Skip to content

Flutter plugin that secures your secrets in keychain using biometric authentication (Fingerprint, Touch ID, Face ID...).

License

Notifications You must be signed in to change notification settings

infinum/flutter-plugins-locker

Flutter Locker🔒

Locker

Flutter plugin that secures your secrets in keychain using biometric authentication (Fingerprint, Touch ID, Face ID...).

It uses:

Table of contents

Migrate to 2.1.0

The models now accept named parameters instead of unnamed, e.g.:

RetrieveSecretRequest(
  key: 'key',
  androidPrompt: AndroidPrompt(title: 'title', cancelLabel: 'cancel'),
  iOsPrompt: IOsPrompt(touchIdText: 'description'),
)

Usage

FlutterLocker.canAuthenticate();

Checks if the devices has biometric features.

await FlutterLocker.save(SaveSecretRequest(
  key: 'key',
  secret: 'secret',
  androidPrompt: AndroidPrompt(title: 'Authenticate', cancelLabel: 'Cancel'),
));

Saves the secret. On Android prompt is shown, while on iOS there is no need for the prompt when saving.

await FlutterLocker.retrieve(RetrieveSecretRequest(
  key: key,
  androidPrompt: AndroidPrompt(title: 'Authenticate', cancelLabel: 'Cancel'),
  iOsPrompt: IOsPrompt(touchIdText: 'Authenticate'),
));

Retrieves the secret. You need to provide a prompt for Android and iOS. Prompt for iOS is used only with TouchID. FaceID uses strings from Info.plist.

await FlutterLocker.delete('key');

Deletes the secret.

Exceptions

For common exceptions, a LockerException is thrown.

Use LockerException.reason to find out what went wrong:

  • secretNotFound - Happens when you try to retrieve a secret that was never saved for that key
  • authenticationCanceled - User canceled the authentication prompt
  • authenticationFailed - User failed authentication, e.g. by too many wrong attempts

For other exception, a PlatformException is thrown. You can use PlatformException.message to get more info.

Notes

  • iOS only: app will not show authentication dialog when saving (authentication will always succeed)
  • please follow Locker and Goldfinger setup to prevent any issues

Setup

iOS

To use Locker you need to add the NSFaceIDUsageDescription to you Info.plist.

If NSFaceIDUsageDescription is not provided, the app will crash with the following error:

This app has crashed because it attempted to access privacy-sensitive data without a usage description.  The app's Info.plist must contain an NSFaceIDUsageDescription key with a string value explaining to the user how the app uses this data.

Android

Ensure MainActivity extends FlutterFragmentActivity.

class MainActivity: FlutterFragmentActivity() {
    // ...
}

When showing authentication prompt, the app might crash on some Samsung devices if you don't use an appropriate theme: https://github.com/infinum/flutter-plugins-locker/commit/fcb1f6401d89f860d24ea9a75027d62a03e87926.

Contributing

We believe that the community can help us improve and build better a product. Please refer to our contributing guide to learn about the types of contributions we accept and the process for submitting them.

To ensure that our community remains respectful and professional, we defined a code of conduct that we expect all contributors to follow.

We appreciate your interest and look forward to your contributions.

License

Copyright 2024 Infinum

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Credits

Maintained and sponsored by Infinum.