Local Authentication

RSS for tag

Authenticate users biometrically or with a passphrase using Local Authentication.

Posts under Local Authentication tag

24 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

MacOS sometimes not asking for password after sleep when close lid
Sometimes, when I close the lid using the MacOs version Sequoia 15.2, with the configuration to require a password for 5 seconds, the system does not ask for the password as expected. This happens sometimes even though nothing preventing the system from sleeping when you close and open the lid, but it still seems like a security concern. Is there some known issue related to this problem or a way to avoid it? Result of command pmset -g: Configuration:
1
0
163
1w
Local Authentication & localized reason string
In a project I was using Local Authentication to authenticate a user. When I got a request to support smartcard/PIV token authentication (which Local Authentication does not support), I had to switch to Authorization Services, which works pretty. There's only one issue I have. Local Authentication's evaluatePolicy:localizedReason:reply: requires a reason in the form "<appname>" is trying to <localized reason>. The app is currently translated into 41 languages and I would like to use the localized strings for the AuthorizationEnvironment of Authorization Services as well. The problem is that Local Authentication prefixes the localized string with something like "<appname>" is trying to and Authorization Services does not do this. Is there a way to get this prefix from somewhere so I can manually add it to the (partially) localized string? Any help would be highly appreciated. Thank you, Marc
7
0
401
2w
Does SecKeyCreateDecryptedData Ignore LATouchIDAuthenticationMaximumAllowableReuseDuration?
Hi everyone, I’m working on an iOS app that uses biometric authentication to access secure keychain items and private keys stored in the Secure Enclave with some data encryption/decryption with those keys. My goal is to minimize the number of biometric prompts by reusing the authentication result within a short time window. I have the following setup: When writing the biometry-restricted keychain items and Secure Enclave keys, I use LAContext with the property LATouchIDAuthenticationMaximumAllowableReuseDuration = 1 minute, and I pass this context as the kSecUseAuthenticationContext field in the query. When retrieving these items later (in a synchronous sequence upon app launch), I pass the same instance of LAContext as the kSecUseAuthenticationContext field. The issue: If I unlock my device and the biometric reuse time has not expired (i.e., less than 1 minute), the first two actions (keychain item retrieval and Secure Enclave key retrieval) do not prompt for Face ID. However, when I attempt to decrypt data with the private key using SecKeyCreateDecryptedData, I’m prompted for Face ID even if the biometric reuse time is still valid. If the biometric reuse time has expired (more than 1 minute since last authentication), I get prompted for Face ID on the first action (keychain retrieval), and subsequent actions (including data decryption) reuse that biometric result. Question: Does this behavior mean that SecKeyCreateDecryptedData ignore the LATouchIDAuthenticationMaximumAllowableReuseDuration property of LAContext, causing an additional biometric prompt during decryption with the private key? Or is there another reason for this behavior? Is there a way to make the biometric result reusable across all these actions, including decryption? Thank you!
1
0
356
Jan ’25
Question:evaluatedPolicyDomainState
Hello, Apple developer, I found in the documentation that the evaluatedPolicyDomainState API has been deprecated in iOS 18. In my project, many users rely on this value for comparison. I would like to ask, what does it mean that this API is deprecated? Will the value returned by this API be empty in the future? How should I adapt for existing users?" Let me know if you'd like any adjustments! Thank you. Good luck. [[context evaluatedPolicyDomainState] bytes]
0
0
378
Dec ’24
LAContext and smart cards
In one of our applications we use LAContext's evaluatePolicy:localizedReason:reply: to authenticate a user. This works pretty well with both username/password and Touch ID. Now we have a request to add support for smart cards and I wonder if this is possible using LAContext. Otherwise I would use Authentication Services, although that might be a bit overkill since we don't need to request any rights, we just want to see that the user has been successfully authenticated. Or is there a better way? Any help would be greatly appreciated. Thanks, Marc
13
0
523
