BiometricDeviceCredentialAuthenticator

public class BiometricDeviceCredentialAuthenticator : DefaultDeviceAuthenticator

An authenticator that uses biometrics (Face ID or Touch ID) with a fallback to device credentials (passcode/PIN). This class extends DefaultDeviceAuthenticator and provides specific implementations for key generation, authentication, and support checks for this combined authentication type.


                    
                    
                    init(config:)

Initializes the authenticator with a BiometricAuthenticatorConfig.

Declaration

Swift

public init(config: BiometricAuthenticatorConfig)

Parameters


                                config

The configuration object for the authenticator.

type()
The type of authenticator, specifically .biometricAllowFallback.
Declaration
Swift

public override func type() -> DeviceBindingAuthenticationType
register() Asynchronous
Generates a new cryptographic key pair for biometric and device credential authentication. The key is stored in the Secure Enclave (if available) and associated with a unique key tag.

Throws
CryptoKeyError if key generation fails.
Declaration
Swift

public override func register() async throws -> KeyPair
Return Value

A KeyPair containing the newly generated public and private keys.
authenticate(keyTag:) Asynchronous
Declaration
Swift

public override func authenticate(keyTag: String) async -> Result<SecKey, Error>
Return Value

A Result containing the SecKey on success, or an Error on failure.


                    
                    
                    isSupported(attestation:)

Checks if the device supports biometric or device credential authentication.

Note

Always returns false on simulator — biometric keys require Secure Enclave to enforce the authentication challenge. Without it the key is accessible with no user verification, which is equivalent to the NONE type.

Declaration

Swift

public override func isSupported(attestation: Attestation) -> Bool

Parameters


                                attestation

The attestation type (currently ignored).

Return Value

true if the device supports the authentication policy, false otherwise.

deleteKeys() Asynchronous
Deletes all biometric and device credential keys associated with this authenticator. It iterates through all stored user keys and deletes those with .biometricOnly or .biometricAllowFallback authentication types.

Throws
CryptoKeyError if key deletion fails.
Declaration
Swift

public override func deleteKeys() async throws