Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

cordova-plugin-android-fingerprint-auth

mjwheatley3.1kApache 2.01.5.0TypeScript support: included

Cordova plugin to use Android fingerprint authentication API

cordova, plugin, android, fingerprint, authentication, ecosystem:cordova, cordova-android

readme

Update to Version 1.4.0

Please consult the changelog.

About

This plugin was created referencing the Fingerprint Dialog sample and the Confirm Credential sample referenced by the Android 6.0 APIs webpage.

This plugin will open a native dialog fragment prompting the user to authenticate using their fingerprint. If the device has a secure lockscreen (pattern, PIN, or password), the user may opt to authenticate using that method as a backup.

This plugin will only work on devices whose manufacturers have implemented the Android 6.0 Fingerprint Authentication API. This plugin does not support the Samsung Pass SDK and not all Samsung devices implement the Android 6.0 Fingerprint Authentication API. If you are testing this plugin on a Samsung device and it is not working, please check the device compatibility before reporting an issue.

Screenshots

Fingerprint Authentication Dialog

Fingerprint Auth Dialog Fingerprint Auth Dialog Success Fingerprint Auth Dialog Fail Fingerprint Auth Dialog Too Many Fingerprint Auth Dialog No Backup Fingerprint Auth Dialog No Backup

Backup Credentials

Confirm Password Confirm PIN Confirm Pattern

Installation

Cordova

cordova plugin add cordova-plugin-android-fingerprint-auth

Ionic

ionic cordova plugin add cordova-plugin-android-fingerprint-auth

Meteor

meteor add cordova:cordova-plugin-android-fingerprint-auth@1.2.7 (or present version)

How to use

  • Call isAvailable() to check the fingerprint status.
  • Call encrypt() or decrypt() show the Authentication Dialog.
  • Call delete() when you want to delete the cipher for the user.

If you are not concerned with encrypting credentials and just want device authentication (fingerprint or backup), just call encrypt() with a clientId and look for a callback to the successCallback.

Encrypt/Decrypt User Credentials

  • Encrypt user credentials
    • Have user sign in with username and password.
    • Check plugin availability and pass username and password to encrypt().
    • Store encrypted token with user profile.
  • Decrypt user credentials
    • Prompt for username.
    • Query on username to retrieve encrypted token.
    • Pass username and token to decrypt() to return password.
    • Login using username and decrypted password.

Example implementation

API Reference

FingerprintAuth.isAvailable(successCallback, errorCallback)

Opens a native dialog fragment to use the device hardware fingerprint scanner to authenticate against fingerprints registered for the device.

isAvailable() Result Object

Param Type Description
isAvailable boolean Fingerprint Authentication Dialog is available for use.
isHardwareDetected boolean Device has hardware fingerprint sensor.
hasEnrolledFingerprints boolean Device has any fingerprints enrolled.

Example

FingerprintAuth.isAvailable(isAvailableSuccess, isAvailableError);

/**
 * @return {
 *      isAvailable:boolean,
 *      isHardwareDetected:boolean,
 *      hasEnrolledFingerprints:boolean
 *   }
 */
function isAvailableSuccess(result) {
    console.log("FingerprintAuth available: " + JSON.stringify(result));
    if (result.isAvailable) {
        var encryptConfig = {}; // See config object for required parameters
        FingerprintAuth.encrypt(encryptConfig, encryptSuccessCallback, encryptErrorCallback);
    }
}

function isAvailableError(message) {
    console.log("isAvailableError(): " + message);
}

