Links
🗝

Biometrics & Credentials

🧋 Bubble.io Plugin

[Element] Natively - Biometrics

Initialization:

On initialization, the element will try to check if the user has stored credentials for this hostname(your app). This value can be found in the User has stored credentials state value.

Events:

  • User's identity verified - Get called after biometric successfully verified user's identity.
  • User's identity verification failed - Get called after biometric failed to verify user's identity.
  • User's credentials not received - Get called after biometric failed to verify user's identity.
  • User's credentials received - Get called after the user's credentials are received after verifying identity.
  • User's credentials saved - Get called after the user's credentials are saved after verifying identity.
  • User's credentials removed
  • Biometrics supported - get called when Check biometrics support finished
  • Biometrics not supported - get called when Check biometrics support finished

States:

  • User's login after biometric authentication. - User's stored login (can be an email/username or phone number whatever you're using for authorization)
  • User's password after biometric authentication.
  • User's device supports biometrics. - Yes/No. If the user's device supports biometrics.
  • User has stored credentials. - Yes/No. Can help to identify if credentials for this app are already stored on a device.

Actions:

  • Check biometrics support
    • allow_passcode - yes/no allow users without FaceID/TouchID to use biometric verification.
  • Verify user's identity - The system will call a native biometric authorization to confirm the user's identity.
    • allow_passcode - yes/no allow users without FaceID/TouchID to use biometric verification.
  • Get user's credentials - The system will call a native biometric authorization and, after successfully confirming the user's identity, try to get the user's credentials from the device Keychain store (for iOS) and from private Local Storage (for Android).
    • allow_passcode - yes/no allow users without FaceID/TouchID to use biometric verification.
  • Save user's credentials - Same as the previous but for saving.
    • login - text
    • password - text
    • allow_passcode - yes/no allow users without FaceID/TouchID to use biometric verification.
  • Remove user's credentials - Remove user's credentials from a device.
  • Clear user's credentials from element - Clears user's credentials from an element. (Call this after 'Get credentials')
​

🛠 JavaScript SDK

NativelyBiometrics

1
const allowPasscode = true; // Allow users without faceid/touchid use biometrics feature through regular phone passcode.
2
const biometrics = new NativelyBiometrics(allowPasscode)
3
const biometrics_support_callback = function (resp) {
4
console.log(resp.status); // true/false
5
};
6
const biometrics_has_credentials_callback = function (resp) {
7
console.log(resp.status); // true/false
8
};
9
const biometrics_remove_credentials_callback = function () {
10
console.log("Creds was removed");
11
};
12
const biometrics_verify_callback = function (resp) {
13
console.log(resp.status); // true/false
14
};
15
const biometrics_auth_callback = function (resp) {
16
console.log(resp.status); // "SUCCESS_SAVE"/"SUCCESS_BIOMETRICS"/"FAILED_OBTAIN"/"FAILED_BIOMETRICS"
17
};
18
biometrics.checkBiometricsSupport(biometrics_support_callback);
19
biometrics.checkCredentials(biometrics_has_credentials_callback);
20
biometrics.verifyUserIdentify(biometrics_verify_callback);
21
biometrics.getUserCredentials(biometrics_auth_callback);
22
biometrics.saveUserCredentials(login, password, biometrics_auth_callback);
23
biometrics.removeUserCredentials(biometrics_remove_credentials_callback);

​

Recommendations

  • User's credentials are attached to your URL hostname (e.g. 'https://google.com/search' -> hostname is 'google.com'), which means if the domain is changed, you will need to save the user's credentials on the device one more time.
  • Update user's credentials on each Login or SignUp (To make sure you stored the correct one)
  • Provide to your users the option to not use a Biometric authorization (for example add a checkbox on login/signup with text like 'Use biometric for next login' or add this functionality on settings)