Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
cordova-plugin-fingerprint-aio
Advanced tools
Cordova plugin to use fingerprint authentication on Android and iOS
This plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS.
Version 4.0 of this plugin is a significant upgrade over the previous versions. Previous versions only allowed a visual fingerprint prompt. Version 4.0 allows saving an encrypted secret behind the biometric prompt for true security. Please test it out and report any issues. If this plugin has security issues please check the security policy. If you do audits using this plugin please let me know the results. My email is on my Github profile.
Version 4 was developed almost 100% by other people than me (@NiklasMerz). Please thank these awesome people for their work: @exxbrain, @leolio86400. This is a community driven plugin and I don't do any real development anymore. But triaging issues and rewiewing and testing PRs is cumbersome work. If you depend on this plugin for your product please consider becoming my sponsor on Github to keep it going for a while. Some day I may consider stop working on it and pass it on to somebody interested.
Version 4.0 is awesome so please us it and let us fix it:smile:.
<preference name="SwiftVersion" value="5.0" />
in your config.xmlTutorial about using this plugin with Ionic thanks to Paul Halliday (old plugin version!!)
Install from NPM
cordova plugin add cordova-plugin-fingerprint-aio --save
If you want to set a FaceID description use:
cordova plugin add cordova-plugin-fingerprint-aio --variable FACEID_USAGE_DESCRIPTION="Login now...."
Use the release candidate for testing the latest fixes
You can use preview versions with the rc
tag on npm.
cordova plugin add cordova-plugin-fingerprint-aio@rc
Use this Github repo
Get the latest development version. Not recommended!
cordova plugin add https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio.git
Fingerprint.isAvailable(isAvailableSuccess, isAvailableError, optionalParams);
function isAvailableSuccess(result) {
/*
result depends on device and os.
iPhone X will return 'face' other Android or iOS devices will return 'finger' Android P+ will return 'biometric'
*/
alert("Fingerprint available");
}
function isAvailableError(error) {
// 'error' will be an object with an error code and message
alert(error.message);
}
true
checks if backup authentication option is available, e.g. passcode. Default: false
, which means check for biometrics only.true
will only return success if Class 3 (BIOMETRIC_STRONG) Biometrics are enrolled on the device. It is reccomended you use this if planning on using the registerBiometricSecret
and loadBiometricSecret
methods.Fingerprint.show({
description: "Some biometric description"
}, successCallback, errorCallback);
function successCallback(){
alert("Authentication successful");
}
function errorCallback(error){
alert("Authentication invalid " + error.message);
}
"<APP_NAME> Biometric Sign On"
null
"Authenticate"
(iOS' evaluatePolicy() requires this field)null
"Cancel"
"Use PIN"
"Use Backup"
(Because backup could be anything pin/pattern/password ..haven't figured out a reliable way to determine lock type yet source)true
remove backup option on authentication dialogue. Default: false
. This is useful if you want to implement your own fallback.false
user confirmation is NOT required after a biometric has been authenticated . Default: true
. See docs.Fingerprint.registerBiometricSecret({
description: "Some biometric description",
secret: "my-super-secret",
invalidateOnEnrollment: true,
disableBackup: true, // always disabled on Android
}, successCallback, errorCallback);
function successCallback(){
alert("Authentication successful");
}
function errorCallback(error){
alert("Authentication invalid " + error.message);
}
This may show an authentication prompt.
"<APP_NAME> Biometric Sign On"
null
"Authenticate"
(iOS' evaluatePolicy() requires this field)null
"Cancel"
"Use PIN"
"Use Backup"
(Because backup could be anything pin/pattern/password ..haven't figured out a reliable way to determine lock type yet source)true
remove backup option on authentication dialogue. Default: false
. This is useful if you want to implement your own fallback. NOTE: it will be disabled on Androidfalse
user confirmation is NOT required after a biometric has been authenticated . Default: true
. See docs.true
secret will be deleted when biometry items are deleted or enrolledFingerprint.loadBiometricSecret({
description: "Some biometric description",
disableBackup: true, // always disabled on Android
}, successCallback, errorCallback);
function successCallback(secret){
alert("Authentication successful, secret: " + secret);
}
function errorCallback(error){
alert("Authentication invalid " + error.message);
}
"<APP_NAME> Biometric Sign On"
null
"Authenticate"
(iOS' evaluatePolicy() requires this field)null
"Cancel"
"Use PIN"
"Use Backup"
(Because backup could be anything pin/pattern/password ..haven't figured out a reliable way to determine lock type yet source)true
remove backup option on authentication dialogue. Default: false
. This is useful if you want to implement your own fallback. NOTE: it will be disabled on Androidfalse
user confirmation is NOT required after a biometric has been authenticated . Default: true
. See docs.-100
;-101
;-102
;-103
;-104
;-105
;-106
;-107
;-108
;-109
;-110
;-111
;-112
;-113
;Thanks to the authors of the original fingerprint plugins
Some code is refactored from their projects and I learned how to make Cordova plugins from their great plugins:
@EddyVerbruggen and @mjwheatley
Starting with version 3.0.0 the iOS and Android parts are written from scratch.
The project is MIT licensed: MIT.
FAQs
Cordova plugin to use fingerprint authentication on Android and iOS
We found that cordova-plugin-fingerprint-aio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.