Fingerprint Identification FAQ in IOS summary _ios

The company's app has recently been used for fingerprints, but it's been pretty smooth on the whole, but there are holes in the middle, and the pits are summarized below;

I. Basic knowledge

Point to open this localauthentication.framework, found that there are mainly a few things inside

Localauthentication.framework
-LAContext.h
-LAError.h
-LAPublicDefines.h
-LocalAuthentication.h
LocalAuthentication.h

This is nothing to say, the code is two lines, one line to import LAContext.h, a row to import LAError.h, this localauthentication class is exposed to the developers to call the class.

LAPublicDefines.h

Let's start with the simple beginning of the LAPublicDefines.h, a public macro definition class that contains many well-defined macros that are used in LAContext.h.

//
//  LAPublicDefines.h
//  LocalAuthentication
//
//  Copyright (c) 2014 Apple. All rights reserved.
//

#ifndef LocalAuthentication_LAPublicDefines_h
#define LocalAuthentication_LAPublicDefines_h

// Policies
#define kLAPolicyDeviceOwnerAuthenticationWithBiometrics    1
#define kLAPolicyDeviceOwnerAuthentication                  2

// Options
#define kLAOptionUserFallback                               1
#define kLAOptionAuthenticationReason                       2

// Credential types
#define kLACredentialTypePasscode                          -1
#define kLACredentialTypePassphrase                        -2
#define kLACredentialCTKPIN                                -3

// Error codes
#define kLAErrorAuthenticationFailed                       -1
#define kLAErrorUserCancel                                 -2
#define kLAErrorUserFallback                               -3
#define kLAErrorSystemCancel                               -4
#define kLAErrorPasscodeNotSet                             -5
#define kLAErrorTouchIDNotAvailable                        -6
#define kLAErrorTouchIDNotEnrolled                         -7
#define kLAErrorTouchIDLockout                             -8
#define kLAErrorAppCancel                                  -9
#define kLAErrorInvalidContext                            -10

// Error domain
#define kLAErrorDomain        "com.apple.LocalAuthentication"

#endif

LAError.h

This class does not need to repeat, is an enumeration, which is written in the wrong type, in fact, the above Klaerror macro written in this enumeration, the specific code comments written very clearly, probably translated a bit

typedef ns_enum (Nsinteger, Laerror)
{
laerrorauthenticationfailed,//validation information error, that means your fingerprints are wrong
. Laerrorusercancel//user cancelled the verification laerroruserfallback//
user clicks the Manual Input Password button, so was canceled
Laerrorsystemcancel//was canceled by the system, That means you are now in another application, not on the page, so there is no way to verify Laerrorpasscodenotset//
user does not set TouchID
laerrortouchidnotavailable// User device does not support TouchID
laerrortouchidnotenrolled//user does not set finger fingerprint
laerrortouchidlockout//user error Too many times, now locked
Laerrorappcancel///
Laerrorinvalidcontext//request validation error
} ns_enum_available (10_10, 8_0) in verification

LAContext.h

The play comes, want to use TouchID in own project, need to use the method inside Lacontext This class The first thing that comes to mind is a Ns_enum enumeration lapolicy.

typedef ns_enum (Nsinteger, Lapolicy)
{
lapolicydeviceownerauthenticationwithbiometrics ns_enum_available ( NA, 8_0) __watchos_available (3.0) __tvos_available (10.0) = Klapolicydeviceownerauthenticationwithbiometrics,
Lapolicydeviceownerauthentication ns_enum_available (10_11, 9_0) = Klapolicydeviceownerauthentication
} NS_ENUM_ AVAILABLE (10_10, 8_0) __watchos_available (3.0) __tvos_available (10.0);

The first enumeration, Lapolicydeviceownerauthenticationwithbiometrics, is used to verify the fingerprint of the finger; ns_enum_available (NA, 8_0) iOS8 available

The second enumeration lapolicydeviceownerauthentication less withbiometrics is to use TouchID or password authentication, the default is wrong two times fingerprint or lock, pop-up input password interface; Ns_enum_available (10_11, 9_0) IOS 9 available

Some of the first exposed methods, note that here are the instance methods, so you need to create an instance object to invoke, use lacontext *context = [Lacontext alloc] init], and create a Lacontext object.

Canevaluatepolicy:error: Method used to check whether the current device is available TouchID, return a bool value

EvaluatePolicy:localizedReason:reply: Invoke the authentication method, note the three parameters here:

The first parameter policy is to use the Lapolicy enumeration above
The second parameter Localizedreason is the justification for the NSString type
The third parameter, reply, is a callback block,block with a bool-type success to determine whether the validation is successful, and a nserror type of error to determine the wrong message.

