I have a working example below, but a bit of an explanation.
I want the user to be able to toggle the option to unlock their app data with biometrics (or not if preferred). If they activate the toggle, once the app resigns to background or has been terminated the next time it is launched they should be prompted to log in.
This portion of the app functionality I have operational. However, once the user logs in once, resigns to background and then relaunches they are in instantly.
I altered the codebase so that the "permission" bool was set to false, however when the view to authenticate prompts them, there is none of the Apple biometrics, they are simply granted access.
I tried using the LAContext.invalidate but after adding that into the check when resigning of background the biometric prompts never reappear - unless fully terminated.
Am I missing something or how do other apps like banking create the prompt on every foreground instance?
// main.swift
#main
struct MyApp: App {
#StateObject var biometricsVM = BiometricsViewModel()
var body: some Scene {
WindowGroup {
// toggle for use
if UserDefaults.shared.bool(forKey: .settingsBiometrics) {
// app unlocked
if biometricsVM.authorisationGranted {
MyView() // <-- the app view itself
.onAppear {
NotificationCenter.default.addObserver(
forName: UIApplication.willResignActiveNotification,
object: nil,
queue: .main
) { _ in
biometricsVM.context.invalidate()
biometricsVM.authorisationGranted = false
}
}
} else {
BioCheck(vm: biometricsVM)
}
}
}
}
}
// biometricsVM.swift
final class BiometricsViewModel: ObservableObject {
#Published var authorisationGranted = false
#Published var authorisationError: Error?
let context = LAContext()
func requestAuthorisation() {
var error: NSError? = nil
let hasBiometricsEnabled = context.canEvaluatePolicy(
.deviceOwnerAuthentication, error: &error
)
let reason = "Unlock to gain access to your data"
if hasBiometricsEnabled {
switch context.biometryType {
case .touchID, .faceID:
context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: reason ) { success, error in
DispatchQueue.main.async {
self.authorisationGranted = success
self.authorisationError = error
}
}
case .none:
// other stuff
#unknown default:
// other stuff
}
}
}
}
// biocheck.swift
struct BioCheck: View {
#ObservedObject var vm: BiometricsViewModel
var body: some View {
Button {
vm.requestAuthorisation()
} label: {
Text("Authenticate")
}
.onAppear { vm.requestAuthorisation() }
}
}
Video of issue:
The problem is that the code in MyApp runs once the app opens similar to didFinishLaunchingWithOptions. To fix this, create a new View & place the following code in it:
if UserDefaults.shared.bool(forKey: .settingsBiometrics) {
if biometricsVM.authorisationGranted {
MyView()
.onAppear {
NotificationCenter.default.addObserver(
forName: UIApplication.willResignActiveNotification,
object: nil,
queue: .main
) { _ in
biometricsVM.context.invalidate()
biometricsVM.authorisationGranted = false
}
}
} else {
BioCheck(vm: biometricsVM)
}
}
Then replace the content of WindowGroup with the View you created.
Edit:
It was the function requestAuthorisation giving an error related to context. You should create a new context every time you call that function:
func requestAuthorisation() {
var error: NSError? = nil
let context = LAContext()
let hasBiometricsEnabled = context.canEvaluatePolicy(
.deviceOwnerAuthentication, error: &error
)
let reason = "Unlock to gain access to your data"
if hasBiometricsEnabled {
switch context.biometryType {
case .touchID, .faceID:
context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: reason ) { success, error in
DispatchQueue.main.async {
self.authorisationGranted = success
self.authorisationError = error
}
}
case .none:
// other stuff
break
#unknown default:
break
}
}
}
Related
I'm using a companion app to authorize a user with a 3rd party service. Once authorized, I update a UserDefaults variable to true. On the companion app side, the view updates correctly and shows that the user has been authenticated. However, on the watch OS side the view does not update. Would I need to use the Watch Connectivity API and send a message to the watch to update the state? Or is there a simple way?
