All geek questions in one place

Sirikit: Touch ID and Security Enhancement

Trying to lower your head below:

  • https://developer.apple.com/videos/play/wwdc2016/225/ mentions that the default sendPayments intent is IntentsRestrictedWhileLocked, but if we want to increase security so that the user must approve the Touch ID (local authentication), how to do it? This will be needed as when locking / unlocking the device. I assume that the extension should somehow display the local authentication interface at the Verify stage?

  • It is also mentioned that security can be increased, but just need confirmation if the mechanism for this is just the IntentsRestrictedWhileLocked extension attribute? or is there a way to indicate that touch identifier identification is required?

+4
source share
3 answers

To answer both questions, yes, you can increase the security for payment using Touch ID, here, as I implemented it using the Apple example here , I added the following SendPaymentIntentHandler.swift functions:

func authenticate(successAuth: @escaping () -> Void, failure: @escaping (NSError?) -> Void) {
    // 1. Create a authentication context
    let authenticationContext = LAContext()
    var error:NSError?
    guard authenticationContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else {
        failure(error)
        return
    }
    // 3. Check the fingerprint
    authenticationContext.evaluatePolicy(
        .deviceOwnerAuthenticationWithBiometrics,
        localizedReason: "Unlock to send the money",
        reply: { [unowned self] (success, error) -> Void in

            if( success ) {
                successAuth()

            }else {
                let message = self.errorMessageForLAErrorCode(errorCode: (error! as NSError).code)
                print(message)
                failure(error! as NSError)
            }

        })

}

func errorMessageForLAErrorCode( errorCode:Int ) -> String{

    var message = ""

    switch errorCode {

    case LAError.appCancel.rawValue:
        message = "Authentication was cancelled by application"

    case LAError.authenticationFailed.rawValue:
        message = "The user failed to provide valid credentials"

    case LAError.invalidContext.rawValue:
        message = "The context is invalid"

    case LAError.passcodeNotSet.rawValue:
        message = "Passcode is not set on the device"

    case LAError.systemCancel.rawValue:
        message = "Authentication was cancelled by the system"

    case LAError.touchIDLockout.rawValue:
        message = "Too many failed attempts."

    case LAError.touchIDNotAvailable.rawValue:
        message = "TouchID is not available on the device"

    case LAError.userCancel.rawValue:
        message = "The user did cancel"

    case LAError.userFallback.rawValue:
        message = "The user chose to use the fallback"

    default:
        message = "Did not find error code on LAError object"

    }

    return message

}

. Touch ID , , , .

+3

, , . , , plist, , ? , .

, , LAContext canEvaluatePolicy(_:error:), evaluatePolicy(_:localizedReason:reply:). , , , , , Siri.

+1

If the specified intent is specified in IntentsRestrictedWhileLocked, it cannot be called by Siri when the screen is locked. It can only be called up when the device is unlocked using an access code or touch identifier. It is impossible to tell how the device is unlocked, as far as I know.

0
source

Source: https://habr.com/ru/post/1648193/

More articles:


All Articles