How can I test biometric on UI Tests in Swift / iOS 18? This code not working. + (void)successfulAuthentication { notify_post("com.apple.BiometricKit_Sim.fingerTouch.match"); notify_post("com.apple.BiometricKit_Sim.pearl.match"); } + (void)unsuccessfulAuthentication { notify_post("com.apple.BiometricKit_Sim.fingerTouch.nomatch"); notify_post("com.apple.BiometricKit_Sim.pearl.nomatch"); }

I am using LAContext(), canEvaluatePolicy, and evaluatePolicy in my project, and I've encountered a crash under a specific scenario. When the permission prompt appears asking, "Do you want to allow [App Name] to use biometrics in your app?" and the user locks the device without selecting "Allow" or "Don't Allow," the app crashes at that point. Has anyone else experienced this issue or tested this scenario? Any insights would be appreciated!

We have been using the LAContext's evaluation policy for the past couple of years without any major issues. However, since last week (September 26), we have seen a spike in error events, indicating: json Copy code { "NSDebugDescription": "Caller is not running foreground.", "NSLocalizedDescription": "User interaction required." } We haven't made any code changes in the last couple of months. Is there any update regarding local authentication from Apple's side?

Hello, I am using the prf extension for passkeys that is available since ios 18 and macos15. I am using a fixed, hardcoded prf input when creating or geting the credentials. After creating a passkey, i try to get the credentials and retrieve the prf output, which works great, but i am getting different prf outputs for the same credential and same prf input used in the following scenarios: Logging in directly (platform authenticator) on my macbook/iphone/ipad i get "prf output X" consistently for the 3 devices When i use my iphone/ipad to scan the qr code on my macbook (cross-platform authenticator) i get "prf output Y" consistently with both my ipad and iphone. Is this intended? Is there a way to get deterministic prf output for both platform and cross-platform auth attachements while using the same credential and prf input?

How app knows that Require Face ID is enable for them? How app knows that they active after successfully authenticate by iOS 18 Require Face ID feature? If any app implement any Extension(In my case Action Extension and Autofill Credential provider) then how they extension knows that they active after successfully authenticate by iOS 18 Require Face ID feature? is there any app notification or any api to help me out?

When a user swipes up to see the app switcher, I put a blocking view over my app so the data inside cannot be seen if you flick through the app switcher. I do this by checking if the scenePhase goes from .active to .inactive. If the app goes into the background, scenePhase == .background so I trigger something that would force the user to authenticate with Face ID/Touch ID when the app is next brought to the foreground or launched. However, this doesn't seem to work. The biometrics authentication is executed, but it just lets the user in without showing the Face ID animation. I put my finger over the sensors so it couldn't possibly be authenticating, but it just lets them in. Here's a quick set of logs: scenePhase == .inactive - User showed app switcher scenePhase == .background - User swiped up fully, went to Home Screen scenePhase == .inactive - User has tapped the app icon scenePhase == .active - App is now active authenticate() - Method called authenticate(), authenticateViaBiometrics() == true - User is going to be authenticated via Face ID // Face ID did not appear! success = true - Result of calling `context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics` means user was authenticated successfully error = nil - No error in the authentication policy authenticate(), success - Method finished, user was authenticated Here's the code: print("authenticate(), authenticateViaBiometrics() == true - User is going to be authenticated via Face ID") var error: NSError? guard context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else { // Handle permission denied or error print("authenticate(), no permission, or error") authenticated = false defaultsUpdateAuthenticated(false) defaultsUpdateAuthenticateViaBiometrics(false) return } context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: "Authenticate with biometrics") { (success, error) in DispatchQueue.main.async { print("success = \(success)") print("error = \(String(describing: error?.localizedDescription))") if(success) { print("authenticate(), success") authenticated = true } else { print("authenticate(), failure") authenticated = false } } } This happens with or without the DispatchQueue... call.

My app is defined to work in single app mode. Since iPhone 15 came out, I'm not able to use faceID on it. Because iPhone15's faceID requires to momentarily go to the background and return to the foreground. But in single app mode, that is not possible. Any iPhone below 15 works well. How can I fix this issue? Is there a way to fix it? Is it maybe a bug?

My app already has an app lock system which includes text & biometric combinations. Now iOS 18 has introduced a passcode lock for every app. So if users want to enable the app lock provided by us (developer), we want to inform them that you have enabled the iOS-provided app lock, in addition to that do you want to allow app-specific lock? For this, developers want to know whether iOS-provided app lock is enabled. -Rajdurai

On macOS, in the Apple Passwords app (currently inside Settings but soon to be it's own full fledged app in Sequoia) the user is presented with a screen requesting that they touch the fingerprint reader (see attached). If we'd like to do something similar, e.g. unlock some sensitive/secure part of our app, by requesting the user touch the Touch ID sensor, but without doing the whole system prompt (LAContext.evaluatePolicy()), how can we do that? Is that possible for mere mortal developers, and if not, why not?

