expo
[expo-secure-store] `requireAuthentication: true` does not work if there is only passcode is enabled
Minimal reproducible example
What platform(s) does this occur on?
iOS
Where did you reproduce the issue?
in a development build
Summary
I was trying to protect data using Biometric auth using requireAuthentication: true. It works if user has enabled the touch/face id. But if only passcode is enabled then it's not working. When I look into the current implementation
SecureStoreModule.swift:107 seem like currently we're using .biometryCurrentSet , which
Constraint to access an item with Touch ID for currently enrolled fingers, or from Face ID with the currently enrolled user.
This is very bad UX if user want to only use passcode and data we want to persist securely does not persist although they have enrolled with passcode.
To provide more option/flexibility, we should use .userPresence
Constraint to access an item with either biometry or passcode.
Is there any other reason we're using .biometryCurrentSet? If there is not such reason then we should definitely need to change it to .userPresence.
Environment
-
Expo Doctor Diagnostics
-
