As smart phones become more and more convenient, there are more ways for people to open their phones. First, they have fingerprint login, and now they have Face ID login.
Basic configuration
#import <LocalAuthentication/LocalAuthentication.h>
Copy the code
- Check whether fingerprint login is supported
/ / version first determines the if (NSFoundationVersionNumber < NSFoundationVersionNumber_iOS_8_0) {NSLog (@ "system version does not support TouchID"); return; }Copy the code
Fingerprint login class
- LocalAuthentication
- LAContext
- LAError
- LAErrorDomain
- LAContext
- Inheritance NSObject
- Checking Availability
- CanEvaluatePolicy: error: / / USES canEvaluatePolicy method to determine whether a device supports TouchID, return a BOOL to YES, the equipment support TouchID.
- LAPolicy
- biometryType
- LABiometryType
- Evaluating Authentication Policies
- EvaluatePolicy: localizedReason: reply: / / method is validated to TouchID, Block in the callback if success to YES the verification is successful, to NO validation fails, and the error parsing.
- EvaluatedPolicyDomainState / / is used to determine whether the fingerprints on the equipment was changed, at the time of LAContext is created, only effective evaluatedPolicyDomainState can be successful in TouchID validation, record it, It is used for checking when TouchID is used next time to improve security.
- Evaluating Access Controls
- evaluateAccessControl:operation:localizedReason:reply:
- LAAccessControlOperation
- interactionNotAllowed
- Customizing Authentication Prompts
- localizedReason
- localizedFallbackTitle
- localizedCancelTitle
- Reusing Device Unlock State
- touchIDAuthenticationAllowableReuseDuration
- LATouchIDAuthenticationMaximumAllowableReuseDuration
- Managing Credentials
- setCredential:type:
- isCredentialSet:
- LACredentialType
- Invalidating the Authentication Context
- invalidate
- LAPolicy
- Policies
- LAPolicyDeviceOwnerAuthenticationWithBiometrics // IOS8 or above is supported. The TouchID of the device is used for verification. When the input of TouchID fails for 5 times, the TouchID will be locked, and you can only unlock the device by entering the correct unlock password after the screen is locked.
- LAPolicyDeviceOwnerAuthenticationWithWatch
- LAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch
- LAPolicyDeviceOwnerAuthentication / / system is to support iOS9 above, using the device TouchID or device password verification, when the input TouchID validation failed, five TouchID is locked, will trigger device password page for verification.
- Policy Constants
- kLAPolicyDeviceOwnerAuthenticationWithBiometrics
- kLAPolicyDeviceOwnerAuthenticationWithWatch
- kLAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch
- kLAPolicyDeviceOwnerAuthentication
- Policies
- Biometric (LAPolicyDeviceOwnerAuthenticationWithBiometrics)
- Touch ID: the first popup window for fingerprint identification will pop up. When the fingerprint verification fails for the first time, the popup box will turn into two buttons: one is “Cancel”, and the other button can customize the title and click event. The variable of the customized title is: localizedFallbackTitle; Custom click event, need in the error callback, get the error code: kLAErrorUserFallback, our click event can be. If the fingerprint authentication fails for three times, the check box will disappear, and you can continue to check the outgoing check box. If the fingerprint authentication fails for the next two times, the Touch ID will be locked.
- Face ID: When the device supports Face ID, the verification box of Face ID will be called. It should be noted that if Face recognition fails once, you need to click “Try Face ID again” button to continue verification. If Face recognition fails again for the second time, the self-defined title button will pop up, which is the same as that of Touch ID. Face ID will also be locked after five false identifiers.
- Biometric + password authentication (LAPolicyDeviceOwnerAuthentication)
- Touch ID: If you have failed to identify the device for three times, the system password verification page will be displayed. You need to enter the device password to unlock the device. If cancelled at this time, there are two times to call fingerprint identification for verification, if both fail, each time to call identification, the system password is used for verification.
