if (window.plugins) {
          window.plugins.touchid.isAvailable(function () {
            defer.resolve(true);
          }, function (msg) {
            defer.resolve(false);
          });
        }
        else {
          defer.resolve(false);
        }
        return defer.promise;
      }

Here's what comes back from ionic info
Cordova CLI: 6.5.0
Ionic CLI Version: 2.2.2
Ionic App Lib Version: 2.1.7
ios-deploy version: 1.9.1
ios-sim version: 5.0.4
OS: macOS Sierra
Node Version: v4.2.3
Xcode version: Xcode 8.3.3 Build version 8E3004b

It seems to work on all my ios devices, and some other android devices I've tried, just not this one. Thanks again for your help!

I am getting the error message "Failed to encrypt the data with the generated key: IllegalBlockSizeException: null" when I save a credential in an app, delete the associated fingerprint, and try to use the credential again. After the point when I get the error, I can no longer add or verify fingerprint credentials in the app without re-installing. The error appears to be thrown from the onAuthenticated method of FingerprintAuth.java.

It would be nice if after deleting a fingerprint with credentials associated with it and then adding a new one, new credentials using the new fingerprint could then be saved over the old ones.

Is it possible to detect changes in the enrolled fingerprints (additions or deletions) and make the pop-up fail in this case?

I can't seem to find anything in the documentation about it.

Or is there any reason why this isn't needed for security?

I install the plugin with

cordova plugin add cordova-plugin-keychain-touch-id

Then when i run my app with cordova run android, i got an error

:processDebugResources/Users/pomauguet/workspace/impots/APPLI/trunk/impots-gouv/platforms/android/res/layout/fingerprint_dialog_content.xml:37: AAPT: error: resource drawable/ic_fp_40px (aka fr.gouv.finances.smartphone.android:drawable/ic_fp_40px) not found.
    
/Users/pomauguet/workspace/impots/APPLI/trunk/impots-gouv/platforms/android/res/layout/fingerprint_dialog_content.xml:37: error: resource drawable/ic_fp_40px (aka fr.gouv.finances.smartphone.android:drawable/ic_fp_40px) not found.
error: failed linking file resources.

Failed to execute aapt
com.android.ide.common.process.ProcessException: Failed to execute aapt
	at com.android.builder.core.AndroidBuilder.processResources(AndroidBuilder.java:796)
	at com.android.build.gradle.tasks.ProcessAndroidResources.invokeAaptForSplit(ProcessAndroidResources.java:551)
	at com.android.build.gradle.tasks.ProcessAndroidResources.doFullTaskAction(ProcessAndroidResources.java:285)

Indeed, there is no ic_fp_40px in the drawable directory.

Hi,

Its a very nice tutorial. If possible, please share the HTML templates and script file.

Thanks.

Ankush

Can you add NSFaceIDUsageDescription for iOS. Without it the iOS application is crashing when face id is used. Should be something like cordova-plugin-touch-id

setLocale didn't work for me
using FingerprintAuth that is included in plugin
platform: android
ionic: 1.3.1
"name": "cordova-plugin-keychain-touch-id",
"version": "3.2.1",

window.plugins.touchid.has('XXXXXX', function () {
    //Touch ID avaialble and Password key available
    window.plugins.touchid.setLocale('ru_RU', function () {
        window.plugins.touchid.verify('XXXXXX', $translate.instant('ATTACH_FINGER_TO_ENTER'), function (password) {
            authorize();
        }, function (err) {
            console.log('canceled');
            AppPopup.toast('ATTENTION', 'BIO_CANCELED_ENTER_PIN');
        });
    }, function (err) {
        console.log('no locale');
    })
    }, function () {
        //Touch ID available but no Password Key available
        AppPopup.toast('ATTENTION', 'ENTER_PIN_TO_REGISTER_TOUCH_ID');
    }); 
},  function (msg) {
//Touch ID not available
});

I am getting the following build errors when trying to build my app for iOS with this plugin:

/tmp/monaca/5b2aa820e788850e2420ea2a/project/platforms/ios/InsideOut Conversation Tracker/Plugins/cordova-plugin-keychain-touch-id/TouchID.m:38:24: error: unrecognized platform name iOS
if (@available(iOS 11.0, *)) {
^
/tmp/monaca/5b2aa820e788850e2420ea2a/project/platforms/ios/InsideOut Conversation Tracker/Plugins/cordova-plugin-keychain-touch-id/TouchID.m:39:32: error: property 'biometryType' not found on object of type 'LAContext *'
if (self.laContext.biometryType == LABiometryTypeFaceID) {
^
/tmp/monaca/5b2aa820e788850e2420ea2a/project/platforms/ios/InsideOut Conversation Tracker/Plugins/cordova-plugin-keychain-touch-id/TouchID.m:39:48: error: use of undeclared identifier 'LABiometryTypeFaceID'
if (self.laContext.biometryType == LABiometryTypeFaceID) {
^
3 errors generated.

is there any option to use the faceID of android???

With the introduction of faceId on the iphone X, can this plugin differentiate between touch and face id?

https://developer.apple.com/documentation/localauthentication/labiometrytype

This would allow developers the option to display different text for each type of biometric scan.

Hey there. We are using your plugin on iOS/Android devices.
We recently discovered constant crash of iOS 8.4 (iPhone 6) when using this plugin with this crash report:

Incident Identifier: E633673E-84C7-48C6-8AD3-1EF9B7A89B30
Beta Identifier: FF6C6060-705B-44B6-9EDC-444DB6F2EB09
Hardware Model: iPhone7,2
Version: 2.8.1 (2.8.1)
Beta: YES
Code Type: ARM-64 (Native)
Parent Process: launchd [1]

Date/Time: 2017-01-19 12:33:58.775 +0300
Launch Time: 2017-01-19 12:33:34.458 +0300
OS Version: iOS 8.4 (12H143)
Report Version: 105

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0xa900fea00c681b08
Triggered by Thread: 8

If we turn off touch id plugin app starts working fine. Do you have any clues how we can fix it?

When saving a password on iOS, the user is not prompted to input fingerprint. This behaviour is different from Android, where the save causes a fingerprint prompt. Is this as intended?

I realise we may achieve the fingerprint prompt by calling verify after save, but the inconsistency between the platforms could be conceived as an issue. Also, could this be a security consideration?

Thanks for your work on this plugin - it is greatly appreciated.

Objective: Need to add multiple username and its password

Error: Different keys are available but their passwords are replaced with the latest one. It means in the keychain multiple keys are available but all has same passwords.

Note: It is working as expected for Android.

Any suggestion.

I just create a new Cordova project, add a android platform to it, then i follow the instructions from this plugin:

$ cordova plugin add cordova-plugin-keychain-touch-id
$ cordova prepare

after that i results to a error. Any idea what is happening?

cp: copyFileSync: could not write to dest file (code=ENOENT):C:\Project\Test\MyApp\platforms\android\res\xml\config.xml

Parsing C:\Project\Test\LocationTracker\platforms\android\res\xml\config.xml failed
(node:6732) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: ENOENT: no such file or directory, open 'C:\Project\Test\MyApp\platforms\android\res\xml\config.xml'
(node:6732) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Try the following with cordova-cli 8.0.0 (I'm using node 8.9.4 on Mac OS 10.13):

cordova create CordovaTest com.sample.cordovatest CordovaTest
cd CordovaTest
cordova platform add [email protected]
cordova plugin add cordova-plugin-keychain-touch-id
cordova build android

The output is:

cp: copyFileSync: could not write to dest file (code=ENOENT):/CordovaTest/platforms/android/res/xml/config.xml

(node:29501) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: Unhandled "error" event. (Parsing /CordovaTest/platforms/android/res/xml/config.xml failed)
(node:29501) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

This seems to be because of commands like <source-file src="..." target-dir="res/..." /> in your plugin.xml. It's not documented, but it seems like these need to copy the files to app/src/main/res/... instead, similar to the change for edit-config here. If I remove the platforms/android/res directory, which is created by cordova-plugin-keychain-touch-id, it builds.

@sjhoeksma This repo is missing licensing information. Can you please update?

Bug report
Description
What did you do?
I'm installing the app on a samsung j7 non-biometric device

What did happen?
When i am calling isAvailable the device is not having biometrics so it should return appropriate error but instead of this i am getting below error.
Error: Uncaught (in promise): Attempt to invoke virtual method 'boolean android.hardware.fingerprint.FingerprintManager.isHardwareDetected()' on a null object reference
in the console.
This issue happens just on that phone from all my testing devices, but note that's the only device.

Environment
I'm using Ionic 3, cordova-plugin-keychain-touch-id

Building in debug mode.

Notes
If you have any additional question about the issue please ask and I'll try to give as much data as I can.

I am trying to use save on IOS.

My call is:

window.plugins.touchid.save(
  "MyAppID",
  "PasswordGivenInAPasswordPrompt",
   true,
   successCallback,
   errorCallback
)

function successCallback() {console.log('success')}
function errorCallback(err) {console.log('error', err)}

I get systematically the error Error in Success callback: TouchID xyz - Type Error: callback.success.call is not a function

If I remove the true in the third position, everything is fine.

It appears that the documentation about save is wrong: the third boolean param userAuthenticationRequired seems to be no longer in place and the two places in the docs where it is mentioned and taken as example should be amended.

Getting this error after verify successcallback. Anyone getting this issue?

support Face ID?

I am using your plugin and some of my users are reporting random crashes on Android with the following error message:

java.lang.IllegalStateException: Can not perform this action after onSaveInstanceState
at android.app.FragmentManagerImpl.checkStateLoss(FragmentManager.java:1434)
at android.app.FragmentManagerImpl.enqueueAction(FragmentManager.java:1452)
at android.app.BackStackRecord.commitInternal(BackStackRecord.java:707)
at android.app.BackStackRecord.commit(BackStackRecord.java:671)
at android.app.DialogFragment.show(DialogFragment.java:231)
at com.cordova.plugin.android.fingerprintauth.FingerprintAuth$1.run(FingerprintAuth.java:405)
at android.os.Handler.handleCallback(Handler.java:751)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:154)
at android.app.ActivityThread.main(ActivityThread.java:6247)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:872)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:762)

I have not been able to replicate this exception exactly, so i was wondering if someone here had some insight on what could be going on.
In the repository, on which the Android part is based on, a similar error has been recorded and fixed, although i'm unsure if this is applicable here: mjwheatley/cordova-plugin-android-fingerprint-auth#46

see y-marion@2617e48 for the implementation which fixes this bug for me

Thanks for all your work on this plugin!

I recently updated to version 3.3.0. After the first failed touch id attempt, I see "Enter Password" show up in the touch id prompt. If I touch it, the error callback is immediately invoked with this error:
{OS: "iOS", ErrorCode: "-3", ErrorMessage: "Fallback authentication mechanism selected."}

I would expect it to allow me to enter my passcode, and authenticate that way instead. Is there any way to get this working? Thanks again for your help!

enableTouchId = () => {
    window.plugins.touchid.save('__touchId__', 'g3KYWA8ExzkDZGMt8', () => {
      this.setState({ isTouchIdEnabled: true });
      localStorage.setItem({ isTouchIdEnabled: true });
    }, () => {});
  }

what is this about ?