Phone App
struct AuthenticationView: View {
#State private var startingWebAuthenticationSession = false
#AppStorage("authorized") private var authorized = false
var body: some View {
Group {
if !authorized {
VStack {
Button("Connect", action: { self.startingWebAuthenticationSession = true })
.webAuthenticationSession(isPresented: $startingWebAuthenticationSession) {
WebAuthenticationSession(
url: URL(string: "https://service.com/oauth/authorize?scope=email%2Cread_stats&response_type=code&redirect_uri=watch%3A%2F%2Foauth-callback&client_id=\(clientId)")!,
callbackURLScheme: callbackURLScheme
) { callbackURL, error in
guard error == nil, let successURL = callbackURL else {
return
}
let oAuthCode = NSURLComponents(string: (successURL.absoluteString))?.queryItems?.filter({$0.name == "code"}).first
guard let authorizationCode = oAuthCode?.value else { return }
let url = URL(string: "https://service.com/oauth/token")
var request = URLRequest(url: url!)
request.httpMethod = "POST"
let params = "client_id=\(clientId)&client_secret=\(clientSecret)&grant_type=authorization_code&code=\(authorizationCode)&redirect_uri=\(callbackURLScheme)://oauth-callback";
request.httpBody = params.data(using: String.Encoding.utf8);
let task = URLSession.shared.dataTask(with: request) { (data, response, error) in
if let error = error {
print("Error took place \(error)")
return
}
if let data = data, let response = String(data: data, encoding: .utf8) {
let accessTokenResponse: AccessTokenResponse = try! JSONDecoder().decode(AccessTokenResponse.self, from: response.data(using: .utf8)!)
let defaults = UserDefaults.standard
authorized = true
startingWebAuthenticationSession = false
defaults.set(accessTokenResponse.access_token, forKey: DefaultsKeys.accessToken) //TODO: Store securely
ConnectivityService.shared.send(authorized: true)
}
}
task.resume()
}
.prefersEphemeralWebBrowserSession(false)
}
}
}
else {
VStack {
Text("Authenticated!")
}
}
}
}
}
WatchOS
import SwiftUI
struct ConnectView: View {
#ObservedObject var connectivityService: ConnectivityService
var body: some View {
if !$connectivityService.authorized.wrappedValue {
VStack {
Text("Open the app on your primary device to connect.")
}
}
else {
//Some other view
}
}
}
EDIT:
Trying with Watch Connectivity API but the issue I'm experiencing is that when I authenticate from the phone, it'll take some time for the ConnectView to update the authorized variable. I know Watch Connectivity API doesn't update right away but at minimum I'd need some way for the watch to pick up that a secret access token has been retrieved and it can transition to the next view; whether that's through a shared state variable, UserDefaults, or whatever other mechanism.
Here is the ConnectivityService class I'm using:
import Foundation
import Combine
import WatchConnectivity
final class ConnectivityService: NSObject, ObservableObject {
static let shared = ConnectivityService()
#Published var authorized: Bool = false
override private init() {
super.init()
#if !os(watchOS)
guard WCSession.isSupported() else {
return
}
#endif
WCSession.default.delegate = self
WCSession.default.activate()
}
public func send(authorized: Bool, errorHandler: ((Error) -> Void)? = nil) {
guard WCSession.default.activationState == .activated else {
return
}
#if os(watchOS)
guard WCSession.default.isCompanionAppInstalled else {
return
}
#else
guard WCSession.default.isWatchAppInstalled else {
return
}
#endif
let authorizationInfo: [String: Bool] = [
DefaultsKeys.authorized: authorized
]
WCSession.default.sendMessage(authorizationInfo, replyHandler: nil)
WCSession.default.transferUserInfo(authorizationInfo)
}
}
extension ConnectivityService: WCSessionDelegate {
func session(_ session: WCSession, activationDidCompleteWith activationState: WCSessionActivationState, error: Error?) { }
func session(
_ session: WCSession,
didReceiveUserInfo userInfo: [String: Any] = [:]
) {
let key = DefaultsKeys.authorized
guard let authorized = userInfo[key] as? Bool else {
return
}
self.authorized = authorized
}
func session(_ session: WCSession, didReceiveMessage message: [String : Any]) {
self.authorized = true
}
#if os(iOS)
func sessionDidBecomeInactive(_ session: WCSession) {
}
func sessionDidDeactivate(_ session: WCSession) {
WCSession.default.activate()
}
#endif
}
I tried doing these two lines but they have varying results:
WCSession.default.sendMessage(authorizationInfo, replyHandler: nil)
WCSession.default.transferUserInfo(authorizationInfo)
In the first line, XCode will say that no watch app could be found, even though I'm connected to both physical devices through XCode; launch phone first then watch. I believe the first one is immediate and the second is more of when the queue feels like it. Sometimes if I hard close the watch app, it'll pick up the state change in the authorized variable, sometimes it won't. Very frustrating inter-device communication.
