@aparajita/capacitor-biometric-auth
Advanced tools
Provides access to the native biometric auth APIs for Capacitor apps
This plugin for Capacitor 5 provides access to native biometry on iOS and Android. It supports every type of biometry and every configuration option on both platforms. In addition, biometry is simulated on the web so you can test your logic without making any changes to your code.
👉 NOTE: This plugin only works with Capacitor 5. If you are upgrading from the Capacitor 2 version, note that the plugin name has changed to BiometricAuth.
🛑 BREAKING CHANGE: If you are upgrading from a version prior to 6.0.0, please note that authenticate() now throws an instance of BiometryError, and BiometryError.code is now typed as BiometryErrorType.
Here is capacitor-biometric-auth running on the demo app on both iOS and Android.
| iOS | Android |
|---|---|
pnpm add @aparajita/capacitor-biometric-auth
Not using pnpm? You owe it to yourself to give it a try. It’s faster, better with monorepos, and uses way, way less disk space than the alternatives.
👉 IMPORTANT!! In order to use Face ID, you must add the NSFaceIDUsageDescription key to your Info.plist file. This is a string that describes why your app needs access to Face ID. If you don’t add this key, the system won’t allow your app to use Face ID.
Info.plist file.+ button that appears.Privacy - Face ID Usage Description and press Enter.The API is extensively documented in the TypeScript definitions file. There is also (somewhat incomplete auto-generated) documentation below. For a complete example of how to use this plugin in practice, see the demo app.
👉 NOTE: Your Android app must use a base theme named "AppTheme".
Before giving the user the option to use biometry (such as displaying a biometry icon), call checkBiometry() and inspect the CheckBiometryResult to see what (if any) biometry is available on the device. Note the following:
isAvailable may be false but biometryType may indicate the presence of biometry on the device. This occurs if the current user is not enrolled in biometry, or if biometry has been disabled for the current app. In such cases the reason and code will tell you why.
biometryTypes may contain more than one type of biometry. This occurs on Android devices that support multiple types of biometry. In such cases the biometryType will indicate the primary (most secure) type of biometry, and the biometryTypes array will contain all of the biometry types supported by the device. Note that Android only guarantees that one of the types is actually available.
Because the availability of biometry can change while your app is in the background, it’s important to check availability when your app resumes. By calling addResumeListener() you can register a callback that is passed a CheckBiometryResult when your app resumes.
import { CheckBiometryResult } from './definitions'
let appListener: PluginListenerHandle
function updateBiometryInfo(info: CheckBiometryResult): void {
if (info.isAvailable) {
// Biometry is available, info.biometryType will tell you the primary type.
} else {
// Biometry is not available, info.reason and info.code will tell you why.
}
}
async function onComponentMounted(): Promise<void> {
updateBiometryInfo(await BiometricAuth.checkBiometry())
try {
appListener = await BiometricAuth.addResumeListener(updateBiometryInfo)
} catch (error) {
if (error instanceof Error) {
console.error(error.message)
}
}
}
async function onComponentUnmounted(): Promise<void> {
await appListener?.remove()
}
To initiate biometric authentication call authenticate(). authenticate takes an AuthenticateOptions object which you will want to use in order to control the behavior and appearance of the biometric prompt.
If authentication succeeds, the Promise resolves. If authentication fails, the Promise is rejected with an instance of BiometryError, which has two properties:
| Property | Type | Description |
|---|---|---|
| message | string | A description of the error suitable for debugging |
| code | BiometryErrorType | What caused the error |
import { BiometryError, BiometryErrorType } from './definitions'
async function authenticate(): Promise<void> {
try {
await BiometricAuth.authenticate({
reason: 'Please authenticate',
cancelTitle: 'Cancel',
allowDeviceCredential: true,
iosFallbackTitle: 'Use passcode',
androidTitle: 'Biometric login',
androidSubtitle: 'Log in using biometric authentication',
androidConfirmationRequired: false,
})
} catch (error) {
// error is always an instance of BiometryError.
if (error instanceof BiometryError) {
if (error.code !== BiometryErrorType.userCancel) {
// Display the error.
await showAlert(error.message)
}
}
}
}
On the web, you can fake any of the supported biometry types by calling setBiometryType().
On iOS, Touch ID and Face ID are supported.
On Android, fingerprint, face, and iris authentication are supported. Note that if a device supports more than one type of biometry, the plugin will only present the primary (most secure) type, which is determined by the system.
checkBiometry()setBiometryType(...)authenticate(...)addResumeListener(...)This is the public interface of the plugin.
checkBiometry() => Promise<CheckBiometryResult>
Check to see what biometry type (if any) is available.
Returns: Promise<CheckBiometryResult>
setBiometryType(type: BiometryType | string | undefined) => Promise<void>
web only
On the web, this method allows you to dynamically simulate different types of biometry. You may either pass a BiometryType enum or the string name of a BiometryType. If a string is passed and it isn't a valid value, nothing happens.
| Param | Type |
|---|---|
| type | string | BiometryType |
authenticate(options?: AuthenticateOptions) => Promise<void>
Prompt the user for authentication. If authorization fails for any reason, the promise is rejected with a BiometryError.