The Invalidate method is used to abolish this context.

TouchID style for the first time

TouchID Style after error

-(BOOL) Canevaluatepolicy: (lapolicy) Policy error: (NSERROR * __autoreleasing *) Error __attribute__ ((Swift_error (none) ));
-(void) EvaluatePolicy: (lapolicy) Policy
Localizedreason: (NSString *) Localizedreason
reply: (void (^) (BOOL Success, Nserror * __nullable error)) reply;
-(void) invalidate;

Enumerate lacredentialtype,laaccesscontroloperation, this thing and the following methods I've been looking for a long time and I haven't figured out where to use, and Apple's official documents don't quite understand, There is only one lacredentialtypeapplicationpassword in the enumeration.

But with this ns_enum_available (10_11, 9_0) and the ns_available behind the method (10_11, 9_0) know that this enumeration and these two methods can only be used in OS X 10.11 and iOS 9.0 versions, So it might be something new, and the apple in the back will expand on him.

The following is a description of the method:

//Current additional encryption is the application of the password//input will be UTF-8 string typedef ns_enum (Nsinteger, Lacredentialtype) {
Lacredentialtypeapplicationpassword = 0, ns_enum_available (10_11, 9_0);
The following methods, as I understand it, should be: Can I encrypt the Touch ID after verifying it? Set unlock extra Encryption voucher-(BOOL) Setcredential: (Nullable NSData *) credential type: (lacredentialtype) type ns_available (10_11, 9_0)
;
Determines whether the cryptographic voucher is set to Success-(BOOL) Iscredentialset: (lacredentialtype) type ns_available (10_11, 9_0); Verify through the Touch ID that the cryptographic voucher passed-(void) Evaluateaccesscontrol: (secaccesscontrolref) AccessControl operation: ( laaccesscontroloperation) Operation Localizedreason: (NSString *) Localizedreason reply: (void (^) (BOOL success, Nserror
* __nullable error) Reply Ns_available (10_11, 9_0);
typedef ns_enum (Nsinteger, laaccesscontroloperation) {//Create additional encryption Laaccesscontroloperationcreateitem,//Use additional encryption
Laaccesscontroloperationuseitem,//Create additional encryption key Laaccesscontroloperationcreatekey,//with extra encryption key signature 
Laaccesscontroloperationusekeysign} ns_enum_available (10_11, 9_0); 

property, here are 5

@property (nonatomic, nullable, copy) NSString *localizedfallbacktitle;
@property (nonatomic, nullable, copy) NSString *localizedcanceltitle ns_available (10_12, 10_0);
@property (nonatomic, nullable) NSNumber *maxbiometryfailures Ns_deprecated_ios (8_3, 9_0) __watchos_unavailable __TVOS _unavailable;
@property (Nonatomic, Nullable, ReadOnly) NSData *evaluatedpolicydomainstate ns_available (10_11, 9_0) __watchos_ Unavailable __tvos_unavailable;
@property (nonatomic) nstimeinterval touchidauthenticationallowablereuseduration ns_available (NA, 9_0) __WATCHOS_ Unavailable __tvos_unavailable;

Localizedfallbacktitle can set the caption of the input password button that POPs alert when validating TouchID

Localizedcanceltitle can set the caption (iOS10 only) of the Cancel button that will eject alert when validating TouchID

Maxbiometryfailures the maximum number of fingerprint attempt errors. This property we can see after he wrote Ns_deprecated_ios (8_3, 9_0), stating that this attribute was introduced in iOS 8.3, is deprecated in iOS 9.0, so if the system version is higher than 9.0 is not available.

Evalueatedpolicydomainstate This can be used to detect changes in your fingerprint database, add or remove fingerprints, and react accordingly.

Touchidauthenticationallowablereuseduration This property should be similar to Alipay's fingerprint open application, if you open his unlock, press home key back to the desktop, again into the Alipay does not need to enter the fingerprint. Because this property can be set to a time interval, in the time interval is not required to input again. The default is 0 seconds and the maximum can be set for 5 minutes.

