Titanium JIRA Archive
Appcelerator Modules (MOD)

[MOD-2485] Android: Ti.identity module throws error on below android API Level 23.

GitHub Issuen/a
TypeStory
PriorityNone
StatusClosed
ResolutionFixed
Resolution Date2020-01-14T22:35:49.000+0000
Affected Version/sn/a
Fix Version/sRelease 8.0.1
ComponentsIdentity
Labelsn/a
ReporterRiduanul Islam
AssigneeGary Mathews
Created2018-12-21T23:23:12.000+0000
Updated2020-01-15T10:52:11.000+0000

Description

Customer wants to use "ti.identity" module for access to Keystore. But the module will throw an error, if it's tested on android which is below API 23 and that device doesn't have a fingerprint scanner. *Error*:
[ERROR] :  TiExceptionHandler: (main) [48452,53831] ti.identity/bootstrap.js:39
[ERROR] :  TiExceptionHandler: return new module["KeychainItem"](arguments);
[ERROR] :  TiExceptionHandler:        ^
[ERROR] :  TiExceptionHandler: Error: android.content.Context.getSystemService
[ERROR] :  TiExceptionHandler: Error: No virtual method getSystemService
Test code
var win = Ti.UI.createWindow();
var btn = Ti.UI.createButton({
title : 'authenticate'
});
win.add(btn);
win.open();
btn.addEventListener('click', function() {
var Identity = require('ti.identity');
var keychainItem = Identity.createKeychainItem({
identifier : 'password'
});
});
The behavior only happens when they tested it on physical device & emulator which are below API level 23.

Comments

  1. Joshua Quick 2018-12-21

    [~gmathews], it's because our ti.identity module is calling Context.getSystemService(Class) by class (which is an API Level 23 method) instead of by name/string. [FingerPrintHelper.java#L55](https://github.com/appcelerator-modules/titanium-identity/blob/master/android/src/ti/identity/FingerPrintHelper.java#L55) [KeychainItemProxy.java#L114](https://github.com/appcelerator-modules/titanium-identity/blob/master/android/src/ti/identity/KeychainItemProxy.java#L114) [Context.html#getSystemService](https://developer.android.com/reference/android/content/Context.html#getSystemService(java.lang.Class)) We would have to do the following instead... context.getSystemService(Context.KEYGUARD_SERVICE); ...and... context.getSystemService(Context.FINGERPRINT_SERVICE); Although fingerprint support appears to be an API Level 23 and higher only feature. https://developer.android.com/reference/android/content/Context.html#FINGERPRINT_SERVICE
  2. Joshua Quick 2018-12-22

    Also note that fingerprint scanning is an Android 6.0 and higher only feature. So, we can't support that feature on older OS versions. However, I think the feature the app developer is after is "keychain" support.
  3. Sean Maraj 2018-12-22

    Yep, I would just like to use this module for iOS Keychain System and Android Keystore Provider so that I can store my user's credentials. I will not be using the fingerprint features. Thank you for looking into this!
  4. Joshua Quick 2018-12-22

    For everyone's info, the "ti.identity" module was originally a copy of our now deprecated "ti.touchid" module, which was limited to fingerprint scanning only. We made the new "ti.identity" module when Apple released "face-id" support. So, the history of the module on the Android side was that it was always limited to device's that supported fingerprint scanning. I don't think Titanium offers any other APIs that provide access to the keychain/keystore. So, I can understand the confusion. This is something we should definitely look into.
  5. Hans Knöchel 2018-12-22

    {quote}I don't think Titanium offers any other APIs that provide access to the keychain/keystore.{quote} It does, using the KeychainItem proxy - which works without fingerprints.
  6. Joshua Quick 2019-01-02

    The KeychainItem proxy is part of the "ti.identity" module. And that module is currently limited to Android 6.0 and above. That's the issue. (I'm not saying it should be this way or not, but that's the module's legacy.) [~hknoechel], perhaps I'm misunderstanding? Are you aware of another API outside of this module?
  7. Hans Knöchel 2019-01-02

    The authenticate method is used for fingerprints, the keychain item proxy for sensitive data. If keychains work Android 6+ only then that is another issue, since it should work on Android 4.3+: {quote} The Keystore system is used by the KeyChain API as well as the Android Keystore provider feature that was introduced in Android 4.3 (API level 18). This document goes over when and how to use the Android Keystore provider. {quote} Ref: https://developer.android.com/training/articles/keystore I hope someone looks at MOD-2468 as well btw, it's been inactive since months and blocking us since then.
  8. Joshua Quick 2019-01-03

    My point is that the "ti.identity" module currently requires user authentication (such as via a fingerprint) to write to the keychain to do what's documented below. The module was only written to make authentication optional for Android 6.0 and above. That is its legacy design back when it was called "ti.touchid". (A touch-id module requiring touch support to function made sense at the time.) https://developer.android.com/training/articles/keystore#UserAuthentication We can change the design. I'm not disputing that. I'm just stating what it's "currently" designed for. Changing the module to support older OS versions would mean adding API Level guards throughout the code (some are already there; but it's missing in several other places). I'm fine with this. But... if the app developer isn't interested in the "identity" part of the "ti.identity" module, then perhaps the keychain API shouldn't solely belong to this module... and that might be the root problem here. _*Edit:*_ _In hindsight, perhaps the "ti.identity" module should have been named "ti.security" since keychain access doesn't have to be related to touch-id or face-id. We're not going to rename the module. I just don't like that we've trapped a keychain API within a seemingly unrelated module. That's the point I was making._

JSON Source