Saves credentials using secure native technology (Keychain on iOS and Android), with configurable protection levels from simply encrypted, device unlocked, user presence, to user presence proved with biometrics.
npm install capacitor-secure-credentials-plugin
npx cap sync
getCredential(...)
getUsernames(...)
removeCredential(...)
removeCredentials(...)
setCredential(...)
availableSecurityStrategies()
supportedBiometricSensors()
- Interfaces
- Type Aliases
- Enums
getCredential(options: { service: string; username: string; }) => Promise<Success<Credential> | Failure<SecureCredentialsError>>
Get a credential matching a service and username if one exists. The user may be challenged to authenticate this request every time it is called.
Param | Type |
---|---|
options |
{ service: string; username: string; } |
Returns: Promise<Success<Credential> | Failure<SecureCredentialsError>>
getUsernames(options: { service: string; }) => Promise<Success<string[]> | Failure<SecureCredentialsError>>
Get all usernames that have credentials stored for a service.
Param | Type |
---|---|
options |
{ service: string; } |
Returns: Promise<Failure<SecureCredentialsError> | Success<string[]>>
removeCredential(options: { service: string; username: string; }) => Promise<Success<boolean> | Failure<SecureCredentialsError>>
Remove a specific credential
Param | Type |
---|---|
options |
{ service: string; username: string; } |
Returns: Promise<Failure<SecureCredentialsError> | Success<boolean>>
removeCredentials(options: { service: string; }) => Promise<Success<boolean> | Failure<SecureCredentialsError>>
Remove all credentials belonging to a service
Param | Type |
---|---|
options |
{ service: string; } |
Returns: Promise<Failure<SecureCredentialsError> | Success<boolean>>
setCredential(options: { service: string; credential: Credential; options: CredentialOptions; }) => Promise<Success<boolean> | Failure<SecureCredentialsError>>
Set a credential into the secure store. This will overwrite any existing credential of the same service and username.
Param | Type |
---|---|
options |
{ service: string; credential: Credential; options: CredentialOptions; } |
Returns: Promise<Failure<SecureCredentialsError> | Success<boolean>>
availableSecurityStrategies() => Promise<Success<SecurityStrategy[]> | Failure<SecureCredentialsError>>
Returns the available strategies for storing credentials, sorted strongest to weakest.
Returns: Promise<Failure<SecureCredentialsError> | Success<SecurityStrategy[]>>
supportedBiometricSensors() => Promise<Success<BiometricSensors>>
Determine the device capabilities for biometric scanning features. A device may have any combination of sensors and the sensors available may change depending on whether a user has granted permission to inspect the device sensors or whether they are enrolled with those sensors. Not all devices advertise what sensors they have. The information gathered is not guaranteed to be 100% accurate.
Returns: Promise<Success<BiometricSensors>>
Prop | Type |
---|---|
success |
true |
result |
T |
Prop | Type |
---|---|
username |
string |
password |
string |
Prop | Type |
---|---|
success |
false |
error |
E |
Prop | Type |
---|---|
code |
SecurityErrorCode |
message |
string |
Prop | Type |
---|---|
strategy |
SecurityStrategyName |
Prop | Type |
---|---|
name |
SecurityStrategyName |
level |
SecurityLevel |
biometrics |
boolean |
Prop | Type |
---|---|
face |
boolean |
fingerprint |
boolean |
iris |
boolean |
Opaque<'SecurityStrategyName', string>
T & { TYPE: K }
Members | Value |
---|---|
FailedToAccess |
'failed to access' |
NoData |
'no data' |
Unknown |
'unknown' |
Unavailable |
'unavailable' |
Params |
'params' |
Members | Value | Description |
---|---|---|
L1_Encrypted |
1 |
The credential will be stored encrypted, but it can be accessed by the application while the device is locked. |
L2_DeviceUnlocked |
2 |
The credential will be stored encrypted, and it can only be accessed by the application when the device is unlocked. |
L3_UserPresence |
3 |
The credential will be stored encrypted, and it can only be accessed by the application after the OS confirms the user is present by means of a challenge. The OS may remember that the user is present for a configured period of time after a device PIN challenge. |