Home > database >  How to detect Local Authentication permission state haven't triggered in Swift?
How to detect Local Authentication permission state haven't triggered in Swift?

Time:01-30

I am implementing biometric login into my iOS app in Swift, and I have use this API :

var permissions = context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics,error: &failureReason)

to check whether biometric is supported. It is working normal if Face ID permission was allowed. However, after uninstall and rerun from XCode, with calling canEvaluatePolicy without any permission prompt, it still return the supported biometric in response closure. I was wondering what is the different between before allowed permission and after allowed permission. enter image description here

May i know any solution/ way to know the permission state for this, thank you.

CodePudding user response:

When you make a call such as:

var permissions = context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &failureReason)

then iOS will run through the following checks:

  • Does the device have Face ID capability?

    • Yes: Is Face ID setup on the device?
      • Yes: Is the app's Face ID permission enabled?
        • Yes: return true
        • No: Fallback to device passcode
      • No: Fallback to device passcode
    • No: Fallback to Touch ID
  • Does the device have Touch ID capability?

    • Yes: Is Touch ID setup on the device?
      • Yes: Is the app's Touch ID permission enabled?
        • Yes: return true
        • No: Fallback to device passcode
      • No: Fallback to device passcode
    • No: Fallback to device passcode
  • Does the device have a passcode setup?

    • Yes: return true
    • No: return false (no Face ID, no Touch ID, no passcode)

When you call evaluatePolicy the first time after a fresh install of the app, iOS will prompt the user whether it should allow Face ID (if the device supports Face ID and Face ID has been setup on the device) and it will show the app-provided reason string entered into Info.plist for the "Privacy - Face ID Usage Description".

The user selection affects the app's Face ID permission. Once the user makes their choice, the evaluation goes through the same logic as shown above. Depending on the result, iOS will either authenticate via Face ID, Touch ID, or passcode.

If you delete an app and then do a fresh install via Xcode then the whole process starts over and the user will be prompted again on first use.

The biometryType value of LAContext is independent of the app's permission. It's what the device supports which is either Face ID, Touch ID, or neither. The value allows your app to use appropriate messaging in your user interface.

For example, you can use the value to label a switch as either "Enable Face ID Login" or "Enable Touch ID Login".

The app's permission ultimately will determine if either Face ID or Touch ID (based on the capabilities of the device) will end up falling back to just asking for the passcode.

  • Related