Two. Frequently Asked questions

1. Fingerprint Identification version problem

IOS 9 is not laerrortouchidlockout locked this option, the default error 5 times after the 6th time authentication is automatically pop-up input password interface;

After IOS 9 locks the fingerprint recognition, if need to eject the input password interface immediately needs to use lapolicydeviceownerauthentication this attribute to initiate the authentication again

If you enter a lock screen password, the fingerprint decryption lock will be released by default

6th authentication requires a password after the IOS 8 error is locked 5 times

Pay Bao micro-letter for different handling of locking

2. Fingerprint identification of the Lapolicy

The first enumeration, Lapolicydeviceownerauthenticationwithbiometrics, is used to verify the fingerprint of the finger; ns_enum_available (NA, 8_0) iOS8 available

The second enumeration lapolicydeviceownerauthentication less withbiometrics is to use TouchID or password authentication, the default is wrong two times fingerprint or lock, pop-up input password interface; Ns_enum_available (10_11, 9_0)

IOS 9 Available

3. Fingerprint Identification Lacontext method

Canevaluatepolicy:error: The method is used to check whether the current device is available TouchID and returns a bool value; no Bullet verification fingerprint password box

EvaluatePolicy:localizedReason:reply: Invoke the authentication method, will bounce the verification fingerprint password box

4. Feedback button Display

Default first recognition only Cancel button

Once the error occurs, the FeedBack button is displayed

If you do not want to display the feedback button, you can set the Feedbacktitle = @ ""

Set Feedbacktitle to @ ""

Set Feedbacktitle to @ "Verify login password"

5. Canceltitle button Display

This property, iOS 10 can only be set up, iOS was not previously allowed to set

6. The problem of slow fingerprint identification

My iphone 7 plus fingerprint identification process takes about 2s of time; if it turns out to be slow, this is normal.

Alipay and micro-letters in order to eliminate the user's nervousness, in the open fingerprint identification, there is a HUD

After the fingerprint recognition completes, needs to return the main thread to carry on the corresponding operation; no, you'll find that sometimes it takes 4-5 seconds to recognize a response.

Micro-Credit Pay HUD Display case

Demo HUD Display Case

[Svprogresshud show];
Lacontext *context = [[Lacontext alloc]init];//use new does not assign values to some properties
Context.localizedfallbacktitle = @ "";/this will not allow The FeedBack button displays
//lapolicydeviceownerauthenticationwithbiometrics
[Context EvaluatePolicy: Lapolicydeviceownerauthenticationwithbiometrics localizedreason:@ "Please verify that there are fingerprints" reply:^ (BOOL success, Nserror * _Nullable Error) {
[svprogresshud dismiss];
Svprogresshud dismiss need 0.15 to disappear, so dismiss after the next step, but 0.3 is appropriate to extend the time; leave the margin
dispatch_after (dispatch_time _time_now, (int64_t) (0.3* nsec_per_sec)), Dispatch_get_main_queue (), ^{
if (success)
{
NSLog (@ "Successful fingerprint recognition" );
Fingerprint recognition successful, back to main thread update UI
Dispatch_async (Dispatch_get_main_queue (), ^{
//successful Operation
})
;
if (error) {
//fingerprint recognition failed, back to main thread update UI
NSLog (@ "Success of fingerprint recognition");
Dispatch_async (Dispatch_get_main_queue (), ^{
//Failure Operations
});
}
};

7. Window Display level problem

The level of the Fingerprint Identification window is very high, high to outrageous, verified that the application does not have a higher level of uiwindowlevel than the fingerprint-identified window, it is also said that he is a system-level window. Note that if the Fingerprint Pinball window is displayed and disappears the application will call:

-(void) Applicationwillresignactive: (uiapplication *) application;
-(void) Applicationdidbecomeactive: (uiapplication *) application;

So the application cannot be retrieved internally. Do not know after jailbreak mobile phone can obtain, if can obtain, that can't describe, so recommend you reader nothing just need not escape.

8. Detect if fingerprint changes in fingerprint library

Apple's Official document explains the following

This property returns a value is Canevaluatepolicy (: Error:) method succeeds for a biometric policy or the Evalu Atepolicy (: localizedreason:reply:) method was called and a successful touch ID authentication is performed. Otherwise, nil is returned.
The returned data is a opaque structure. It can be used to compare and other values returned by this property to determine whether the database of authorized fing Erprints has been updated. However, the nature of the "change cannot" is determined from this data.

In summary:

When you add or remove fingerprints, you are using Canevaluatepolicy (_:error:) or EvaluatePolicy (_:localizedreason:reply:) method validation; The Evaluatedpolicydomainstate property returns a NSData object after success, otherwise it returns nil;
But the return of the Evaluatedpolicydomainstate attribute does not explain what has changed; just to tell you that something has changed.

Based on the information above, we can detect the fingerprint database and make the corresponding operation every time we use the fingerprint. Here is a corresponding example of StackOverflow

Demo

Touchiddemo

The above is a small set to introduce the iOS Fingerprint Identification FAQ, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!