Skip to content

feat: add configurable biometric authentication policies #1411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
subhankarmaiti merged 5 commits into from
Dec 16, 2025
Merged

feat: add configurable biometric authentication policies #1411

subhankarmaiti merged 5 commits into from
Dec 16, 2025

Conversation

@subhankarmaiti
Copy link
Contributor

@subhankarmaiti subhankarmaiti commented Dec 16, 2025

This PR introduces configurable biometric authentication policies for react-native-auth0, inheriting functionality from Auth0.Android (#867) and Auth0.swift (#1019, #1028).

New Features

  • Added BiometricPolicy enum with 4 policy types:

    • default: System-managed behavior (backward compatible)
    • always: Always prompts for biometric authentication
    • session: Prompts once per session with configurable timeout
    • appLifecycle: Prompts once per app lifecycle with configurable timeout

  • Extended LocalAuthenticationOptions interface with:

    • biometricPolicy?: BiometricPolicy
    • biometricTimeout?: number (default: 3600 seconds)

Related Issues

Resolves #687

@subhankarmaiti subhankarmaiti requested a review from a team as a code owner December 16, 2025 04:54
@subhankarmaiti
Copy link
Contributor Author

subhankarmaiti commented Dec 16, 2025

@claude

@github-actions
Copy link

github-actions bot commented Dec 16, 2025
edited
Loading

Claude finished @subhankarmaiti's task —— View job

Code Review Complete

  • Read project architecture documentation
  • Analyze PR diff and changes
  • Review code quality
  • Review security considerations
  • Review performance implications
  • Provide inline feedback
  • Post overall assessment

Overall Assessment

❌ This PR introduces valuable biometric authentication policy functionality but has several issues that should be addressed before merging, including a critical platform inconsistency, missing input validation, documentation accuracy concerns, and a typo in the example code.

Key Issues Identified:

  1. Critical - Platform Behavioral Inconsistency: Android maps both default and always policies to BiometricPolicy.Always, while iOS treats them differently. This creates unexpected cross-platform behavior that contradicts the documentation's claim of consistent behavior.

  2. Input Validation: Missing timeout validation in iOS implementation could lead to unexpected behavior with negative or zero values.

  3. Null Safety: Android implementation doesn't explicitly handle null policy strings, relying on fallthrough to else clause.

  4. Documentation Clarity: Several documentation statements need clarification about when prompts appear and platform-specific differences.

  5. Minor Typo: Example code contains "retreive" instead of "retrieve".

Positive Aspects:

  • Clean architecture following the SDK's established patterns
  • Good test coverage in the example app
  • Comprehensive documentation in EXAMPLES.md
  • Proper integration with native SDKs (Auth0.swift 2.16 and Auth0.Android 3.12)
  • Well-structured TypeScript types with proper enum definitions

github-actions[bot]
github-actions bot reviewed Dec 16, 2025
View reviewed changes
github-actions[bot]
github-actions bot reviewed Dec 16, 2025
View reviewed changes
github-actions[bot]
github-actions bot reviewed Dec 16, 2025
View reviewed changes
github-actions[bot]
github-actions bot reviewed Dec 16, 2025
View reviewed changes
github-actions[bot]
github-actions bot reviewed Dec 16, 2025
View reviewed changes
@pmathew92 pmathew92 requested a review from Copilot December 16, 2025 12:50
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds configurable biometric authentication policies to react-native-auth0, enabling developers to control when biometric prompts appear when accessing stored credentials. The feature provides four policy options (default, always, session, and appLifecycle) with configurable timeout support, bringing parity with the native Auth0.Android and Auth0.swift SDKs.

Key Changes:

  • Introduced BiometricPolicy enum with four policy types for controlling biometric authentication prompt behavior
  • Extended LocalAuthenticationOptions interface with biometricPolicy and biometricTimeout properties
  • Updated native iOS and Android implementations to support the new biometric policies, including dependency upgrades to Auth0 2.16 (iOS) and Auth0.android 3.12.0 (Android)

Reviewed changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/types/platform-specific.ts Added BiometricPolicy enum and extended LocalAuthenticationOptions interface with biometric policy and timeout properties
src/specs/NativeA0Auth0.ts Updated native module type definitions to include biometricPolicy and biometricTimeout fields
src/index.ts Exported BiometricPolicy enum as a value alongside other enums
src/exports/enums.ts Added BiometricPolicy to enum exports
ios/NativeBridge.swift Implemented biometric policy parsing and conversion logic for iOS
android/src/main/java/com/auth0/react/LocalAuthenticationOptionsParser.kt Implemented biometric policy parsing and mapping to Android SDK policies
android/build.gradle Updated Auth0.android dependency from 3.11.0 to 3.12.0
A0Auth0.podspec Updated Auth0 iOS dependency from 2.14 to 2.16
example/ios/Podfile.lock Updated iOS dependency lock file with Auth0 2.16.0 and checksums
example/src/navigation/RootNavigator.tsx Added lazy loading for demo navigators with Suspense to defer Auth0Provider initialization
example/src/navigation/MainTabNavigator.tsx Removed Api tab screen import and navigator entry
example/src/navigation/HooksDemoNavigator.tsx Added comprehensive usage examples demonstrating all biometric policy options
example/src/screens/hooks/Api.tsx Removed redundant API test screen
EXAMPLES.md Added comprehensive documentation section covering biometric authentication policies, usage examples, and platform-specific behavior

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@subhankarmaiti subhankarmaiti merged commit 35fb0b4 into master Dec 16, 2025
5 checks passed
@subhankarmaiti subhankarmaiti deleted the feat/biometric-authentication-policies branch December 16, 2025 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

@pmathew92 pmathew92 pmathew92 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Will be getAccessTokenSilently available?

3 participants

@subhankarmaiti @pmathew92