Biometric
Prompt the user for biometric authentication on Android and iOS.
Supported Platforms
This plugin requires a Rust version of at least 1.77.2
| Platform | Level | Notes |
|---|---|---|
| windows | | |
| linux | | |
| macos | | |
| android | ||
| ios |
Setup
Install the biometric plugin to get started.
Use your project’s package manager to add the dependency:
npm run tauri add biometricyarn run tauri add biometricpnpm tauri add biometricdeno task tauri add biometricbun tauri add biometriccargo tauri add biometric-
Run the following command in the
src-taurifolder to add the plugin to the project’s dependencies inCargo.toml:cargo add tauri-plugin-biometric --target 'cfg(any(target_os = "android", target_os = "ios"))' -
Modify
lib.rsto initialize the plugin:src-tauri/src/lib.rs #[cfg_attr(mobile, tauri::mobile_entry_point)]pub fn run() {tauri::Builder::default().setup(|app| {#[cfg(mobile)]app.handle().plugin(tauri_plugin_biometric::Builder::new().build());Ok(())}).run(tauri::generate_context!()).expect("error while running tauri application");} -
Install the JavaScript Guest bindings using your preferred JavaScript package manager:
npm install @tauri-apps/plugin-biometricyarn add @tauri-apps/plugin-biometricpnpm add @tauri-apps/plugin-biometricdeno add npm:@tauri-apps/plugin-biometricbun add @tauri-apps/plugin-biometric
Configuration
On iOS the biometric plugin requires the NSFaceIDUsageDescription information property list value, which should describe why your app needs to use biometric authentication.
In the src-tauri/Info.ios.plist file, add the following snippet:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"> <dict> <key>NSFaceIDUsageDescription</key> <string>Authenticate with biometric</string> </dict></plist>Usage
This plugin enables you to verify the availability of Biometric Authentication on a device, prompt the user for biometric authentication, and check the result to determine if the authentication was successful or not. On Android, it also allows you to encrypt/decrypt data using assymmetric keys that can be accessed only if the user authenticates using their registered biometric authentication method.
Check Status
You can check the status of Biometric Authentication, including its availability and the types of biometric authentication methods supported.
import { checkStatus } from '@tauri-apps/plugin-biometric';
const status = await checkStatus();if (status.isAvailable) { console.log('Yes! Biometric Authentication is available');} else { console.log( 'No! Biometric Authentication is not available due to ' + status.error );}use tauri_plugin_biometric::BiometricExt;
fn check_biometric(app_handle: tauri::AppHandle) { let status = app_handle.biometric().status().unwrap(); if status.is_available { println!("Yes! Biometric Authentication is available"); } else { println!("No! Biometric Authentication is not available due to: {}", status.error.unwrap()); }}Authenticate
To prompt the user for Biometric Authentication, utilize the authenticate() method.
import { authenticate } from '@tauri-apps/plugin-biometric';
const options = { // Set true if you want the user to be able to authenticate using phone password allowDeviceCredential: false, cancelTitle: "Feature won't work if Canceled",
// iOS only feature fallbackTitle: 'Sorry, authentication failed',
// Android only features title: 'Tauri feature', subtitle: 'Authenticate to access the locked Tauri function', confirmationRequired: true,};
try { await authenticate('This feature is locked', options); console.log( 'Hooray! Successfully Authenticated! We can now perform the locked Tauri function!' );} catch (err) { console.log('Oh no! Authentication failed because ' + err.message);}use tauri_plugin_biometric::{BiometricExt, AuthOptions};
fn bio_auth(app_handle: tauri::AppHandle) {
let options = AuthOptions { // Set True if you want the user to be able to authenticate using phone password allow_device_credential:false, cancel_title: Some("Feature won't work if Canceled".to_string()),
// iOS only feature fallback_title: Some("Sorry, authentication failed".to_string()),
// Android only features title: Some("Tauri feature".to_string()), subtitle: Some("Authenticate to access the locked Tauri function".to_string()), confirmation_required: Some(true), };
// if the authentication was successful, the function returns Result::Ok() // otherwise returns Result::Error() match app_handle.biometric().authenticate("This feature is locked".to_string(), options) { Ok(_) => { println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!"); } Err(e) => { println!("Oh no! Authentication failed because : {e}"); } }}Biometric protected cryptography
To encrypt/decrypt data using an asymmetric cryptography method that is protected behind the user Biometric Authentication, utilize the biometricCipher() method.
import { biometricCipher } from '@tauri-apps/plugin-biometric';
// Encrypts dataconst encryptOptions = { // ... other options dataToEncrypt: getOriginalData(),};
try { const encrypted = await biometricCipher( 'Passwordless authentication', encryptOptions ); console.log( 'Hooray! Successfully encrypted data! We can now store it to decrypt later, when needed' );} catch (err) { console.log('Oh no! Authentication failed because ' + err.message);}
// Decrypts data back to the originalconst decryptOptions = { // ... other options dataToDecrypt: encrypted.data,};
try { const original = await biometricCipher( 'Passwordless authentication', decryptOptions ); console.log( 'Hooray! Successfully decrypted data after the user authenticated with their biometric method.' ); const valid = originalData() == dataToDecrypt.data;} catch (err) { console.log('Oh no! Authentication failed because ' + err.message);}use tauri_plugin_biometric::{BiometricExt, AuthOptions};
fn bio_cipher(app_handle: tauri::AppHandle, original_data: Option<String>) {
let encrypt_options = AuthOptions { // ... other options data_to_encrypt: original_data.unwrap() };
// if the encryption was successful, the function returns Result::Ok(CipherResult) // otherwise returns Result::Error() match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), encrypt_options) { Ok(encrypted) => { println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!"); } Err(e) => { println!("Oh no! Authentication failed because : {e}"); } }
let decrypt_options = AuthOptions { // ... other options data_to_decrypt: encrypted.data };
// if the encryption was successful, the function returns Result::Ok(CipherResult) // otherwise returns Result::Error() match app_handle.biometric().biometric_cipher("Passwordless authentication".to_string(), decrypt_options) { Ok(decrypted) => { println!("Hooray! Successfully Authenticated! We can now perform the locked Tauri function!"); } Err(e) => { println!("Oh no! Authentication failed because : {e}"); } }
assert_equal!(decrypted.data, original_data.unwrap());
}Permissions
By default all potentially dangerous plugin commands and scopes are blocked and cannot be accessed. You must modify the permissions in your capabilities configuration to enable these.
See the Capabilities Overview for more information and the step by step guide to use plugin permissions.
{ "$schema": "../gen/schemas/desktop-schema.json", "identifier": "main-capability", "description": "Capability for the main window", "windows": ["main"], "permissions": ["biometric:default"]}Default Permission
This permission set configures which biometric features are by default exposed.
Granted Permissions
It allows acccess to all biometric commands.
allow-authenticateallow-status
Permission Table
| Identifier | Description |
|---|---|
|
|
Enables the authenticate command without any pre-configured scope. |
|
|
Denies the authenticate command without any pre-configured scope. |
|
|
Enables the status command without any pre-configured scope. |
|
|
Denies the status command without any pre-configured scope. |
© 2025 Tauri Contributors. CC-BY / MIT