FingerprintAuth Config Object

Param Type Default Description
clientId String undefined (REQUIRED) Used as the alias for your app's secret key in the Android Key Store. Also used as part of the Shared Preferences key for the cipher userd to encrypt the user credentials.
username String undefined Used to create credential string for encrypted token and as alias to retrieve the cipher.
password String undefined Used to create credential string for encrypted token
token String undefined Data to be decrypted. Required for decrypt().
disableBackup boolean false Set to true to remove the "USE BACKUP" button
maxAttempts number 5 The device max is 5 attempts. Set this parameter if you want to allow fewer than 5 attempts.
locale String "en_US" Change the language displayed on the authentication dialog.
  • English: "en_US"
  • Italian: "it"
  • Spanish: "es"
  • Russian: "ru"
  • French: "fr"
  • Chinese (Simplified):
    • "zh_CN"
    • "zh_SG"
  • Chinese (Traditional):
    • "zh"
    • "zh_HK"
    • "zh_TW"
    • "zh_MO"
  • Norwegian: "no"
  • Portuguese: "pt"
  • Japanese: "ja"
  • German: "de"
  • Thai: "th"
  • Arabic: "ar"
  • Korean: "ko", "ko-KR"
userAuthRequired boolean false Require the user to authenticate with a fingerprint to authorize every use of the key. New fingerprint enrollment will invalidate key and require backup authenticate to re-enable the fingerprint authentication dialog.
encryptNoAuth boolean undefined Bypass authentication and just encrypt input. If true this option will not display the authentication dialog for fingerprint or backup credentials. It will just encrypt the input and return a token.
dialogTitle String undefined Set the title of the fingerprint authentication dialog.
dialogMessage String undefined Set the message of the fingerprint authentication dialog.
dialogHint String undefined Set the hint displayed by the fingerprint icon on the fingerprint authentication dialog.

FingerprintAuth.encrypt(encryptConfig, encryptSuccessCallback, encryptErrorCallback)

Result Object

Param Type Description
withFingerprint boolean User authenticated using a fingerprint
withBackup boolean User authenticated using backup credentials.
token String Will contain the base64 encoded credentials upon successful fingerprint authentication.

Example 

var encryptConfig = {
    clientId: "myAppName",
    username: "currentUser",
    password: "currentUserPassword"
};


FingerprintAuth.encrypt(encryptConfig, successCallback, errorCallback);

function successCallback(result) {
    console.log("successCallback(): " + JSON.stringify(result));
    if (result.withFingerprint) {
        console.log("Successfully encrypted credentials.");
        console.log("Encrypted credentials: " + result.token);  
    } else if (result.withBackup) {
        console.log("Authenticated with backup password");
    }
}

function errorCallback(error) {
    if (error === FingerprintAuth.ERRORS.FINGERPRINT_CANCELLED) {
        console.log("FingerprintAuth Dialog Cancelled!");
    } else {
        console.log("FingerprintAuth Error: " + error);
    }
}

FingerprintAuth.decrypt(decryptConfig, encryptSuccessCallback, encryptErrorCallback)

Result Object

Param Type Description
withFingerprint boolean User authenticated using a fingerprint
withBackup boolean User authenticated using backup credentials.
password String Will contain the decrypted password upon successful fingerprint authentication.

Example 

var decryptConfig = {
    clientId: "myAppName",
    username: "currentUser",
    token: "base64encodedUserCredentials"
};

FingerprintAuth.decrypt(decryptConfig, successCallback, errorCallback);

function successCallback(result) {
    console.log("successCallback(): " + JSON.stringify(result));
    if (result.withFingerprint) {
        console.log("Successful biometric authentication.");
        if (result.password) {
            console.log("Successfully decrypted credential token.");
            console.log("password: " + result.password);  
        }
    } else if (result.withBackup) {
        console.log("Authenticated with backup password");
    }
}

function errorCallback(error) {
    if (error === FingerprintAuth.ERRORS.FINGERPRINT_CANCELLED) {
        console.log("FingerprintAuth Dialog Cancelled!");
    } else {
        console.log("FingerprintAuth Error: " + error);
    }
}

FingerprintAuth.delete(config, successCallback, errorCallback)

Used to delete a cipher.

Config Object

Param Type Default Description
clientId String undefined (REQUIRED) Used as the alias for your key in the Android Key Store.
username String undefined Identify which cipher to delete.