- Face ID: If the authentication is incorrect for five consecutive times, that is, the password needs to be entered for five times, the Face ID will be locked and cannot be used. After the system password authentication, the user can continue to use the Face ID.
- LABiometryType
- This attribute is used to judge the authentication type supported by the current device. We can get this attribute to judge whether Touch ID or Face ID is supported, so as to customize the prompt text or localizedReason text.
- For LABiometryType, apple gives a note that requires special attention: This value will only be set if the canEvaluatePolicy method is called and returns true with no errors, which are NSErrorPointer mentioned earlier, so the second error parameter of canEvaluatePolicy should not be set to nil. This property has no meaningful value before or after the canEvaluatePolicy method is called.
- Since it is new to iOS 11, you need to check the current system before using it. # available (iOS 11.0. *)
- LABiometryTypeNone
- LABiometryTypeFaceID
- LABiometryTypeTouchID
public enum LABiometryType : Int {/// This device does not support biometry. @available(iOS 11.2, *) case None /// The device does not support biometry. Renamed: "LABiometryType. None ") public static var LABiometryNone: LABiometryType {get} // this device supports Touch id. case touchID // this device supports Face id. case faceID}Copy the code
- LAError
Typedef NS_ENUM(NSInteger, LAError) {// Authentication failed, Because the user cannot provide valid credentials LAErrorAuthenticationFailed = kLAErrorAuthenticationFailed, / / / authentication canceled by the user (um participant. LAErrorUserCancel = kLAErrorUserCancel, // The authentication is cancelled, LAErrorUserFallback = kLAErrorUserFallback because the user clicked the back button (enter password).laErrorUserFallback = kLAErrorUserFallback, /// the authentication was cancelled by the system (e.g LAErrorSystemCancel = kLAErrorSystemCancel, // the authentication cannot start because the device has no password set. LAErrorPasscodeNotSet = kLAErrorPasscodeNotSet, // Authentication cannot start because Touch ID is not available on the device. LAErrorTouchIDNotAvailable NS_ENUM_DEPRECATED(10_10, 10_13, 8_0, 11_0, "Use LAErrorBiometryNotAvailable") = kLAErrorTouchIDNotAvailable, / / / authentication cannot be started, because Touch ID is not input fingerprint. LAErrorTouchIDNotEnrolled NS_ENUM_DEPRECATED(10_10, 10_13, 8_0, 11_0, "Use LAErrorBiometryNotEnrolled") = kLAErrorTouchIDNotEnrolled, / / / authentication is not successful, because there are so many failure Touch ID try / / / Touch ID is locked now, You must use a password to unlock Touch ID, e.g Call / / / LAPolicyDeviceOwnerAuthenticationWithBiometrics, enter the password is the necessary condition. LAErrorTouchIDLockout NS_ENUM_DEPRECATED(10_11, 10_13, 9_0, 11_0, "Use LAErrorBiometryLockout") __WATCHOS_DEPRECATED(3.0, 4.0," Use LAErrorBiometryLockout") __TVOS_DEPRECATED(10.0, 11.0, "Use LAErrorBiometryLockout") = kLAErrorTouchIDLockout, /// The application unauthenticated (e.g NS_ENUM_AVAILABLE(10_11, 9_0) = kLAErrorAppCancel, /// LAContext passed to this call, No longer valid. LAErrorInvalidContext NS_ENUM_AVAILABLE(10_11, 9_0) = kLAErrorInvalidContext, // authentication cannot start because biometrics are not available on the current device. LAErrorBiometryNotAvailable NS_ENUM_AVAILABLE(10_13, __TVOS_AVAILABLE 11 _0) __WATCHOS_AVAILABLE (4.0) (11.0) = kLAErrorBiometryNotAvailable, / / / authentication cannot be started, because there is no entry biometric information. LAErrorBiometryNotEnrolled NS_ENUM_AVAILABLE(10_13, __TVOS_AVAILABLE 11 _0) __WATCHOS_AVAILABLE (4.0) (11.0) = kLAErrorBiometryNotEnrolled, / / / authentication is not successful, Because too many authentication failures and biometric authentication processes the locked state, a password must be entered to unlock. LAErrorBiometryLockout NS_ENUM_AVAILABLE(10_13, 11_0) __WATCHOS_AVAILABLE(4.0) __TVOS_AVAILABLE(11.0) = kLAErrorBiometryLockout, Because the UI that needs to be displayed uses the interactionNotAllowed attribute LAErrorNotInteractive API_AVAILABLE(MacOS (10.10), ios(8.0), Watchos (3.0), Tvos (10.0)) = kLAErrorNotInteractive,} NS_ENUM_AVAILABLE(10_10, 8_0) __WATCHOS_AVAILABLE(3.0) __TVOS_AVAILABLE(10.0);Copy the code
Face ID
- If FaceID is supported, add NSFaceIDUsageDescription to the plist file. Although not adding this key will not cause a flash back or other problems, Apple does specify that this key is required in the API documentation.
