BiometricOnlyAuthenticator

public class BiometricOnlyAuthenticator : DefaultDeviceAuthenticator

An authenticator that uses biometrics (Face ID or Touch ID) for user authentication. This class extends DefaultDeviceAuthenticator and provides specific implementations for biometric-only key generation, authentication, and support checks.

  • Initializes the authenticator with a BiometricAuthenticatorConfig.

    Declaration

    Swift

    public init(config: BiometricAuthenticatorConfig)

    Parameters

    config

    The configuration object for the authenticator.

  • The type of authenticator, specifically .biometricOnly.

    Declaration

    Swift

    public override func type() -> DeviceBindingAuthenticationType
  • register() Asynchronous

    Generates a new cryptographic key pair for biometric authentication. The key is stored in the Secure Enclave (if available) and associated with a unique key tag.

    Throws

    CryptoKeyError if key generation fails.

    Declaration

    Swift

    public override func register() async throws -> KeyPair

    Return Value

    A KeyPair containing the newly generated public and private keys.

  • authenticate(keyTag:) Asynchronous

    Declaration

    Swift

    public override func authenticate(keyTag: String) async -> Result<SecKey, Error>

    Return Value

    A Result containing the SecKey on success, or an Error on failure.

  • Checks if the device supports biometrics for authentication.

    Note

    Always returns false on simulator — biometric keys require Secure Enclave to enforce the authentication challenge. Without it the key is accessible with no user verification, which is equivalent to the NONE type.

    Declaration

    Swift

    public override func isSupported(attestation: Attestation) -> Bool

    Parameters

    attestation

    The attestation type (currently ignored).

    Return Value

    true if the device supports biometric authentication, false otherwise.

  • deleteKeys() Asynchronous

    Deletes all biometric keys associated with this authenticator. It iterates through all stored user keys and deletes those with .biometricOnly or .biometricAllowFallback authentication types.

    Throws

    CryptoKeyError if key deletion fails.

    Declaration

    Swift

    public override func deleteKeys() async throws