Skip to content

feat: Add configurable biometric authentication policies for CredentialsManager #1019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 25, 2025
Merged

feat: Add configurable biometric authentication policies for CredentialsManager #1019

merged 7 commits into from
Nov 25, 2025

Conversation

@subhankarmaiti
Copy link
Contributor

@subhankarmaiti subhankarmaiti commented Nov 16, 2025

This PR introduces configurable biometric authentication policies for CredentialsManager, allowing developers to control when biometric prompts are shown. This reduces authentication friction while maintaining security.

New Features:

  • BiometricPolicy enum with three strategies: .always, .session(timeoutInSeconds:), .appLifecycle(timeoutInSeconds:)
  • isBiometricSessionValid() - Check session validity
  • clearBiometricSession() - Manually invalidate session
  • Thread-safe session management using NSLock

Files Modified:

  • New: Auth0/BiometricPolicy.swift
  • Modified: Auth0/CredentialsManager.swift, Auth0/BioAuthentication.swift
  • New: Auth0Tests/BiometricPolicySpec.swift (33 test cases)
  • Updated: EXAMPLES.md, sample app with policy demonstrations

References

Usage Examples

Always Policy (Default)

credentialsManager.enableBiometrics(withTitle: "Unlock with Face ID")

Session Policy

credentialsManager.enableBiometrics(
    withTitle: "Unlock with Face ID",
    policy: .session(timeoutInSeconds: 300)
)

App Lifecycle Policy

credentialsManager.enableBiometrics(
    withTitle: "Unlock with Face ID",
    policy: .appLifecycle() // Default: 3600 seconds
)

Manual Session Management

// Check validity
let isValid = credentialsManager.isBiometricSessionValid()

// Force re-authentication
CredentialsManager.clearBiometricSession()

Migration Guide

No breaking changes. Existing code works unchanged:

// Before and After - no changes needed
credentialsManager.enableBiometrics(withTitle: "Unlock")

Opt into new policies:

// Session-based authentication
credentialsManager.enableBiometrics(
    withTitle: "Unlock", 
    policy: .session(timeoutInSeconds: 300)
)

// Clear on background (optional)
func applicationDidEnterBackground(_ application: UIApplication) {
    CredentialsManager.clearBiometricSession()
}

Checklist

  • Matches design document and Android PR Release 2.9.0 #867
  • 33 new test cases added and passing
  • Documentation updated (EXAMPLES.md)
  • Sample app demonstrates all policies
  • Thread-safe implementation
  • Backward compatible
  • No breaking changes

@subhankarmaiti
feat: add BiometricPolicy to manage biometric authentication requirem…
f814a9a 
…ents and update CredentialsManager to support it
@subhankarmaiti subhankarmaiti requested a review from a team as a code owner November 16, 2025 11:29
NandanPrabhu
NandanPrabhu reviewed Nov 18, 2025
View reviewed changes
NandanPrabhu
NandanPrabhu reviewed Nov 18, 2025
View reviewed changes
NandanPrabhu
NandanPrabhu reviewed Nov 18, 2025
View reviewed changes
NandanPrabhu
NandanPrabhu reviewed Nov 18, 2025
View reviewed changes
NandanPrabhu
NandanPrabhu reviewed Nov 19, 2025
View reviewed changes
NandanPrabhu
NandanPrabhu requested changes Nov 19, 2025
View reviewed changes
Copy link
Contributor

@NandanPrabhu NandanPrabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/auth0/Auth0.swift/pull/1019/files#r2540941166

NandanPrabhu
NandanPrabhu previously approved these changes Nov 19, 2025
View reviewed changes
@subhankarmaiti subhankarmaiti merged commit 4d9fe7b into master Nov 25, 2025
11 of 12 checks passed
@subhankarmaiti subhankarmaiti deleted the SDK-6524-biometric-policy branch November 25, 2025 05:11
NandanPrabhu added a commit that referenced this pull request Nov 27, 2025
@NandanPrabhu
Merge branch 'master' into feat/agents.md
0015102 
* master:
  feat: Add configurable biometric authentication policies for CredentialsManager (#1019)
  Support a new offering from Auth0 #1021 (#1024)
  Bump actions/checkout from 5 to 6 (#1023)
  chore: added snyk scan workflow (#1025)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NandanPrabhu NandanPrabhu NandanPrabhu approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@subhankarmaiti @NandanPrabhu