Applications should also supply NSFaceIDUsageDescription key in the
Info.plist. This key identifies a string value that contains a message to be displayed to users when the app is trying to use Face ID for the first time. Users can choose to allow or deny the use of Face ID by the app before the first use or later in Face ID privacy settings. When the use of Face ID is denied, evaluations will fail with LAErrorBiometryNotAvailable.
Copy the code
Application scenarios
Scenario 1: Fingerprint Login 01
After the device (user) is bound and the user account exits, you can use your fingerprint to log in. If the device is not bound, the Fingerprint Login button is not displayed. (The following premise is that the APP has bound fingerprint login)
- Step 1: Open the APP and prompt you to log in using your fingerprint
- Step 2: Verify TouchID: Check whether the current device supports TouchID (if the fingerprint login has been bound before, it must be supported), if so, initiate TouchID verification (compare your fingerprint with the input fingerprint is consistent);
- Login: read the device account/password of app on the local machine, invoke the device login interface, and initiate a login request;
- Success: After verifying the device account/password, return to the corresponding status. If the login is successful, the TouchID login process is completed.
Scenario 2: Fingerprint Binding 02
Before using the fingerprint to log in to the device for the first time, you must log in to the original account (app registration account) and bind the device (user).
- Step 1: After app login, go to the setting interface and click “Fingerprint Login”;
- Step 2: Verify TouchID: Check whether the current device supports TouchID, if so, initiate TouchID verification;
- Step 3: Generate device account/password: After the TouchID authentication is passed, generate device account/password based on the current login account and hardware device Token (the rule can be customized, and the password should be long and complex) and save it in keychain.
- Binding: After the device account/password is generated, the original account and the device account/password are encrypted (RSA encryption is used by the subject) and sent to the server for binding.
- Success: After verifying the validity of the original account and device account, return to the corresponding status. If the binding is successful, the whole TouchID (device) binding process is completed.