Example

FingerprintAuth.delete({
            clientId: "myAppName",
            username: "usernameToDelete"
        }, successCallback, errorCallback);

function successCallback(result) {
    console.log("Successfully deleted cipher: " + JSON.stringify(result));
}

function errorCallback(error) {
    console.log(error);
}

FingerprintAuth.dismiss(successCallback, errorCallback)

Used to dismiss a Fingerprint Authentication Dialog if one is being displayed

Example

FingerprintAuth.dismiss(successCallback, errorCallback);

function successCallback(result) {
    console.log("Successfully dismissed FingerprintAuth dialog: " + JSON.stringify(result));
}

function errorCallback(error) {
    console.log(error);
}

FingerprintAuth.ERRORS JSON Object

Property Type Value
BAD_PADDING_EXCEPTION String "BAD_PADDING_EXCEPTION"
CERTIFICATE_EXCEPTION String "BAD_PADDING_EXCEPTION"
FINGERPRINT_CANCELLED String "FINGERPRINT_CANCELLED"
FINGERPRINT_DATA_NOT_DELETED String "FINGERPRINT_DATA_NOT_DELETED"
FINGERPRINT_ERROR String "FINGERPRINT_ERROR"
FINGERPRINT_NOT_AVAILABLE String "FINGERPRINT_NOT_AVAILABLE"
FINGERPRINT_PERMISSION_DENIED String "FINGERPRINT_PERMISSION_DENIED"
FINGERPRINT_PERMISSION_DENIED_SHOW_REQUEST String "FINGERPRINT_PERMISSION_DENIED_SHOW_REQUEST"
ILLEGAL_BLOCK_SIZE_EXCEPTION String "ILLEGAL_BLOCK_SIZE_EXCEPTION"
INIT_CIPHER_FAILED String "INIT_CIPHER_FAILED"
INVALID_ALGORITHM_PARAMETER_EXCEPTION String "INVALID_ALGORITHM_PARAMETER_EXCEPTION"
IO_EXCEPTION String "IO_EXCEPTION"
JSON_EXCEPTION String "JSON_EXCEPTION"
MINIMUM_SDK String "MINIMUM_SDK"
MISSING_ACTION_PARAMETERS String "MISSING_ACTION_PARAMETERS"
MISSING_PARAMETERS String "MISSING_PARAMETERS"
NO_SUCH_ALGORITHM_EXCEPTION String "NO_SUCH_ALGORITHM_EXCEPTION"
SECURITY_EXCEPTION String "SECURITY_EXCEPTION"
FRAGMENT_NOT_EXIST String "FRAGMENT_NOT_EXIST

changelog

Version 1.50

What's New

  • Added new dismiss() action

Version 1.4.5

What's New

  • Added Korean translations
    • merged pull request #125
  • Added index.d.ts for Typescript support
    • merged pull request #118
  • Update German strings
    • merged pull request #117

Version 1.4.4

What's New

  • Added Arabic translations
    • merged pull request #114
  • Bug fix: KeyStore not initialized when trying to delete entry
    • merged pull request #106

Version 1.4.3

What's New

  • Added Thai translations
    • merged pull request #102

Version 1.4.2

What's New

  • Feature request for issue #100
    • added back the userAuthRequired param but set default to false

Version 1.4.1

What's New

  • Bug fix for issue #98
    • Use resource-file tag for resources instead of source-file

Version 1.4.0

What's New

  • new parameter encryptNoAuth
    • Encrypt input without displaying authentication dialog
  • removed parameter userAuthRequired
    • userAuthRequired will always be set to false
      • This fixes issue #85 and issue #88
      • Developers using default setting for this value (did not explicitly set userAuthRequired to false) should add a call to FingerprintAuth.delete() and re-encrypt credentials to regenerate a new secret key that will allow backup authentication to encrypt/decrypt using the new secret key. This should fix any ILLEGAL_BLOCK_SIZE_EXCEPTION messages when using backup authentication.
  • changed credential delimiter
    • backwards compatible - will be able to decrypt tokens created by prior versions of this plugin.

Version 1.3.1

What's New

  • Bug fix for issue #86

Version 1.3.0

What's New

  • Fixed issue #85 No token returned when using PIN backup
    • Authentication with backup credentials will now use cryptography to encrypt or decrypt a token.

