This library offers a simple contract to use the biometry across Android, iOS and Windows (UWP & WinUI).
The Biometry Service Interface IBiometryService is made of the following methods:
- GetGapabilites
- ScanBiometry
- Encryt
- Decrypt
- Remove
As of now, this is the list of features available per platform.
| Feature | iOS | Android | UWP | WinUI |
|---|---|---|---|---|
| GetCapability | ✓ | ✓ | ✓ | ✓ |
| ValidateIdentity | ✓ | ✓ | ✗ | ✗ |
| Encrypt | ✓ | ✓ | ✗ | ✗ |
| Decrypt | ✓ | ✓ | ✗ | ✗ |
Install the latest stable version of BiometryService in your platform heads and BiometryService.Abstractions in your presentation layer if you are using MVVM pattern, and if not just install both in your platform heads.
A small sample Uno application is available as a playground with some basic command to test the service methods. They also provide some basic initialization but no dependency injection and more complex code.
Face authentication is only available when using .SetAllowedAuthenticators(AndroidX.Biometric.BiometricManager.Authenticators.BiometricWeak) in the BiometricPrompt.PromptInfo.Builder instantiation that is required for the service. Please note that if you are using .SetAllowedAuthenticators(AndroidX.Biometric.BiometricManager.Authenticators.BiometricStrong) in the BiometricPrompt.PromptInfo.Builder Face authentication is only available on a Google Pixel 4 as of now.
Please note that Encrypt/Decrypt methods are only available when using .SetAllowedAuthenticators(AndroidX.Biometric.BiometricManager.Authenticators.BiometricStrong) in the BiometricPrompt.PromptInfo.Builder instantiation that is required for the service.
Please also note that the title and subtitle are used for Fingerprint and Face biometry.
Here is an example of instantiation of the service for Android.
var promptBuilder = () => new BiometricPrompt.PromptInfo.Builder()
.SetTitle("Title")
.SetSubtitle("Subtitle")
.SetNegativeButtonText("Cancel")
.SetAllowedAuthenticators(AndroidX.Biometric.BiometricManager.Authenticators.BiometricStrong)
.Build();
var biometryService = new BiometryService(
fragmentActivity: MainActivity.Instance,
promptInfoBuilder: promptBuilder,
loggerFactory: null
);Please note that you must set NSFaceIDUsageDescription (key/value) in the Info.plist file otherwise the service will throw an exception.
Please also note that the prompt builder subtitle is used for Fingerprint biometry only.
Here is an example of instantiation of the service for iOS.
_biometryService = new BiometryService(
useOperationPrompt: "Subtitle",
laContext: null,
localAuthenticationPolicy: LAPolicy.DeviceOwnerAuthenticationWithBiometrics,
loggerFactory: null
);Please note that in case of error, BiometryException is thrown.
Biometry Exception Types:
Failed: Any other failures while trying to use the device biometrics.Unavailable: The device biometrics is not available.NotEnrolled: The device has not been enrolled to use biometrics.PasscodeNeeded: The passcode needs to be set on the device.Locked:- The device has been locked from using his biometrics.
- Due mostly to too many attempts.
- User have to try again later or unlock his device again.
KeyInvalidated:- Biometric information has changed (E.g. Touch ID or Face ID has changed).
- User have to set up biometric authentication again.
If it's a cancellation error, OperationCanceledException is thrown.
Gets the device's current biometric capabilities.
It will return a struct BiometryCapabilities with the detailled device configuration.
Attemps to scan the user's biometry.
await biometryService.ScanBiometry(cancellationToken);Encrypts the value and stores it into the platform secure storage with the given key name.
await biometryService.Encrypt(cancellationToken, "KeyName", "KeyValue");A new CryptoObject from AndroidX.Biometric is created with a key as a parameter. Then the data will be encrypted and presented to the BiometricPrompt manager.
The final step will encode the data in base64 and store it in App with the shared preferences.
The SecKeyChain will be used to store a string linked to a key. The OS is in charge of securing the data with biometric authentication during the process.
Decrypts and gets the data associated to the given key name.
await biometryService.Decrypt(cancellationToken, "KeyName");Retrieve the shared preference encrypted data, then decrypt it with the secret as a parameter by presenting it to the BiometricPrompt manager.
Retrieve the encrypted data from the SecKeyChain with the secret as a parameter. iOS is in charge of decrypting the data with biometric Authentication during the process.
Removes the ecrypted value in the platform secure storage.
biometryService.Remove("KeyName");Remove the encrypted data from the shared preferences.
Remove the encrypted data from the SecKeyChain.
Please consult the CHANGELOG for more information about version history.
This project is licensed under the Apache 2.0 license - see the LICENSE file for details.
Please read CONTRIBUTING.md for details on the process for contributing to this project.
Be mindful of our Code of Conduct.