Reference code
- (IBAction) loginButtonClick sender: (UIButton *) {/ / version first determines the if (NSFoundationVersionNumber < NSFoundationVersionNumber_iOS_8_0) {NSLog (@ "system version does not support TouchID"); return; } LAContext *context = [[LAContext alloc] init]; The context. LocalizedFallbackTitle = @ "input password"; If (@ the available (iOS 10.0, *)) {context. LocalizedCancelTitle = @ "22222"; } else { // Fallback on earlier versions } NSError *error = nil; if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) { [context EvaluatePolicy: LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason: @ "existing mobile fingerprint are verified through the Home button" reply: ^ (BOOL success, NSError * _Nullable error) { if (success) { dispatch_async(dispatch_get_main_queue(), ^ {NSLog (@ "TouchID verify success");});} else if (error) {switch (. Error code) {case LAErrorAuthenticationFailed: { dispatch_async(dispatch_get_main_queue(), ^{NSLog(@"TouchID failed ");}); break;} case LAErrorUserCancel:{dispatch_async(dispatch_get_main_queue(), ^{dispatch_async(dispatch_get_main_queue());}} ^{dispatch_async(dispatch_get_main_queue());} ^{dispatch_async(dispatch_get_main_queue());});} break; case LAErrorSystemCancel:{dispatch_async(dispatch_get_main_queue()), ^{NSLog(@"TouchID cancelled by system ");});} break; case LAErrorPasscodeNotSet:{ dispatch_async(dispatch_get_main_queue(), ^ {NSLog (@ "TouchID cannot be started, because the user is not set the password");});} break; case LAErrorTouchIDNotEnrolled: { dispatch_async(dispatch_get_main_queue(), ^ {NSLog (@ "TouchID cannot be started, because the user is not set TouchID");});} break; case LAErrorTouchIDNotAvailable: { dispatch_async(dispatch_get_main_queue(), ^{NSLog(@"TouchID invalid ");});} break; case LAErrorTouchIDLockout:{dispatch_async(dispatch_get_main_queue(), ^{NSLog(@"TouchID locked ");});} break; case LAErrorAppCancel:{ dispatch_async(dispatch_get_main_queue(), ^{NSLog(@" Current software is suspended and unlicensed ");});} break; case LAErrorInvalidContext:{ Dispatch_async (dispatch_get_main_queue(), ^{NSLog(@" Current software is suspended and disauthorized (LAContext object is invalid)");});} break; default: break; } } }]; }else{NSLog(@" Current device does not support TouchID"); }}Copy the code
Code Reference 2
/**
* 判断设备是否支持指纹识别
*/
- (IBAction)loginBtnAction:(UIButton *)sender
{
[[NSUserDefaults standardUserDefaults] setObject:[NSNumber numberWithBool:YES] forKey:@"loginState"];
EVNHelper *helper = [EVNHelper shareHelper];
helper.isAppCurrentLoginState = YES;
LAContext *context = [[LAContext alloc] init]; // 初始化上下文对象
NSError *error = nil;
// 判断设备是否支持指纹识别功能
if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error])
{
// 支持指纹验证
UIAlertController *alertController = [UIAlertController alertControllerWithTitle:@"登录成功!" message:@"是否启用指纹登录" preferredStyle:UIAlertControllerStyleAlert];
__weak typeof (self) weakSelf = self;
UIAlertAction *cancelAction = [UIAlertAction actionWithTitle:@"稍后" style:UIAlertActionStyleCancel handler:^(UIAlertAction * _Nonnull action) {
[[NSUserDefaults standardUserDefaults] setObject:[NSNumber numberWithBool:NO] forKey:@"startAutoLoginState"];
weakSelf.transLoginStateBlock(); // 回传
[self dismissViewControllerAnimated:YES completion:nil];
}];
UIAlertAction *startUseAction = [UIAlertAction actionWithTitle:@"启用" style:UIAlertActionStyleDestructive handler:^(UIAlertAction * _Nonnull action) {
[[NSUserDefaults standardUserDefaults] setObject:[NSNumber numberWithBool:YES] forKey:@"startAutoLoginState"];
weakSelf.transLoginStateBlock(); // 回传
[self dismissViewControllerAnimated:YES completion:nil];
}];
[alertController addAction:cancelAction];
[alertController addAction:startUseAction];