For detailed information about the behavior on iOS, see:
https://developer.apple.com/documentation/localauthentication/lapolicy/deviceownerauthenticationwithbiometrics
Some versions of Android impose a limit on the number of failed attempts. If allowDeviceCredential is true, when the limit is reached the user will then be presented with a device credential prompt. If allowDeviceCredential is false, when the limit is reached authenticate() will reject with a BiometryErrorType of biometryLockout, after which the user will have to wait the system-defined length of time before being allowed to authenticate again.
| Param | Type |
|---|---|
| options | AuthenticateOptions |
addResumeListener(listener: ResumeListener) => Promise<PluginListenerHandle>
Register a function that will be called when the app resumes. The function will be passed the result of checkBiometry().
👉 NOTE: checkBiometry() must be called at least once before calling this method.
| Param | Type |
|---|---|
| listener | ResumeListener |
Returns: Promise<PluginListenerHandle>
| Prop | Type | Description |
|---|---|---|
| isAvailable | boolean | True if the device has biometric authentication capability and the current user has enrolled in some form of biometry. |
| biometryType | BiometryType | The primary type of biometry available on the device. If the device supports both fingerprint and face authentication, this will be BiometryType.touchId. |
| biometryTypes | BiometryType[] | All of the biometry types supported by the device (currently only Android devices support multiple biometry types). If no biometry is available, this will be an empty array. If multiple types are supported, Android only guarantees that one of them is actually available. |
| reason | string | If biometry is not available and the system gives a reason why, it will be returned here. Otherwise it's an empty string. |
| code | BiometryErrorType | If biometry is not available, the error code will be returned here. Otherwise it's an empty string. The error code will be one of the BiometryErrorType enum values, and is consistent across platforms. |
| Prop | Type | Description |
|---|---|---|
| reason | string | The reason for requesting authentication. Displays in the authentication dialog presented to the user. If not supplied, a default message is displayed. |
| cancelTitle | string | iOS: The system presents a cancel button during biometric authentication to let the user abort the authentication attempt. The button appears every time the system asks the user to present a finger registered with Touch ID. For Face ID, the button only appears if authentication fails and the user is prompted to try again. Either way, the user can stop trying to authenticate by tapping the button. Android: The text for the negative button. This would typically be used as a "Cancel" button, but may be also used to show an alternative method for authentication, such as a screen that asks for a backup password. Default: "Cancel" |
| allowDeviceCredential | boolean | If true, allows for authentication using device unlock credentials. Default is false. iOS: If biometry is available, enrolled, and not disabled, the system uses that first. After the first Touch ID failure or second Face ID failure, if iosFallbackTitle is not an empty string, a fallback button appears in the authentication dialog. If the user taps the fallback button, the system prompts the user for the device passcode or the user’s password. If iosFallbackTitle is an empty string, no fallback button will appear.If biometry is not available, enrolled and enabled, and a passcode is set, the system immediately prompts the user for the device passcode or user’s password. Authentication fails with the error code passcodeNotSet if the device passcode isn’t enabled.If a passcode is not set on the device, a passcodeNotSet error is returned.The system disables passcode authentication after 6 unsuccessful attempts, with progressively increasing delays between attempts. The title of the fallback button may be customized by setting iosFallbackTitle to a non-empty string.Android: The user will first be prompted to authenticate with biometrics, but also given the option to authenticate with their device PIN, pattern, or password by tapping a button in the authentication dialog. The title of the button is supplied by the system. |
| iosFallbackTitle | string | The system presents a fallback button when biometric authentication fails — for example, because the system doesn’t recognize the presented finger, or after several failed attempts to recognize the user’s face. If allowDeviceCredential is false, tapping this button dismisses the authentication dialog and returns the error code userFallback. If undefined, the localized system default title is used. Passing an empty string hides the fallback button completely.If allowDeviceCredential is true and this is undefined, the localized system default title is used. |
| androidTitle | string | Title for the Android dialog. If not supplied, the system default is used. |
| androidSubtitle | string | Subtitle for the Android dialog. If not supplied, the system default is used. |
| androidConfirmationRequired | boolean | If not set, defaults to true. For information on this setting, see https://developer.android.com/reference/android/hardware/biometrics/BiometricPrompt.Builder#setConfirmationRequired(boolean). |
| Method | Signature |
|---|---|
| remove | () => Promise<void> |
The signature of the callback passed to addResumeListener().
(info: CheckBiometryResult): void
| Members | Description |
|---|---|
| none | No biometry is available |
| touchId | iOS Touch ID is available |
| faceId | iOS Face ID is available |
| fingerprintAuthentication | Android fingerprint authentication is available |
| faceAuthentication | Android face authentication is available |
| irisAuthentication | Android iris authentication is available |
| Members | Value |
|---|---|
| none | '' |
| appCancel | 'appCancel' |
| authenticationFailed | 'authenticationFailed' |
| invalidContext | 'invalidContext' |
| notInteractive | 'notInteractive' |
| passcodeNotSet | 'passcodeNotSet' |
| systemCancel | 'systemCancel' |
| userCancel | 'userCancel' |
| userFallback | 'userFallback' |
| biometryLockout | 'biometryLockout' |
| biometryNotAvailable | 'biometryNotAvailable' |
| biometryNotEnrolled | 'biometryNotEnrolled' |
| noDeviceCredential | 'noDeviceCredential' |
FAQs
Provides access to the native biometric auth & device security APIs for Capacitor apps
The npm package @aparajita/capacitor-biometric-auth receives a total of 5,375 weekly downloads. As such, @aparajita/capacitor-biometric-auth popularity was classified as popular.
We found that @aparajita/capacitor-biometric-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.