feat: adds an ios.requireBiometrics config flag

[ronickg]

This PR allows one to disable the need for requiring biometrics on iOS, thanks to the work from https://github.com/lucasloisp in the #43

I tried forking the repo and merging, but found it easier to use the latest version and include the changes from there. Ideally, credit for the work should go to @lucasloisp. Or maybe he can update his PR.

Summary by CodeRabbit

• New Features

  • Added a configurable iOS biometric requirement for passkey create/get operations (defaults to enabled).
  • Added a get() method to perform passkey-based authentication.

• Bug Fixes

  • More reliable biometric availability checks on iOS to reduce false negatives.
  • Improved type-safety for WebAuthn extension handling.

[coderabbitai]

Walkthrough

Adds an optional requireBiometrics flag to passkey create/get flows and propagates it through TypeScript public APIs to the iOS native module; iOS availability checks now choose LAContext policies and validate them via canEvaluatePolicy.

Changes

Cohort / File(s)	Summary
iOS native changes ios/ReactNativePasskeysModule.swift	get and create async functions now accept requireBiometrics: Bool. isAvailable(requireBiometrics: Bool = true) added — selects .deviceOwnerAuthenticationWithBiometrics or .deviceOwnerAuthentication, uses LAContext and canEvaluatePolicy(), and throws BiometricException on failure. LAContext extension biometric type logic adjusted.
TypeScript public API src/index.ts, src/ReactNativePasskeysModule.ts	Public create signature extended to accept options/requireBiometrics (defaults to true on iOS). New/updated get method added to surface biometric requirement. Platform branching ensures the flag is only passed to iOS native module. New interfaces: PasskeysConfig, PasskeysCreateOptions, PasskeysGetOptions.
Web/type-safety tweaks src/ReactNativePasskeysModule.web.ts, src/utils/warn-user-of-missing-webauthn-extensions.ts	Minor import reorder and explicit parenthesized indexing (clientExtensionResults)[key] / cast to preserve TypeScript indexing semantics without runtime change.

Sequence Diagram(s)

sequenceDiagram
    participant App
    participant TS_Module as "TS Module"
    participant RN_Native as "iOS Native Module"
    participant LAContext
    participant BiometricSystem

    App->>TS_Module: create/get(request, requireBiometrics?)
    TS_Module->>RN_Native: call native create/get(with flag on iOS)
    RN_Native->>LAContext: build LAContext and choose policy
    alt requireBiometrics = true
        RN_Native->>LAContext: deviceOwnerAuthenticationWithBiometrics
    else
        RN_Native->>LAContext: deviceOwnerAuthentication
    end
    RN_Native->>LAContext: canEvaluatePolicy()
    LAContext->>BiometricSystem: check hardware/credentials
    alt policy evaluable
        BiometricSystem-->>LAContext: success
        LAContext-->>RN_Native: ok
        RN_Native-->>TS_Module: proceed with auth flow / result
        TS_Module-->>App: success response
    else
        BiometricSystem-->>LAContext: failure
        LAContext-->>RN_Native: BiometricException
        RN_Native-->>TS_Module: error
        TS_Module-->>App: error
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Review iOS LAContext policy selection and error paths in ios/ReactNativePasskeysModule.swift.
• Verify TS -> native bridging and platform branching in src/ReactNativePasskeysModule.ts and src/index.ts.
• Confirm default behavior (requireBiometrics defaults to true) and backward compatibility.

Possibly related issues

• Relax policy requirements on iOS to deviceOwnerAuthentication #36 — This PR implements a configurable requireBiometrics flag and switches isAvailable() to select between .deviceOwnerAuthenticationWithBiometrics and .deviceOwnerAuthentication, matching the issue request.

Poem

🐰 I hopped through code to nudge a key,
A choice for touch or simply "it's me."
LAContext checks the door,
Biometrics or device — hop once more! 🥕🔐

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main feature introduced: adding an ios.requireBiometrics config flag to control biometric requirements on iOS.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d8d5809 and 14a8187.

📒 Files selected for processing (2)

• src/ReactNativePasskeysModule.web.ts (2 hunks)
• src/utils/warn-user-of-missing-webauthn-extensions.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/ReactNativePasskeysModule.web.ts

🔇 Additional comments (1)

src/utils/warn-user-of-missing-webauthn-extensions.ts (1)

15-15: LGTM!

The added parentheses around clientExtensionResults preserve the exact runtime behavior while making the type access more explicit. This is a harmless syntactic adjustment.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example:

"Create a concise high-level summary as a bullet-point list. Then include a Markdown table showing lines added and removed by each contributing author."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 12f498a and d8d5809.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• ios/ReactNativePasskeysModule.swift (4 hunks)
• src/ReactNativePasskeysModule.ts (3 hunks)
• src/ReactNativePasskeysModule.web.ts (1 hunks)
• src/index.ts (3 hunks)
• src/utils/warn-user-of-missing-webauthn-extensions.ts (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

src/index.ts (1)

src/ReactNativePasskeys.types.ts (2)

• CreationResponse (245-258)
• AuthenticationResponseJSON (96-103)

src/ReactNativePasskeysModule.ts (2)

src/ReactNativePasskeys.types.ts (4)

• PublicKeyCredentialCreationOptionsJSON (51-61)
• CreationResponse (245-258)
• PublicKeyCredentialRequestOptionsJSON (66-73)
• AuthenticationResponseJSON (96-103)

src/errors.ts (1)

• NotSupportedError (16-20)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Call the support check

isSupported is a function. Without invoking it, this guard is always truthy and NotSupportedError will never surface; the code falls straight through to the native call even on unsupported platforms (which can surface unrelated native errors). Please invoke the check before continuing.

- if (!this.isSupported) throw new NotSupportedError();
+ if (!this.isSupported()) throw new NotSupportedError();

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (!this.isSupported) throw new NotSupportedError();
	const credential = await passkeys.create(request);
	const credential =
	if (!this.isSupported()) throw new NotSupportedError();
	const credential =

🤖 Prompt for AI Agents

In src/ReactNativePasskeysModule.ts around lines 22 to 24, the support guard
currently references isSupported as a value; change it to invoke the function
and throw when it indicates unsupported. Call isSupported() and if it returns a
Promise, await it (e.g., await this.isSupported()); then use the boolean result
in the if-check and throw NotSupportedError when false so native calls are only
made on supported platforms.

[lucasloisp]

@ronickg you're fine! Thanks for picking this up and rebasing 🎉

[lucasloisp]

LGTM! Do believe we need a changeset file here!

[lucasloisp]

Curious why this change was needed!

[ronickg]

@lucasloisp Ah my ts was showing up with errors here for some reason. I can revert it.

[lucasloisp]

Same Q