[self presentViewController:alertController animated:YES completion:nil];
}
else
{
[[NSUserDefaults standardUserDefaults] setObject:[NSNumber numberWithBool:NO] forKey:@"startAutoLoginState"];
self.transLoginStateBlock(); // 回传
[self dismissViewControllerAnimated:YES completion:nil];
}
}
/**
* 指纹登录验证
*/
- (void)loadAuthentication
{
__weak typeof(self) weakSelf = self;
LAContext *myContext = [[LAContext alloc] init];
// 这个属性是设置指纹输入失败之后的弹出框的选项
myContext.localizedFallbackTitle = @"忘记密码";
NSError *authError = nil;
NSString *myLocalizedReasonString = @"请按住Home键完成验证";
// MARK: 判断设备是否支持指纹识别
if ([myContext canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&authError])
{
[myContext evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:myLocalizedReasonString reply:^(BOOL success, NSError * _Nullable error) {
if(success)
{
NSLog(@"指纹认证成功");
weakSelf.helper.isAppCurrentLoginState = YES;
weakSelf.logoutBtnAction.hidden = NO;
weakSelf.userInfo.text = @"仁伯安";
}
else
{
weakSelf.helper.isAppCurrentLoginState = NO;
NSLog(@"指纹认证失败,%@",error.description);
NSLog(@"%ld", (long)error.code); // 错误码 error.code
switch (error.code)
{
case LAErrorAuthenticationFailed: // Authentication was not successful, because user failed to provide valid credentials
{
NSLog(@"授权失败"); // -1 连续三次指纹识别错误
}
break;
case LAErrorUserCancel: // Authentication was canceled by user (e.g. tapped Cancel button)
{
NSLog(@"用户取消验证Touch ID"); // -2 在TouchID对话框中点击了取消按钮
}
break;
case LAErrorUserFallback: // Authentication was canceled, because the user tapped the fallback button (Enter Password)
{
[[NSOperationQueue mainQueue] addOperationWithBlock:^{
NSLog(@"用户选择输入密码,切换主线程处理"); // -3 在TouchID对话框中点击了输入密码按钮
}];
}
break;
case LAErrorSystemCancel: // Authentication was canceled by system (e.g. another application went to foreground)
{
NSLog(@"取消授权,如其他应用切入,用户自主"); // -4 TouchID对话框被系统取消,例如按下Home或者电源键
}
break;
case LAErrorPasscodeNotSet: // Authentication could not start, because passcode is not set on the device.
{
NSLog(@"设备系统未设置密码"); // -5
}
break;
case LAErrorTouchIDNotAvailable: // Authentication could not start, because Touch ID is not available on the device
{
NSLog(@"设备未设置Touch ID"); // -6
}
break;
case LAErrorTouchIDNotEnrolled: // Authentication could not start, because Touch ID has no enrolled fingers
{
NSLog(@"用户未录入指纹"); // -7
}
break;
#if __IPHONE_OS_VERSION_MAX_ALLOWED >= __IPHONE_9_0
case LAErrorTouchIDLockout: //Authentication was not successful, because there were too many failed Touch ID attempts and Touch ID is now locked. Passcode is required to unlock Touch ID, e.g. evaluating LAPolicyDeviceOwnerAuthenticationWithBiometrics will ask for passcode as a prerequisite 用户连续多次进行Touch ID验证失败,Touch ID被锁,需要用户输入密码解锁,先Touch ID验证密码
{
NSLog(@"Touch ID被锁,需要用户输入密码解锁"); // -8 连续五次指纹识别错误,TouchID功能被锁定,下一次需要输入系统密码
}
break;
case LAErrorAppCancel: // Authentication was canceled by application (e.g. invalidate was called while authentication was in progress) 如突然来了电话,电话应用进入前台,APP被挂起啦");
{
NSLog(@"用户不能控制情况下APP被挂起"); // -9
}
break;
case LAErrorInvalidContext: // LAContext passed to this call has been previously invalidated.
{
NSLog(@"LAContext传递给这个调用之前已经失效"); // -10
}
break;
#else
#endif
default:
{
[[NSOperationQueue mainQueue] addOperationWithBlock:^{
NSLog(@"其他情况,切换主线程处理");
}];
break;
}
}
}
}];
}
else
{
NSLog(@"设备不支持指纹");
NSLog(@"%ld", (long)authError.code);
weakSelf.helper.isAppCurrentLoginState = NO;
switch (authError.code)
{
case LAErrorTouchIDNotEnrolled:
{
NSLog(@"Authentication could not start, because Touch ID has no enrolled fingers");
break;
}
case LAErrorPasscodeNotSet:
{
NSLog(@"Authentication could not start, because passcode is not set on the device");
break;
}
default:
{
NSLog(@"TouchID not available");
break;
}
}
}
}
Copy the code