feat: isAvailable return stength instead of specific factors

[WcaleNieWolny]

Based on #62

Summary by CodeRabbit

• New Features

  • Added device credential (passcode/PIN) fallback option for authentication scenarios
  • Expanded error reporting with more specific and detailed error codes

• API Changes

  • Updated authentication check response to report strength levels (none, weak, strong) instead of biometry type
  • Error codes now use typed enumeration for improved error handling

[coderabbitai]

Walkthrough

The pull request refactors the biometric authentication API to replace biometry type detection with authentication strength levels (NONE, STRONG, WEAK), adds support for fallback authentication via useFallback option, expands error handling with a BiometricAuthError enum, and updates platform implementations (Android and iOS) alongside example applications.

Changes

Cohort / File(s)	Change Summary
Type Definitions src/definitions.ts	Added AuthenticationStrength enum (NONE, STRONG, WEAK); replaced biometryType field in AvailableResult with authenticationStrength; converted errorCode type from number to BiometricAuthError; expanded BiometricAuthError enum with 13 new error codes (UNKNOWN_ERROR, BIOMETRICS_UNAVAILABLE, USER_LOCKOUT, etc.); added useFallback boolean to IsAvailableOptions.
Android Implementation android/src/main/java/ee/forgr/biometric/NativeBiometric.java	Added authentication strength constants (AUTH_STRENGTH_NONE, AUTH_STRENGTH_STRONG, AUTH_STRENGTH_WEAK); removed getAvailableFeature() method; refactored isAvailable() to evaluate biometric strength separately for BIOMETRIC_STRONG and BIOMETRIC_WEAK via BiometricManager; added convertBiometricManagerErrorToPluginError() helper to map BiometricManager errors to plugin errors.
iOS Implementation ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift	Replaced biometry type logic with authentication strength evaluation; checks biometric availability first (sets STRONG), then device credentials fallback (sets WEAK), with unified error handling; removed per-biometry-type mapping (TouchID/FaceID).
Documentation README.md	Updated AvailableResult documentation to reflect authenticationStrength and BiometricAuthError; added API documentation sections for AuthenticationStrength and BiometricAuthError enums with member descriptions; expanded IsAvailableOptions documentation for useFallback behavior.
Example Applications example-app/simple-test.html, example-app/src/js/biometric-tester.js	Added AuthenticationStrength import; replaced biometryType references with authenticationStrength; renamed getBiometryName() to getAuthenticationStrengthName(); updated enum value mapping from numeric literals to AuthenticationStrength enum keys (NONE, STRONG, WEAK); added "Use Fallback" checkbox in biometric-tester.js and pass useFallback option to isAvailable() call.
Configuration .gitignore	Added */.codex/* ignore pattern under External native build folder section.

Sequence Diagram(s)

sequenceDiagram
    participant App
    participant Plugin
    participant BiometricManager/LAContext

    App->>Plugin: isAvailable({ useFallback })
    
    Plugin->>BiometricManager/LAContext: Check BIOMETRIC_STRONG availability
    alt Strong biometrics available
        BiometricManager/LAContext-->>Plugin: Success
        Plugin->>Plugin: authenticationStrength = STRONG, isAvailable = true
    else Strong unavailable, useFallback enabled
        BiometricManager/LAContext-->>Plugin: Unavailable
        Plugin->>BiometricManager/LAContext: Check device credentials/fallback
        alt Fallback available
            BiometricManager/LAContext-->>Plugin: Success
            Plugin->>Plugin: authenticationStrength = WEAK, isAvailable = true
        else Fallback unavailable
            BiometricManager/LAContext-->>Plugin: Error
            Plugin->>Plugin: authenticationStrength = NONE, isAvailable = false<br/>errorCode = mapped error
        end
    end
    
    Plugin-->>App: AvailableResult { isAvailable, authenticationStrength, errorCode? }

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Android implementation requires careful review of the refactored biometric strength evaluation logic and error mapping converter
• iOS implementation logic flow for biometric vs. fallback credential evaluation
• Cross-platform consistency — verify that Android and iOS apply the same authentication strength determination logic
• API contract changes — confirm that all call sites in examples correctly use new authenticationStrength field and useFallback option
• Error code mapping — validate that all BiometricManager/LAContext error codes are correctly converted to BiometricAuthError values

Possibly related PRs

• feat: example app #60: Updates example application files (simple-test.html and biometric-tester.js) to reflect AuthenticationStrength and API changes introduced in this PR.

Poem

🐰 Hopping through strength levels with glee,
From STRONG to WEAK, from one to three,
No more types, just clarity—
Fallback credentials, gracefully!
Authentication made light as can be! 🔐✨

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title "feat: isAvailable return stength instead of specific factors" clearly and accurately describes the main change in the changeset: replacing the biometryType field (which represents specific biometric factors like fingerprint or face recognition) with an authenticationStrength field in the isAvailable method's return value. This core objective is reflected across all modified files, including the TypeScript definitions, platform-specific implementations (Android and iOS), documentation, and example applications. The title is concise and specific enough that a teammate scanning history would understand the primary change, though note there is a minor typo: "stength" should be "strength".

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix_isavailable_authentication_strength

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

android/src/main/java/ee/forgr/biometric/NativeBiometric.java (1)

120-146: Consider simplifying the error selection comment.

The error handling logic is correct, but the comment on lines 132-135 is quite verbose. The key point is that when neither strong nor weak biometrics succeeded, we default to BIOMETRIC_ERROR_HW_UNAVAILABLE as a catch-all.

Consider this more concise comment:

             } else {
-                // No biometrics available at all
-                // BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE indicates that biometric hardware is unavailable
-                // or cannot be accessed. This constant value may vary across Android versions, so we explicitly
-                // use the constant rather than assuming its numeric value.
+                // Default to HW_UNAVAILABLE when no specific error from biometric checks
                 biometricManagerErrorCode = BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE;
             }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4735379 and 6b227e4.

📒 Files selected for processing (7)

• .gitignore (1 hunks)
• README.md (2 hunks)
• android/src/main/java/ee/forgr/biometric/NativeBiometric.java (3 hunks)
• example-app/simple-test.html (3 hunks)
• example-app/src/js/biometric-tester.js (5 hunks)
• ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift (1 hunks)
• src/definitions.ts (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: below43
Repo: Cap-go/capacitor-native-biometric PR: 41
File: android/src/main/java/ee/forgr/biometric/AuthActivity.java:75-82
Timestamp: 2025-02-13T20:05:24.035Z
Learning: In android/src/main/java/ee/forgr/biometric/AuthActivity.java, the negativeButtonText must be set regardless of the useFallback value to prevent Android errors when negativeButtonText is null.

📚 Learning: 2025-02-13T20:05:24.035Z

Learnt from: below43
Repo: Cap-go/capacitor-native-biometric PR: 41
File: android/src/main/java/ee/forgr/biometric/AuthActivity.java:75-82
Timestamp: 2025-02-13T20:05:24.035Z
Learning: In android/src/main/java/ee/forgr/biometric/AuthActivity.java, the negativeButtonText must be set regardless of the useFallback value to prevent Android errors when negativeButtonText is null.

Applied to files:

• android/src/main/java/ee/forgr/biometric/NativeBiometric.java

🧬 Code graph analysis (2)

android/src/main/java/ee/forgr/biometric/NativeBiometric.java (1)

ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift (1)

• isAvailable (38-83)

example-app/src/js/biometric-tester.js (1)

src/index.ts (1)

• NativeBiometric (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build_android

🔇 Additional comments (17)

.gitignore (1)

71-71: Clarify .codex pattern scope.

The pattern */.codex/* only matches .codex directories one level deep (e.g., subdir/.codex/). This won't ignore .codex at the repository root or in deeply nested paths like a/b/.codex/. Depending on where codex-generated artifacts are created, you may want a more comprehensive pattern.

Consider using **/.codex/ (matches at any depth) or add both .codex/ (root level) and **/.codex/ (any nesting).

If this narrower scope is intentional, the pattern is fine. Otherwise, apply this diff:

 # External native build folder generated in Android Studio 2.2 and later
 .externalNativeBuild
-*/.codex/*
+**/.codex/

ios/Sources/NativeBiometricPlugin/NativeBiometricPlugin.swift (3)

44-59: LGTM: Clean separation of biometric and fallback authentication checks.

The two-stage policy evaluation correctly distinguishes between biometric-only and device-credential authentication, enabling accurate strength classification.

---

60-70: LGTM: Authentication strength classification is correct and consistent.

The STRONG/WEAK classification aligns with the Android implementation and follows security best practices where biometrics are stronger than device credentials.

---

71-81: LGTM: Error handling is comprehensive.

The error handling correctly covers both cases: when an error object exists (convert and set errorCode) and when no error is present (default to UNKNOWN_ERROR).

src/definitions.ts (3)

18-33: LGTM: Well-documented AuthenticationStrength enum.

The enum values and documentation accurately reflect the authentication strength model across platforms, with clear guidance on PIN/password always being WEAK.

---

47-65: LGTM: Improved type safety and API clarity.

The updated AvailableResult interface provides better type safety with the BiometricAuthError enum and clearer semantics with authenticationStrength replacing the more specific biometryType.

---

120-192: LGTM: Comprehensive error enum with excellent documentation.

The BiometricAuthError enum provides clear, well-documented error codes with platform-specific notes, making it easy for developers to handle different failure scenarios.

android/src/main/java/ee/forgr/biometric/NativeBiometric.java (3)

64-67: LGTM: Authentication strength constants align with TypeScript definitions.

The constant values match the AuthenticationStrength enum in definitions.ts and the iOS implementation.

---

88-118: LGTM: Correct strength classification with proper priority.

The logic correctly prioritizes STRONG biometrics over WEAK, with fallback credentials always classified as WEAK. This aligns with iOS implementation and security best practices.

---

460-477: LGTM: Clear error code conversion with appropriate mappings.

The helper method correctly maps BiometricManager error codes to plugin error codes, with a sensible default to UNKNOWN_ERROR for unmapped cases.

example-app/simple-test.html (2)

97-97: LGTM: Import updated for new API.

---

225-232: LGTM: Helper function correctly refactored for new enum.

The mapping from AuthenticationStrength values to display names is clear and correct.

example-app/src/js/biometric-tester.js (3)

113-118: LGTM: Useful addition for testing fallback authentication.

The checkbox provides a clear way to test both biometric-only and fallback authentication modes.

---

237-247: LGTM: Correct usage of new isAvailable API.

The code properly demonstrates the new API with useFallback parameter and authenticationStrength response field.

---

379-386: LGTM: Helper function refactored consistently.

README.md (2)

239-245: LGTM: Documentation accurately reflects new API structure.

The AvailableResult documentation correctly describes the new fields and their types.

---

318-344: LGTM: Comprehensive enum documentation.

Both AuthenticationStrength and BiometricAuthError enums are thoroughly documented with clear descriptions and platform notes.