4w
LocalAuthentication like Face ID crashes using swift 6 iOS 18.1
Hello, I have been implementing faceID authentication using LocalAuthentication, and I've noticed that if i use swift 5 this code compiles but when i change to swift 6 it gives me a crash saying this compile error: i have just created this project for this error purpose so this is my codebase: import LocalAuthentication import SwiftUI struct ContentView: View { @State private var isSuccess: Bool = false var body: some View { VStack { if isSuccess { Text("Succed") } else { Text("not succeed") } } .onAppear(perform: authenticate) } func authenticate() { let context = LAContext() var error: NSError? if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) { let reason = "We need to your face to open the app" context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) { sucexd, error in if sucexd { let success = sucexd Task { @MainActor [success] in isSuccess = success } } else { print(error?.localizedDescription as Any) } } } else { print(error as Any) } } } #Preview { ContentView() } also i have tried to not use the task block and also gives me the same error. i think could be something about the LAContext NSObject that is not yet adapted for swift 6 concurrency? also i tried to set to minimal but is the same error Im using xcode 16.1 (16B40) with M1 using MacOS Seqouia 15.0.1 Help.
2
2
514
Dec ’24
How to simulate match face ID / touch ID on XCUITest
How can I test biometric on UI Tests in Swift / iOS 18? This code not working. + (void)successfulAuthentication { notify_post("com.apple.BiometricKit_Sim.fingerTouch.match"); notify_post("com.apple.BiometricKit_Sim.pearl.match"); } + (void)unsuccessfulAuthentication { notify_post("com.apple.BiometricKit_Sim.fingerTouch.nomatch"); notify_post("com.apple.BiometricKit_Sim.pearl.nomatch"); }
0
1
445
Oct ’24
App Crash on Lock Screen During Biometrics Permission Prompt Using LAContext()
I am using LAContext(), canEvaluatePolicy, and evaluatePolicy in my project, and I've encountered a crash under a specific scenario. When the permission prompt appears asking, "Do you want to allow [App Name] to use biometrics in your app?" and the user locks the device without selecting "Allow" or "Don't Allow," the app crashes at that point. Has anyone else experienced this issue or tested this scenario? Any insights would be appreciated!
1
0
297
Oct ’24
Biometrics error LAError NotInteractive(-1004)
We have been using the LAContext's evaluation policy for the past couple of years without any major issues. However, since last week (September 26), we have seen a spike in error events, indicating: json Copy code { "NSDebugDescription": "Caller is not running foreground.", "NSLocalizedDescription": "User interaction required." } We haven't made any code changes in the last couple of months. Is there any update regarding local authentication from Apple's side?
1
0
431
Oct ’24
Different PRF output when using platform or cross-platform authentication attachement
Hello, I am using the prf extension for passkeys that is available since ios 18 and macos15. I am using a fixed, hardcoded prf input when creating or geting the credentials. After creating a passkey, i try to get the credentials and retrieve the prf output, which works great, but i am getting different prf outputs for the same credential and same prf input used in the following scenarios: Logging in directly (platform authenticator) on my macbook/iphone/ipad i get "prf output X" consistently for the 3 devices When i use my iphone/ipad to scan the qr code on my macbook (cross-platform authenticator) i get "prf output Y" consistently with both my ipad and iphone. Is this intended? Is there a way to get deterministic prf output for both platform and cross-platform auth attachements while using the same credential and prf input?
9
0
484
4h
iOS 18 : Require Face ID feature
How app knows that Require Face ID is enable for them? How app knows that they active after successfully authenticate by iOS 18 Require Face ID feature? If any app implement any Extension(In my case Action Extension and Autofill Credential provider) then how they extension knows that they active after successfully authenticate by iOS 18 Require Face ID feature? is there any app notification or any api to help me out?
1
1
988
Aug ’24
Biometric authentication, Face ID doesn't get triggered
