authenticate method

Future<bool> authenticate({
  1. required String localizedReason,
  2. bool useErrorDialogs = true,
  3. bool stickyAuth = false,
  4. AndroidAuthMessages androidAuthStrings = const AndroidAuthMessages(),
  5. bool sensitiveTransaction = true,
  6. bool strongAuthenticatorsOnly = false,
  7. bool biometricOnly = false,
})

Authenticates the user with biometrics available on the device while also allowing the user to use device authentication - pin, pattern, passcode.

Returns a Future holding true, if the user successfully authenticated, false otherwise.

localizedReason is the message to show to user while prompting them for authentication. This is typically along the lines of: 'Please scan your finger to access MyApp.'. This must not be empty.

useErrorDialogs = true means the system will attempt to handle user fixable issues encountered while authenticating. For instance, if fingerprint reader exists on the phone but there's no fingerprint registered, the plugin will attempt to take the user to settings to add one. Anything that is not user fixable, such as no biometric sensor on device, will be returned as a PlatformException.

stickyAuth is used when the application goes into background for any reason while the authentication is in progress. Due to security reasons, the authentication has to be stopped at that time. If stickyAuth is set to true, authentication resumes when the app is resumed. If it is set to false (default), then as soon as app is paused a failure message is sent back to Dart and it is up to the client app to restart authentication or do something else.

Construct AndroidAuthStrings and IOSAuthStrings if you want to customize messages in the dialogs.

Setting sensitiveTransaction to true enables platform specific precautions. For instance, on face unlock, Android opens a confirmation dialog after the face is recognized to make sure the user meant to unlock their phone.

Setting biometricOnly to true prevents authenticates from using non-biometric local authentication such as pin, passcode, and passcode.

Setting strongAuthenticatorsOnly to true disables biometric authentication mechanisms on Android that are not deemed secure. For instance, many Android facial recognition systems are easily fooled, and should not be considered secure.

Throws an PlatformException if there were technical problems with local authentication (e.g. lack of relevant hardware). This might throw PlatformException with error code otherOperatingSystem on the iOS simulator.

Implementation

Future<bool> authenticate({
  required String localizedReason,
  bool useErrorDialogs = true,
  bool stickyAuth = false,
  AndroidAuthMessages androidAuthStrings = const AndroidAuthMessages(),
  bool sensitiveTransaction = true,
  bool strongAuthenticatorsOnly = false,
  bool biometricOnly = false,
}) async {
  assert(localizedReason.isNotEmpty);

  final Map<String, Object> args = <String, Object>{
    'localizedReason': localizedReason,
    'useErrorDialogs': useErrorDialogs,
    'stickyAuth': stickyAuth,
    'sensitiveTransaction': sensitiveTransaction,
    'strongAuthenticatorsOnly': strongAuthenticatorsOnly,
    'biometricOnly': biometricOnly,
  };
  if (_platform.isAndroid) {
    args.addAll(androidAuthStrings.args);
  } else {
    throw PlatformException(
      code: otherOperatingSystem,
      message: 'Local authentication is only supported on Android.',
      details: 'Your operating system is ${_platform.operatingSystem}',
    );
  }
  return (await _channel.invokeMethod<bool>('authenticate', args)) ?? false;
}