Skip to content

Fix: Normalize empty keyAlias to undefined before native bridge call#92

Open
santisemhan wants to merge 2 commits into
sbaiahmed1:mainfrom
santisemhan:feat/empty-alias-santisemhan
Open

Fix: Normalize empty keyAlias to undefined before native bridge call#92
santisemhan wants to merge 2 commits into
sbaiahmed1:mainfrom
santisemhan:feat/empty-alias-santisemhan

Conversation

@santisemhan

@santisemhan santisemhan commented Jun 10, 2026

Copy link
Copy Markdown

Problem

signWithOptions and verifyKeySignature default keyAlias to an empty string '' when none is provided. This empty string gets passed as-is to the Android native layer.

In ReactNativeBiometricsSharedImpl.kt, getKeyAlias only falls back to the default alias ("biometric_key") when receiving null — an empty string is not null in Kotlin, so no fallback occurs:

private fun getKeyAlias(keyAlias: String? = null): String {
    return keyAlias ?: configuredKeyAlias ?: run { ... }
}

As a result, the native layer looks for a key with alias "" in the Android Keystore, finds nothing, and returns { success: false, error: "Key not found" } — without ever showing the biometric prompt.

Fix

Normalize keyAlias to null before passing it to the native bridge, so the existing Kotlin fallback works correctly:

const resolvedKeyAlias = keyAlias || null;

Applied to both signWithOptions and verifyKeySignature. The native type definition for verifyKeySignature in NativeReactNativeBiometrics.ts is updated from string to string | null to match the Kotlin implementation (which already accepts String?) and be consistent with verifyKeySignatureWithOptions and verifyKeySignatureWithEncoding. No changes to public API signatures or defaults.

Behaviour after fix

Calling signWithOptions({ data, promptTitle }) or verifyKeySignature('', data) without a keyAlias now behaves identically to passing keyAlias: 'biometric_key' — the biometric prompt is shown and the default key is used.

@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Make the native verifyKeySignature accept keyAlias: string | null and normalize keyAlias in JS (convert falsy/empty to null) before passing it to native verify/sign calls.

Changes

Key-alias nullability & normalization

Layer / File(s) Summary
TurboModule spec: nullable keyAlias
src/NativeReactNativeBiometrics.ts
Spec.verifyKeySignature now types keyAlias as `string
JS: compute and pass resolvedKeyAlias into native calls
src/index.tsx
verifyKeySignature and signWithOptions compute resolvedKeyAlias (`keyAlias

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

🐰 I nudge the alias, empty to null,
Threads of code now tidy and small,
JS whispers "resolved" as it goes,
Native accepts what it knows —
A quiet hop where signatures fall.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Title check ⚠️ Warning The title claims normalizing keyAlias to 'undefined' but the actual implementation normalizes to 'null' via JavaScript's type conversion in native bridge calls. Update the title to accurately reflect the implementation. Consider: 'Fix: Normalize empty keyAlias to null for native bridge compatibility' or similar wording that reflects the actual null conversion behavior.
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/index.tsx`:
- Around line 272-278: The code normalizes keyAlias to undefined then passes it
to native methods with stricter typings; update the calls so types match the
native contracts: for verifyKeySignature ensure you pass a string (do not pass
undefined—use keyAlias as a string or fail early if missing) when calling
ReactNativeBiometrics.verifyKeySignature (refer to resolvedKeyAlias / keyAlias),
and for ReactNativeBiometrics.verifyKeySignatureWithOptions and
verifyKeySignatureWithEncoding ensure you pass null (not undefined) when no
alias is provided so the parameter is string | null as expected; adjust the
normalization logic around resolvedKeyAlias and the three call sites
accordingly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fb9c2ca1-6dff-4c89-8c33-163358d9be59

📥 Commits

Reviewing files that changed from the base of the PR and between 92f6149 and 8057677.

📒 Files selected for processing (1)
  • src/index.tsx

Comment thread src/index.tsx Outdated
@santisemhan

Copy link
Copy Markdown
Author

@sbaiahmed1 @mrejdak Can you check it? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant