4

Trying to get my head around the below:

  1. https://developer.apple.com/videos/play/wwdc2016/225/ mentions that sendPayments intent is by default IntentsRestrictedWhileLocked, but if we want to up the security so that the user needs to approve with Touch Id (Local Authentication), then how would this be done? This would be needed both when the device is locked/unlocked. I'm assuming the extension would need to somehow display Local authentication UI in the 'Confirm' stage?

  2. Also they mention that security can be increased, but just need confirmation if the mechanism for doing it is only IntentsRestrictedWhileLocked extension attribute? or is there a way to specify that touch id authentication is required?

inforeqd
  • 3,209
  • 6
  • 32
  • 46

3 Answers3

5

To answer both questions, yes you can increase the security for payment with Touch ID, Here's how I implemented it on Apple's sample code here, I added the following functions to SendPaymentIntentHandler.swift :

func authenticate(successAuth: @escaping () -> Void, failure: @escaping (NSError?) -> Void) {
    // 1. Create a authentication context
    let authenticationContext = LAContext()
    var error:NSError?
    guard authenticationContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) else {
        failure(error)
        return
    }
    // 3. Check the fingerprint
    authenticationContext.evaluatePolicy(
        .deviceOwnerAuthenticationWithBiometrics,
        localizedReason: "Unlock to send the money",
        reply: { [unowned self] (success, error) -> Void in

            if( success ) {
                successAuth()

            }else {
                let message = self.errorMessageForLAErrorCode(errorCode: (error! as NSError).code)
                print(message)
                failure(error! as NSError)
            }

        })

}

func errorMessageForLAErrorCode( errorCode:Int ) -> String{

    var message = ""

    switch errorCode {

    case LAError.appCancel.rawValue:
        message = "Authentication was cancelled by application"

    case LAError.authenticationFailed.rawValue:
        message = "The user failed to provide valid credentials"

    case LAError.invalidContext.rawValue:
        message = "The context is invalid"

    case LAError.passcodeNotSet.rawValue:
        message = "Passcode is not set on the device"

    case LAError.systemCancel.rawValue:
        message = "Authentication was cancelled by the system"

    case LAError.touchIDLockout.rawValue:
        message = "Too many failed attempts."

    case LAError.touchIDNotAvailable.rawValue:
        message = "TouchID is not available on the device"

    case LAError.userCancel.rawValue:
        message = "The user did cancel"

    case LAError.userFallback.rawValue:
        message = "The user chose to use the fallback"

    default:
        message = "Did not find error code on LAError object"

    }

    return message

}

And then called function authenticate in the handle method, The result is that my app asked for Touch ID authentication after confirming the payment, and then after the user authenticate himself it sends the payment successfully.

Reem
  • 267
  • 2
  • 14
  • I'm not getting the screen but i'm getting the voice from siri as please authenticate... I think there's a problem in presenting the UI – Ephrim Daniel Feb 28 '19 at 10:51
1

It sounds like you're expecting there to be a built-in way for send payment extensions to invoke local authentication. Like maybe specifying a key in a plist to say you want touch ID authentication? I don't think that's the case.

For the send payment extension I'm working on, we're instantiating an LAContext in the confirm phase, and calling both canEvaluatePolicy(_:error:) and evaluatePolicy(_:localizedReason:reply:). When they saying local authentication is supported, I think they just mean that you can trigger it in your extension and the UI will be displayed by Siri.

Phil Viso
  • 643
  • 7
  • 11
0

If a specified intent is listed in IntentsRestrictedWhileLocked, it cannot be invoked by Siri when the screen is locked. It can be invoked only when the device is unlocked by either passcode or touch id. There is no way to distinguish how the device is unlocked as far as I know.

Cheng Zheng
  • 116
  • 4