I've implemented Face ID in my app to authenticate after the user is authenticated, so they don't have to sign in again to log into their account. However, it asks me to enter my iPhone's passcode instead of scanning my face. Is there any way to fix this? Is there something I have to add?

Hello, I am writing a macOS CLI application that holds cryptocurrency funds and uses Secure Enclave for security. I intend to create APIs so that other applications can create transactions from user's wallet in a secure way for the user. I am using P256 curve and authenticating a transaction involves making a signature for a hash of transaction data. Currently, this is how the authentication box looks like: However, this does not display any information about the transaction. If user is using my application, then I could display the information in the terminal. However, if some other CLI app wants to create transactions for the user, printing information in the terminal is insecure since a malicious app could override what is being printed. I see a rich authentication UI in apple apps. I wonder if there is a way to write UI for such applications. I would like to display some transaction information in the box instead of just "myapp needs to authenticate to continue". It would be great if there is a way to customize that text / add more text to it.

Hi, I would like to know the guidelines or rules regarding the implementation of Local Authentication. My client requirements are: After the user login in with username and password, reset password, it will then authorize face id or passcode to be able to access/navigate the app. Subsequent access will also require face id or passcode to access the app. Clicking app notifications when app is closed will require face id or passcode to access app. Is this a proccess allowed by Apple? Thanks

Is the method used to unlock an iOS device available to an app? We would like to require a step-up to MFA (in our app) if passcode was used and allow for single factor if Face ID was used.

On Xcode 15.4, LAContext.biometryType had an @available attribute of visionOS 1.0. However, in Xcode 16, the @available attribute for biometryType was changed to a visionOS 2.0 minimum requirement, preventing the app from building if the minimum deployment target is earlier than visionOS 2.0. This was the attribute on Xcode 15.4: This is the attribute on Xcode 16: Feedback ID: FB13824190

I have used functionality of changing user's password programmatically using the OpenDirectory framework. Once the password is updated successfully, can be use this password for Login sessions and authentication wherever required. But the same password is failing authenticate with Local Authentication Framework that is with LAContext and prefers always older password. Even restarting machine won't work. Changing current user's password using below method - do { let node = try ODNode(session: ODSession.default(), type: ODNodeType(kODNodeTypeLocalNodes)) let user = try node.record(withRecordType: kODRecordTypeUsers, name: NSUserName(), attributes: nil) try user.changePassword(currentPassword, toPassword: newPassword) print("Password changed successfully") } catch var error { print(error) } Once password is updated, then trying to authenticate password with LAContext using, let context = LAContext() context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "AuthenticationMessage".localized()) { success, error in DispatchQueue.main.async { completion(success, error) } print("authentication error = (String(describing: error?.localizedDescription))") } It won't accept the updated password. Any idea how to solve this problem?

Hi, Is this possible? I would like to: Store a biometrically secured key in the Secure Enclave. Do multiple cryptographic operations using that key in a short period of time (say 5 seconds), not all at once. Only do one FaceID for that set. For the time I've only gotten either multiple flashing FaceId requests or the operations failing. Is it possible to set a time limit in which the first FaceID authentication is accepted? Should I do something else? Thanks!

Hi, I am creating simple app with ios 17. I want to authenticate via ios passcode. but I couldn't find any example about it. Where can I get some example about using ios passcode in ios 17? please help me.

Hi, I'm looking for best practices for unlocking TouchID in a Mac app when using canEvaluatePolicy. Documentation says: Biometric authentication will get locked after 5 unsuccessful attempts. After that, users have to unlock it by entering their account password. The password can be entered either at login window or in the preference sheets or even in application by the means of LAPolicyDeviceOwnerAuthentication. The system unlock is preferred user experience because we generaly don't want users to enter their account password at application's request. So if we shouldn't manage Mac's password in the app, how to invite user to unlock ? Explaining he must lock/unlock the session or open any preference panel isn't a fluent experience and would definitely seems weird. I tried adding an 'Unlock' button in an alert and locking the screen automatically but this raises extras complexities: pmset can put the screen to sleep but won't lock in case of grace period sending an cmd-ctl-Q AppleEvent to System Events could fit but it depends on user acceptance for AEs and fails when System Events isn't running. Any ideas ?

Just heard about Stolen Device Protection. The app i'm building uses biometrics but allows users to enter their own passcode as a fallback. Is it possible to detect via swift if Stolen device mode is active, with restrictions in place? So that I could bump up my own security and maybe force biometrics?

When trying to open an app that uses Local Authentication (FaceID) the auth process does not start right away, 3-4 times trying to auth is needed in order to get authenticated with the method the user has selected (FaceID), this is happening with many apps and seems that there's no a workaround. [Edited by Moderator]