Version 1.2.8

What's New

  • Updates to README
  • Merge pull request #66 from videmort/master: Update Spanish literal
  • Merge pull request #65 from nataze/backup-PIN: PIN fallback when fingerprint isn't supported
  • Bug fix for issue #54
    • Allow state loss of dialog fragment
  • Changed manifest permission check
    • Now using cordova.hasPermission()
    • Removed dependency on android.support.v4 library
      • Removed build-extras.gradle

Version 1.2.7

What's New

  • Improved German translations - pull request #58
  • Bug fix for issue #57 - deleting secret key in Android Keystore.
  • Added fixed error codes - pull request #56
  • Added ERRORS JSON Object to the FingerprintAuth class prototype with the following fields corresponding to the new fixed error codes:
       BAD_PADDING_EXCEPTION,
   CERTIFICATE_EXCEPTION,
   FINGERPRINT_CANCELLED,
   FINGERPRINT_DATA_NOT_DELETED,
   FINGERPRINT_ERROR,
   FINGERPRINT_NOT_AVAILABLE,
   FINGERPRINT_PERMISSION_DENIED,
   FINGERPRINT_PERMISSION_DENIED_SHOW_REQUEST,
   ILLEGAL_BLOCK_SIZE_EXCEPTION,
   INIT_CIPHER_FAILED,
   INVALID_ALGORITHM_PARAMETER_EXCEPTION,
   IO_EXCEPTION,
   JSON_EXCEPTION,
   MINIMUM_SDK,
   MISSING_ACTION_PARAMETERS,
   MISSING_PARAMETERS,
   NO_SUCH_ALGORITHM_EXCEPTION,
   SECURITY_EXCEPTION

Breaking Changes

  • Changed error message for cancelled from "Cancelled" to fixed error code FingerprintAuth.ERRORS.FINGERPRINT_CANCELLED

Version 1.2.6

What's New

  • Bug fix for issue #61 - added missing source-file element for German strings to plugin.xml

Version 1.2.5

What's New

  • Bug fix for issue #46 - Dismiss fragment in a safer way

Version 1.2.4

What's New

  • Updated build-extras.gradle to use Android SDK 25.

Version 1.2.3

What's New

  • German translations

Version 1.2.2

What's New

  • Bug fix - isAvailable() returning message "Missing required parameters".
  • Added build-extras.gradle to add dependency com.android.support:support-v4:23.0.0 to check for manifest permissions.
  • Added check and request for permission to use fingerprints.
  • Added error handling for SecurityException

Version 1.2.0

What's New

  • Removed FingerprintAuth.CipherMode
  • Removed FingerprintAuth.show() in favor of separate actions for encrypt and decrypt
  • Added FingerprintAuth.encrypt()
  • Added FingerprintAuth.decrypt()
  • Made username optional
  • token is required for decrypt()

Breaking Changes

  • Removed FingerprintAuth.CipherMode
  • Removed FingerprintAuth.show() in favor of separate actions for encrypt and decrypt

Version 1.1.0

Introducing encryption and decryption of user credentials.

What's New

  • Added parameters to the FingerprintAuth Config Object
Param Type Description
username String (REQUIRED) Used to create credential string for encrypted token and as alias to retrieve the cipher.
cipherMode FingerprintAuth.CipherMode (REQUIRED) Used to determine if plugin should encrypt or decrypt after authentication.
  • FingerprintAuth.CipherMode.ENCRYPT
  • FingerprintAuth.CipherMode.DECRYPT
password String Used to create credential string for encrypted token
token String Used to create credential string for encrypted token.
  • Changed FingerprintAuth.show() Result fields
Param Type Description
withFingerprint boolean true if user authenticated using a fingerprint
withBackup boolean true if user used the backup credentials activity to authenticate.
cipherMode FingerprintAuth.CipherMode Pass through parameter from config object.
token String Will contain the base64 encoded credentials if withFingerprint == true and cipherMode == FingerprintAuth.CipherMode.ENCRYPT.
password String Will contain the decrypted password if withFingerprint == true and cipherMode == FingerprintAuth.CipherMode.DECRYPT
  • New method FingerprintAuth.delete() to delete the cipher used to encrypt/decrypt user credentials.

Breaking changes

  • Removed clientSecret parameter from the FingerprintAuth Config Object.
  • Added new required parameters cipherMode and username.
  • FingerprintAuth.show() result withFingerprint is now a boolean. You will need to obtain the encrypted token from the token field.
  • FingerprintAuth.show() result withPassword was changed to withBackup