How does a SecurityAgentPlugin tell if the user used Touch ID to login or unlock?

Question

pnelson OP

Created Aug ’24

Replies 1

Boosts 0

Participants 2

I've tried getting LAContext and checking it, but it says it canEvaluatePolicy returns false for any biometric policy.

Answered by DTS Engineer in 801817022

You can only use Touch ID to unlock, right? The initial login must be done with a password.

Regardless, I don’t know of any supported way to determine that. There’s likely some glimmer of this in the authorisation context or hints, but we only support the stuff that has symbolic constants, and I don’t see anything relevant in <Security/AuthorizationTags.h>.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’24

Recommended

You can only use Touch ID to unlock, right? The initial login must be done with a password.

Regardless, I don’t know of any supported way to determine that. There’s likely some glimmer of this in the authorisation context or hints, but we only support the stuff that has symbolic constants, and I don’t see anything relevant in <Security/AuthorizationTags.h>.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0