oblador
Wrapped error: User not authenticated on Android with TouchId and FaceId available
Hi, I'm using Samsung S9 (it has touch Id and faceId ).
Step to reproduce : install new project and add react-native-keychain;
on set data : Keychain.setInternetCredentials(server,username,password, {accessControl:Keychain.ACCESS_CONTROL.BIOMETRY_ANY});
on get data : const credentials = await Keychain.getInternetCredentials(server);
actual : - When use touchId there's credential callback.
- When use FaceId of this device, after authentication callback success, decryptBytes in native Android still failed, and It throw android.security.keystore.UserNotAuthenticatedException: User not authenticated
Please help.
I'm using : { "react-native-keychain": "^5.0.1", "react-native": "0.61.5" }
Same Issue, when Running on Device with Face and touch both, Biometric authorisation works but decryption from keystore fails : { "framesToPop":1, "nativeStackAndroid":[ { "methodName":"decryptToResult", "lineNumber":616, "file":"KeychainModule.java", "class":"com.oblador.keychain.KeychainModule" }, { "methodName":"decryptCredentials", "lineNumber":592, "file":"KeychainModule.java", "class":"com.oblador.keychain.KeychainModule" }, { "methodName":"getGenericPassword", "lineNumber":293, "file":"KeychainModule.java", "class":"com.oblador.keychain.KeychainModule" }, { "methodName":"getGenericPasswordForOptions", "lineNumber":321, "file":"KeychainModule.java", "class":"com.oblador.keychain.KeychainModule" }, { "methodName":"invoke", "lineNumber":-2, "file":"Method.java", "class":"java.lang.reflect.Method" }, { "methodName":"invoke", "lineNumber":371, "file":"JavaMethodWrapper.java", "class":"com.facebook.react.bridge.JavaMethodWrapper" }, { "methodName":"invoke", "lineNumber":150, "file":"JavaModuleWrapper.java", "class":"com.facebook.react.bridge.JavaModuleWrapper" }, { "methodName":"run", "lineNumber":-2, "file":"NativeRunnable.java", "class":"com.facebook.react.bridge.queue.NativeRunnable" }, { "methodName":"handleCallback", "lineNumber":883, "file":"Handler.java", "class":"android.os.Handler" }, { "methodName":"dispatchMessage", "lineNumber":100, "file":"Handler.java", "class":"android.os.Handler" }, { "methodName":"dispatchMessage", "lineNumber":26, "file":"MessageQueueThreadHandler.java", "class":"com.facebook.react.bridge.queue.MessageQueueThreadHandler" }, { "methodName":"loop", "lineNumber":228, "file":"Looper.java", "class":"android.os.Looper" }, { "methodName":"run", "lineNumber":225, "file":"MessageQueueThreadImpl.java", "class":"com.facebook.react.bridge.queue.MessageQueueThreadImpl$4" }, { "methodName":"run", "lineNumber":919, "file":"Thread.java", "class":"java.lang.Thread" } ], "userInfo":null, "message":"Wrapped error: User not authenticated", "code":"E_CRYPTO_FAILED", "line":2132, "column":45, "sourceURL":"http://localhost:8081/index.bundle?platform=android&dev=true&minify=false" }"'"
@cschultz1272 @AnmolShrma @gastonyelmini @krutkowski86 @10xamohan @hoangcxa
Gentlemen, I need your help to reproduce this issue. Since it happens only on specific combination of phone and Android version, I need to know what exactly you're running.
Could you please use this APK and attach here the report it produced? get-device-info.apk.zip
Best regards, John
@cschultz1272 @AnmolShrma @gastonyelmini @krutkowski86 @10xamohan @hoangcxa
Gentlemen, I need your help to reproduce this issue. Since it happens only on specific combination of phone and Android version, I need to know what exactly you're running.
Could you please use this APK and attach here the report it produced? get-device-info.apk.zip
Best regards, John
@john-y-pazekha Not able to Install the apk, getting parser error for the package.
Same issue. Cant install the apk - adb: failed to install get-device-info.apk: Failure [INSTALL_FAILED_TEST_ONLY: installPackageLI] I'm on Android S10e (SM-G970U), Android 10 Fingerprint works fine. Face is recognized but fails to decrypt.
I'm facing the same issue. The app is able to authenticate through fingerprint, but not through face-unlock. This leads to a really bad UX, especially for those that don't have fingerprint on their device, but only face-unlock. Does any of you found a workaround?
@DorianMazur @oblador same error here. Any workaround for this or perhaps can we block Face ID on android as a hotfix or something?
Device: Samsung S23 FE with Android 14 Biometric: Both touchID and FaceID turn on react-native-keychain: 10.0.0 react-native: 0.75.5
Hi there,
On Android, the current Face ID implementation is categorized as a level 2 biometric. This means it doesn't meet the higher security threshold we require—level 3—for sensitive operations. Essentially, while the device supports both Face ID and fingerprint authentication, only fingerprint (or another level 3 biometric) offers the robust security guarantees keychain needs
@Bowlerr thanks for the reply, that's really helpful.
Yup, realised Samsung Face ID is categorised as a L2 and won't be used for keychain. This is working correctly on 9.2.3, my Samsung only pops up fingerprint auth, but on 10.0.0 it also pops up Face ID as optional and when I click on using Face ID it returns "User not authenticated" as expected because L2 Face ID can't open keychain.
Is there a chance to not showing Face ID option for android user?
