-
-
Notifications
You must be signed in to change notification settings - Fork 507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Android: Wrapped error: User not authenticated #318
Comments
I noticed similar behavior where the I was able to get it to work by extending the
|
I'm having the same problem with android Samsung s9. |
Any update for this issue? |
@skicson I tried your way but it's still doesn't work. When I'm using fingerprint , it works normal. But when I use Face Recognization of this device, it's still throw that error. |
@skicson regarding to the stack above, the onAuthenticationSucceeded is being called . But then some how the |
+1 |
I have not been able to test with a fingerprint enabled device, but I can confirm the same wrapped exception being thrown on a google pixel 4 with face recognition enabled. iOS works fine. |
same error here! I tried...
and it didn't worked for me |
I'm also noticing this issue with Android. It works correctly until the device is restarted. The weird thing is, |
Hi guys, i am also experiencing this issue with Android 8. Fingerprint works fine, so does Iris authentication. Face ID fails every single time. It would be great if there was a setting to force which type of biometric to use to unlock keychain as on Android it falls back to whatever user selected in the preference. |
Has anyone found a workaround to get this to work on devices that have both Fingerprint as well as Face authentication? Currently I just have biometrics disabled on Android until I can figure out a way to either make Face work on Android or force only Fingerprint for the time being. |
I was getting the same error on a Pixel 3 emulator. So I went to Settings and removed the fingerprint, then set it up back again. After that, I got rid of the error. I know it's maybe too much to ask of your users (to remove then set up again the fingerprint in android settings), but it's a possible workaround. |
I just noticed that, after restarting the phone, the error comes back :/ |
hi folks, i have updated rn-key-chain package thought that its because im using expo and i have old keychain version, yet |
Increasing With that in mind I think #339 is a reasonable fix for this. |
any update on this? |
I was able to get Face ID working consistently (on a Pixel 4) when I extended the |
any update? |
This PR solves the issue #399 |
Any updates ? |
@ameenmattar you can use my fork |
Any update? |
So I've been doing a little digging on this issue for the Pixel 4 / Face scan only devices. I agree with what @skicson said. The I know some people extended the time in the I found this PromptInfo.Builder method call setConfirmationRequired. This call removes the 'Confirm' button on Android 10+ but it's also only classed as a 'hint' to the vendor version of Android OS so I don't know how well it's supported. E.g. As outlined in this blog post - Android - One Biometric API Over All. to This could be worth investigating more. If this works fine I'll make a PR for the change. |
Seems to work fine on the Pixel 4 (need to test other devices) and it's actually more inline with the behaviour/experience seen on iOS with FaceID too. |
@CWolfs could you ping me here in this thread when your PR is ready? I will be able to check it on Samsung with FaceID |
@Zo2m4bie sure, I'll try to do in the next few days - been bogged down with wrapping up a release but want to PR this soon. I only had a Pixel 4 to test so if you can test this on a Samsung that would be great to see if it works or not. I'll ping you when I'm ready. |
@tunm1228 What exactly are you doing and what exactly is not working? |
@sgal I want biometric authentication when calling the function Keychain.getGenericPassword(). IOS working fine. |
@tunm1228 Sorry, I cannot help you if you don't provide the details of your implementation and error you're getting. I would suggest trying the example app and see if that is working. |
@sgal Android Keychain behaves very differently for Android >8 and Android <8 If you've tested for both, then I might test to see if it works for us too. At the moment there's a False Acceptance and False Rejection problem for Android <=8 ie. the Keychain responds 'Succesful unlock' but with empty string content. |
@AlphaJuliettOmega I only tested on Android 9, 10 and 11. Which options do you use? |
@sgal it's got to do with this blog post: False Acceptance Rate + False Rejection Rate I don't know how to deal with this in the library but you might. Android <9 ie. 8 and older needs this config:
A bit related: Android 9+ can use:
Any mention of biometry in the config causes older phones to basically ask for your fingerprint, and it responds that the fingerprint was successfully entered, but
|
Even with RN 0.64 upgrade getting both errors with 7.0.0 key chain on android
|
@arpitgarg23 yes, exactly! Did you try the config settings I've suggested in the comment before yours? Here's a snippet that might help:
|
@AlphaJuliettOmega Thanks for the snippet.