When a user swipes up to see the app switcher, I put a blocking view over my app so the data inside cannot be seen if you flick through the app switcher. I do this by checking if the scenePhase goes from .active to .inactive. If the app goes into the background, scenePhase == .background so I trigger something that would force the user to authenticate with Face ID/Touch ID when the app is next brought to the foreground or launched. However, this doesn't seem to work. The biometrics authentication is executed, but it just lets the user in without showing the Face ID animation. I put my finger over the sensors so it couldn't possibly be authenticating, but it just lets them in. Here's a quick set of logs: scenePhase == .inactive - User showed app switcher scenePhase == .background - User swiped up fully, went to Home Screen scenePhase == .inactive - User has tapped the app icon scenePhase == .active - App is now active authenticate() - Method called authenticate(), authenticateViaBiometrics() == true - User is going to be authenticated via Face ID // Face ID did not appear! success = true - Result of calling `context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics` means user was authenticated successfully error = nil - No error in the authentication policy authenticate(), success - Method finished, user was authenticated Here's the code: print("authenticate(), authenticateViaBiometrics() == true - User is going to be authenticated via Face ID") var error: NSError? guard context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else { // Handle permission denied or error print("authenticate(), no permission, or error") authenticated = false defaultsUpdateAuthenticated(false) defaultsUpdateAuthenticateViaBiometrics(false) return } context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: "Authenticate with biometrics") { (success, error) in DispatchQueue.main.async { print("success = \(success)") print("error = \(String(describing: error?.localizedDescription))") if(success) { print("authenticate(), success") authenticated = true } else { print("authenticate(), failure") authenticated = false } } } This happens with or without the DispatchQueue... call.
2
0
893
Aug ’24
Can developers know if App lock (Require passcode) has been enabled for my app in iOS 18.
My app already has an app lock system which includes text & biometric combinations. Now iOS 18 has introduced a passcode lock for every app. So if users want to enable the app lock provided by us (developer), we want to inform them that you have enabled the iOS-provided app lock, in addition to that do you want to allow app-specific lock? For this, developers want to know whether iOS-provided app lock is enabled. -Rajdurai
1
0
640
Aug ’24
Use/Request Touch ID without Authentication Prompt
On macOS, in the Apple Passwords app (currently inside Settings but soon to be it's own full fledged app in Sequoia) the user is presented with a screen requesting that they touch the fingerprint reader (see attached). If we'd like to do something similar, e.g. unlock some sensitive/secure part of our app, by requesting the user touch the Touch ID sensor, but without doing the whole system prompt (LAContext.evaluatePolicy()), how can we do that? Is that possible for mere mortal developers, and if not, why not?
2
0
830
Jul ’24
Customise text for Secure Enclave authentications
Hello, I am writing a macOS CLI application that holds cryptocurrency funds and uses Secure Enclave for security. I intend to create APIs so that other applications can create transactions from user's wallet in a secure way for the user. I am using P256 curve and authenticating a transaction involves making a signature for a hash of transaction data. Currently, this is how the authentication box looks like: However, this does not display any information about the transaction. If user is using my application, then I could display the information in the terminal. However, if some other CLI app wants to create transactions for the user, printing information in the terminal is insecure since a malicious app could override what is being printed. I see a rich authentication UI in apple apps. I wonder if there is a way to write UI for such applications. I would like to display some transaction information in the box instead of just "myapp needs to authenticate to continue". It would be great if there is a way to customize that text / add more text to it.
1
0
632
Jul ’24
Local Authentication Guidelines and Rules
Hi, I would like to know the guidelines or rules regarding the implementation of Local Authentication. My client requirements are: After the user login in with username and password, reset password, it will then authorize face id or passcode to be able to access/navigate the app. Subsequent access will also require face id or passcode to access the app. Clicking app notifications when app is closed will require face id or passcode to access app. Is this a proccess allowed by Apple? Thanks
0
0
686
Jun ’24