UserDefaults doesn't pick up the access token value on the watch side. Maybe I have to use App Groups?
I do see this error on the Watch side:
Publishing changes from background threads is not allowed; make sure to publish values from the main thread (via operators like receive(on:)) on model updates.
So I thought to try and encapsulate the self.authorized = authorized call into something like:
DispatchQueue.main.async {
self.authorized = authorized
}
But it didn't do anything as far as solving the immediate state change issue.
Here is a code snippet I am trying to get it work but without success so far. initialize() works fine but then getUserAttributes() is not triggering the callback. Not just getUserAttributes(), even other AWS calls such as getTokens() not triggering either. Believe, some where down inside AWS code, it is getting blocked. If I comment out initialize() then getUserAttributes() callback gets invoked. Tried various options with DispatchQueue/DispatchGroup, no help.
AWSMobileClient pod version 2.12.7.
import Foundation
import AWSMobileClient
struct AWSUser {
static let serialQueue = DispatchQueue(label: "serialQueue")
static let group = DispatchGroup()
static func initialize() -> Void {
DispatchQueue.global(qos: .background).async {
AWSInitialize()
getAWSUserAttributes()
}
}
static func AWSInitialize() -> Void {
group.enter()
AWSMobileClient.default().initialize { (userState, error) in
// error handling ...
switch userState {
case .signedIn:
//getAWSUserAttributes()
break
default:
break
}
group.leave()
}
}
static func getAWSUserAttributes() {
group.wait()
group.enter()
AWSMobileClient.default().getUserAttributes { (attrs, error) in
// NEVER REACHED!!!
// BUT WORKS IF AWSMobileClient.default().initialize() is commented out
group.leave()
}
}
}
For Getting Callback or trigger any event of AWSMobile Client, Make sure you have implemented below code in AppDelegate or respective view controller. If this method implement then function is trigger...
//Initialised Use Pool
func intializeUserPool() -> Void {
AWSDDLog.sharedInstance.logLevel = .verbose // TODO: Disable or reduce log level in production
AWSDDLog.add(AWSDDTTYLogger.sharedInstance) // TTY = Log everything to Xcode console
//Important for event handler
initializeAWSMobileClient()
}
// Add user state listener and initialize the AWSMobileClient
func initializeAWSMobileClient() {
AWSMobileClient.default().initialize { (userState, error) in
print("Initialise userstate:\(String(describing: userState)) and Info:\(String(describing: error))")
if let userState = userState {
switch(userState){
case .signedIn: // is Signed IN
print("Logged In")
print("Cognito Identity Id (authenticated): \(String(describing: AWSMobileClient.default().identityId))")
case .signedOut: // is Signed OUT
print("Logged Out")
print("Cognito Identity Id (unauthenticated): \(String(describing: AWSMobileClient.default().identityId))")
case .signedOutUserPoolsTokenInvalid: // User Pools refresh token INVALID
print("User Pools refresh token is invalid or expired.")
default:
self.signOut()
}
} else if let error = error {
print(error.localizedDescription)
}
}
//Register State
self.addUserStateListener() // Register for user state changes
}
// AWSMobileClient - a realtime notifications for user state changes
func addUserStateListener() {
AWSMobileClient.default().addUserStateListener(self) { (userState, info) in
print("Add useruserstate:\(userState) and Info:\(info)")
switch (userState) {
case .signedIn:
print("Listener status change: signedIn")
DispatchQueue.main.async {
self.getSession()
}
case .signedOut:
print("Listener status change: signedOut")
case .signedOutFederatedTokensInvalid:
print("Listener status change: signedOutFederatedTokensInvalid")
default:
print("Listener: unsupported userstate")
}
}
}
On iOS app with GoogleInteractiveMediaAds integrated "Skip Ad" button doesn't work. Meanwhile manual call adsManager.skip() works perfectly. The button itself reacts to the tuches because it changes bounds and seems highlighted. Unfortunately, I haven't found anything according to handle tap manually, so maybe somebody has already been in this situation and could help with it.