|
@arpitgarg23 @AlphaJuliettOmega Biometrics are not used for AES storage, only RSA, so ACCESS_CONTROL value has no difference here. |
How do you know this / where can I read more? Access control here, set to any other values for Android <9 causes keychain retrieval failures, regardless of the storage type. |
@AlphaJuliettOmega I meant in this library. In Android API you can make AES key that is protected by biometrics or device passcode. This lib though only offers that for RSA keys. This is done by using setUserAuthenticationRequired(true) on This is how it is done in this lib for RSA storage - https://github.com/oblador/react-native-keychain/blob/master/android/src/main/java/com/oblador/keychain/cipherStorage/CipherStorageKeystoreRsaEcb.java#L228 And this is for AES - https://github.com/oblador/react-native-keychain/blob/master/android/src/main/java/com/oblador/keychain/cipherStorage/CipherStorageKeystoreAesCbc.java#L187 Regarding your case - let me debug the flow with access controls to see what could be the culprit. Meanwhile, is there any pattern in device models that fail more often? |
@AlphaJuliettOmega Ok, I think I found the issue(s). I suggest you skip all options in the |
@sgal that's very interesting feedback, unfortunately the settings I documented above isn't working for all Android devices. React Native Keychain 7.0.0 Analytics reports .setGenericPassword failing for these device models:
As well as on iOs (much more rarely):
|
@AlphaJuliettOmega I see. Could you try removing all options from |
I am at the exact same point @ericrguimaraes - it works if I reset the fingerprint in the device settings, then stops if I restart. Did you find a solution to the issue? |
Not quite. I actually worked around it: on Android, I use react-native-keychain to store the token encrypted but not protected by biometrics (Keychain.STORAGE_TYPE.AES). In addition to that, I use another lib, expo-local-authentication, to ask the user for her biometrics and check that she's the one using the app. If this check succeds, I then fetch the token by using react-native-keychain. I would add that I am no security expert, however this implementation suffices for my specific needs. |
Is there a way to add back the ability to use device passcode/pattern/password fro prompt info in case it doesn't have touch/face id? There are lots of Android devices that still don't have biometrics and it's really annoying that they're not supported at the moment. |
@florinleu It doesn't seem that's possible, or I don't understand how to yet (Specifically for Api level < 25 &/| Android <=8 if you set the security type to DEVICE_PASSCODE @sgal removing all options does not work for my use case, it makes to be clear, my device 'does support' biometrics, has a fingerprint reader, but attempting to access the keychain with biometrics causes it to fail. The spookiest detail: |
I can confirm that the issue still happens as of react-native-keychain@8.0.0. I just created a new React Native sample app from scratch (npx react-native init AwesomeProject --version 0.65.1) and installed the lib. Then I edited App.js to make it look like this: import React from 'react';
import {Button, View} from 'react-native';
import * as Keychain from 'react-native-keychain';
const username = 'johndoe1';
const password = 'password1234';
const service = 'com.example.testkeychain.' + username;
function onPressSave() {
try {
return Keychain.setInternetCredentials(service, username, password, {
accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_ANY,
securityLevel: Keychain.SECURITY_LEVEL.SECURE_SOFTWARE,
storage: Keychain.STORAGE_TYPE.RSA,
rules: Keychain.SECURITY_RULES.NONE,
});
} catch (e) {
console.warn(e.message);
}
}
async function onPressRetrieve() {
let ret;
try {
ret = await Keychain.getInternetCredentials(service, {
authenticationPrompt: {
title: 'Use fingerprint to read password',
cancel: 'Cancel',
},
});
} catch (e) {
console.error('Exception: ' + e.message);
return;
}
if (ret === false) {
console.error('Credentials not found');
return;
}
if (ret.username !== username) {
// shouldn't ever happen:
console.error('Retrieved username does not match expected');
return;
}
console.log(JSON.stringify(ret));
return ret.password;
}
const App = () => {
return (
<View>
<Button title="Save password" onPress={onPressSave} />
<Button title="Retrieve password" onPress={onPressRetrieve} />
</View>
);
};
export default App; To reproduce the error:
One more thing:
And apparently it will keep working until you restart the phone again. Then it will break, and to fix it, do set up fingerprint again on Android Settings. Now, I have no experience programming with the native part on Android, so I hope these steps might help someone else come up with a fix. |
Any updates on the issue? I feel like the is error is caused by a wrong implementation by Samsung and co. But there does not seem to be a patch for that yet. |
This is still unresolved and I'll have to disable the feature for Android because of this issue. |
I created a page and named it "LoadingScreen" which is the first page to call when open the app
|
Still have this issue on version 8.1.1. |
This issue still happens on 8.2:
|
I get this error when trying to retrieve credentials stored in the keychain on Android devices. IMHO this is the effect of following exception being thrown: UserNotAuthenticatedException.
This is my code:
The error is thrown at
Keychain.getGenericPassword
. On iOS the code works fine. Any idea or workaround for this?The text was updated successfully, but these errors were encountered: