biometric_storage icon indicating copy to clipboard operation
biometric_storage copied to clipboard
verified publisher icon authpass

iOS: errSecAuthFailed (-25293) is not mapped to an AuthException

Open dominicmh opened this issue 1 year ago • 0 comments

Problem

On iOS, in case of a native errSecAuthFailed error, BiometricStorageFile (read or write) doesn't map the native error to an AuthException. Instead a PlatformException is thrown:

PlatformException(SecurityError, Error while Error retrieving item. -25293: -25293: La phrase secrète ou le nom d’utilisateur saisi n’est pas valide., null, null)

This makes it hard to handle the error properly. It requires parsing the PlatformException's message instead of simply relying on AuthException.

Precondition

This error can occur when StorageFileInitOptions(darwinBiometricOnly: true) and:

  1. A user has set up a BiometricStorageFile with functioning biometrics setup
  2. User changes their biometrics settings, e.g.: Disabling biometrics, removing biometrics permission from app, or adding a fingerprint.
  3. User tries to access the BiometricStorageFile with the new biometrics setup

Expected Behaviour

A new case AuthException.biometricsChanged (or similar) is returned. No exception is thrown.

dominicmh avatar Feb 26 '25 06:02 dominicmh