Skip to content

Always reset the LAContext if we're trying to force a biometric prompt#595

Merged
jhaven-stytch merged 1 commit intomainfrom
jordan/biometrics-take-two
Jan 23, 2026
Merged

Always reset the LAContext if we're trying to force a biometric prompt#595
jhaven-stytch merged 1 commit intomainfrom
jordan/biometrics-take-two

Conversation

@jhaven-stytch
Copy link
Contributor

@jhaven-stytch jhaven-stytch commented Jan 23, 2026

  1. iOS doesn't enforce biometrics on reading from the keychain, only on writing to it
  2. As a result, we have to explicitly request authentication when reading from the keychain in the desired areas
  3. iOS reuses the authentication context within a session (to prevent "authentication fatigue" for users), which prevents the policy evaluation from running
  4. So we have to both explicitly request authentication AND explicitly request a new authentication context if we want to ensure that the policy evaluation occurs

Changes:

Checklist:

  • I have verified that this change works in the relevant demo app, or N/A
  • I have added or updated any tests relevant to this change, or N/A
  • I have updated any relevant README files for this change, or N/A

@jhaven-stytch jhaven-stytch requested a review from a team as a code owner January 23, 2026 16:59
@jhaven-stytch jhaven-stytch requested review from a team, chris-stytch and mary-stytch and removed request for a team and chris-stytch January 23, 2026 16:59
@jhaven-stytch jhaven-stytch merged commit f8f6e36 into main Jan 23, 2026
8 checks passed
@jhaven-stytch jhaven-stytch deleted the jordan/biometrics-take-two branch January 23, 2026 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mary-stytch mary-stytch mary-stytch approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jhaven-stytch @mary-stytch