I'm working on a fingerprint Authentication using the keychain methods from iOS and can't manage to not show the pin proposal to be displayed after an error.
I'm using the flag kSecAccessControlBiometryCurrentSet which should only allow biometrics authentication.
So for the first prompt it works well and I didn't get the possibility to enter the passphrase but as soon as an authentication fails, the prompt changes and allow the user to enter his code. I would like to block this and only allow fingerprint authentification through that prompt.
There's the code I'm using: https://github.com/xavistas/cordova-plugin-touch-id/blob/noPinCode/src/ios/TouchID.m
If you have any idea, feel free to share :) !
I finally found the solution but it isn't really trivial. You have to know that the keychain is never cleared for your application, even if you uninstall it.
So basically, if you tried one time to with a flag, let's say kSecAccessControlUserPresence, until you manually specify that you want to clear the keychain entry, this flag will stay stored. And basically, even you if you "create the keychain token" each time the user connects to the app, it will not replace the keychain entry.
I hope it will help some of you !