guard
let adInformation = delegate?.latestAdInformation(), let url = adInformation.urlForIMA,
let adContainer = delegate?.videoAdDisplayContainerView()
else { return }
switch adInformation.adsType {
case .interstitials, .none:
self.play(ignoreAds: true)
return
case .prerolls, .all:
fallthrough
#unknown default:
break
}
let adDisplayContainer = IMAAdDisplayContainer(adContainer: adContainer, companionSlots: nil)
let request = IMAAdsRequest(
adTagUrl: url,
adDisplayContainer: adDisplayContainer,
contentPlayhead: contentPlayhead,
userContext: nil)
adsLoader.requestAds(with: request)
func adsLoader(_ loader: IMAAdsLoader!, adsLoadedWith adsLoadedData: IMAAdsLoadedData!) {
// Grab the instance of the IMAAdsManager and set ourselves as the delegate
adsManager = adsLoadedData.adsManager
adsManager?.delegate = self
// Create ads rendering settings and tell the SDK to use the in-app browser.
let adsRenderingSettings = IMAAdsRenderingSettings()
if let vc = delegate?.adWebControllerPreferredOpenViewController() {
adsRenderingSettings.webOpenerPresentingController = vc
}
// Initialize the ads manager.
adsManager?.initialize(with: adsRenderingSettings)
}
func adsLoader(_ loader: IMAAdsLoader!, failedWith adErrorData: IMAAdLoadingErrorData!) {
self.play(ignoreAds: true)
}
func adsManager(_ adsManager: IMAAdsManager!, didReceive event: IMAAdEvent!) {
if event.type == IMAAdEventType.LOADED {
adsManager.start()
}
}
func adsManager(_ adsManager: IMAAdsManager!, didReceive error: IMAAdError!) {
self.play(ignoreAds: true)
}
func adsManagerDidRequestContentPause(_ adsManager: IMAAdsManager!) {
self.pause(ignoreAds: true)
}
func adsManagerDidRequestContentResume(_ adsManager: IMAAdsManager!) {
self.play(ignoreAds: true)
}
I have a singleton object for observing Network status, it's based around NWPathMonitor class.
In the pathUpdateHandler callback I want to post a custom notification with current interface type of the path and then the strangest thing happens: I have place breakpoints before and after the .post method and the second breakpoint is never reached and the notification does is not posted. What could be the issue? It's the first time I've encountered such situation
class NetworkMonitor {
static let shared = NetworkMonitor()
private let monitor: NWPathMonitor
enum InterfaceType: String {
case wifi
case cellular
case other
case none
}
private init() {
monitor = NWPathMonitor()
monitor.pathUpdateHandler = { path in
print("Before notification")
NotificationCenter.default.post(name: NetworkMonitor.connectionChangedNotification, object: nil, userInfo: ["interface": path.interfaceType])
print("Notification posted") // This line is not being printed
}
}
public func start() {
let queue = DispatchQueue.global(qos: .utility)
monitor.start(queue: queue)
}
}
fileprivate extension NWPath {
var interfaceType: NetworkMonitor.InterfaceType {
guard status == .satisfied else {
return .none
}
if usesInterfaceType(.wifi) {
return .wifi
} else if usesInterfaceType(.cellular) {
return .cellular
} else {
return .other
}
}
}
EDIT:
I have subscribed to this notification in two places, A and B. I noticed that the callback in object B gets called twice and in A not one time. I have no idea what is going on here, for now I have commented out the code in B and everything is working properly, but I mean, what the heck.
In both objects I have
var connectionObserver: Any?
connectionObserver = NotificationCenter.default.addObserver(forName:
NetworkMonitor.connectionChangedNotification, object: nil, queue: nil) {
...
}
If I don't use the connectionObserver variable the bug also exists
Changing the rawValue of notification name does not change anything
I'm implementing the login possibility with touchID using Swift.
Following: when the App is started, there is a login screen and a touchID popup - that's working fine. The problem occurs, when the app is loaded from background: I want the touchID popup appear over a login screen if a specific timespan hasn't been exceeded yet - but this time I want the touchID to go to the last shown view before the app entered background. (i.e. if the user wants to cancel the touchID, there is a login screen underneath where he then can authenticate via password, which leads him to the last shown view OR if the touchID authentication succeeded, the login screen should be dismissed and the last shown view presented.)
I really tried everything on my own, and searched for answers - nothing did help me. Here is my code:
override func viewDidLoad() {
super.viewDidLoad()
//notify when foreground or background have been entered -> in that case there are two methods that will be invoked: willEnterForeground and didEnterBackground
let notificationCenter = NSNotificationCenter.defaultCenter()
notificationCenter.addObserver(self, selector: "willEnterForeground", name:UIApplicationWillEnterForegroundNotification, object: nil)
notificationCenter.addObserver(self, selector: "didEnterBackground", name: UIApplicationDidEnterBackgroundNotification, object: nil)
password.secureTextEntry = true
if (username != nil) {
username.text = "bucketFit"
}
username.delegate = self
password.delegate = self
if let alreadyShown : AnyObject? = def.objectForKey("alreadyShown") {
if (alreadyShown == nil){
authenticateWithTouchID()
}
}
}
willEnterForeground:
func willEnterForeground() {
//save locally that the guide already logged in once and the application is just entering foreground
//the variable alreadyShown is used for presenting the touchID, see viewDidAppear method
def.setObject(true, forKey: "alreadyShown")
if let backgroundEntered : AnyObject? = def.objectForKey("backgroundEntered") {
let startTime = backgroundEntered as! NSDate
//number of seconds the app was in the background
let inactivityDuration = NSDate().timeIntervalSinceDate(startTime)
//if the app was longer than 3 minutes inactiv, ask the guide to input his password
if (inactivityDuration > 2) {
showLoginView()
} else {
def.removeObjectForKey("alreadyShown")
showLoginView()
}
}
}
authenticateWithTouchID():
func authenticateWithTouchID() {
let context : LAContext = LAContext()
context.localizedFallbackTitle = ""
var error : NSError?
let myLocalizedReasonString : NSString = "Authentication is required"
//check whether the iphone has the touchID possibility at all
if context.canEvaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, error: &error) {
//if yes then execute the touchID and see whether the finger print matches
context.evaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, localizedReason: myLocalizedReasonString as String, reply: { (success : Bool, evaluationError : NSError?) -> Void in
//touchID succeded -> go to students list page
if success {
NSOperationQueue.mainQueue().addOperationWithBlock({ () -> Void in
self.performSegueWithIdentifier("studentsList", sender: self)
})
} else {
// Authentification failed
print(evaluationError?.description)
//print out the specific error
switch evaluationError!.code {
case LAError.SystemCancel.rawValue:
print("Authentication cancelled by the system")
case LAError.UserCancel.rawValue:
print("Authentication cancelled by the user")
default:
print("Authentication failed")
}
}
})
}
}
shouldPerformSegueWithIdentifier:
override func shouldPerformSegueWithIdentifier(identifier: String, sender: AnyObject?) -> Bool {
if (false) { //TODO -> username.text!.isEmpty || password.text!.isEmpty
notify("Login failed", message: "Please enter your username and password to proceed")
return false
} else if (false) { //TODO when backend ready! -> !login("bucketFit", password: "test")
notify("Incorrect username or password", message: "Please try again")
return false
//if the login page is loaded after background, dont proceed (then we need to present the last presented view on the stack before the app leaved to background)
} else if let alreadyShown : AnyObject? = def.objectForKey("alreadyShown") {
if (alreadyShown != nil){
//TODO check whether login data is correct
dismissLoginView()
return false
}
}
return true
}
Thank you in advance.
What you could do is create a AuthenticationManager. This manager would be a shared instance which keep track of whether authentication needs to be renewed. You may also want this to contain all of the auth methods.
class AuthenticationManager {
static let sharedInstance = AuthenticationManager()
var needsAuthentication = false
}
In AppDelegate:
func willEnterForeground() {
def.setObject(true, forKey: "alreadyShown")
if let backgroundEntered : AnyObject? = def.objectForKey("backgroundEntered") {
let startTime = backgroundEntered as! NSDate
//number of seconds the app was in the background
let inactivityDuration = NSDate().timeIntervalSinceDate(startTime)
//if the app was longer than 3 minutes inactiv, ask the guide to input his password
if (inactivityDuration > 2) {
AuthenticationManager.sharedInstance.needsAuthentication = true
}
}
}
Then, subclass UIViewController with a view controller named SecureViewController. Override viewDidLoad() in this subclass
override fun viewDidLoad() {
super.viewDidLoad()
if (AuthenticationManager.sharedInstance().needsAuthentication) {
// call authentication methods
}
}
Now, make all your View Controllers that require authentication subclasses of SecureViewController.