Add a setting to allow biometric-only access on IOS.

lib/src/biometric_storage.dart

@@ -83,6 +83,7 @@ class StorageFileInitOptions {
     this.authenticationValidityDurationSeconds = -1,
     this.authenticationRequired = true,
     this.androidBiometricOnly = true,
+    this.iosBiometricOnly = false,
   });
 
   final int authenticationValidityDurationSeconds;
@@ -102,12 +103,17 @@ class StorageFileInitOptions {
   /// https://github.com/authpass/biometric_storage/issues/12#issuecomment-902508609
   final bool androidBiometricOnly;
 
+  /// Only makes difference on iOS, where if set true, you can't use
+  /// passcode to get the file.
+  final bool iosBiometricOnly;
+
   Map<String, dynamic> toJson() => <String, dynamic>{
         'authenticationValidityDurationSeconds':
             authenticationValidityDurationSeconds,
         'authenticationRequired': authenticationRequired,
         'androidBiometricOnly': androidBiometricOnly,
-      };
+        'iosBiometricOnly': iosBiometricOnly,
+  };
 }
 
 /// Android specific configuration of the prompt displayed for biometry.

macos/Classes/BiometricStorageImpl.swift

@@ -16,9 +16,11 @@ class InitOptions {
   init(params: [String: Any]) {
     authenticationValidityDurationSeconds = params["authenticationValidityDurationSeconds"] as? Int
     authenticationRequired = params["authenticationRequired"] as? Bool
+    iosBiometricOnly = params["iosBiometricOnly"] as? Bool
   }
   let authenticationValidityDurationSeconds: Int!
   let authenticationRequired: Bool!
+  let iosBiometricOnly: Bool!
 }
 
 class IOSPromptInfo {
@@ -35,12 +37,12 @@ private func hpdebug(_ message: String) {
 }
 
 class BiometricStorageImpl {
-  
+
   init(storageError: @escaping StorageError, storageMethodNotImplemented: Any) {
     self.storageError = storageError
     self.storageMethodNotImplemented = storageMethodNotImplemented
   }
-  
+
   private var stores: [String: InitOptions] = [:]
   private let storageError: StorageError
   private let storageMethodNotImplemented: Any
@@ -56,7 +58,7 @@ class BiometricStorageImpl {
   }
 
   public func handle(_ call: StorageMethodCall, result: @escaping StorageCallback) {
-    
+
     func requiredArg<T>(_ name: String, _ cb: (T) -> Void) {
       guard let args = call.arguments as? Dictionary<String, Any> else {
         result(storageError(code: "InvalidArguments", message: "Invalid arguments \(String(describing: call.arguments))", details: nil))
@@ -175,9 +177,17 @@ class BiometricStorageImpl {
           hpdebug("Pre OSX 10.12 no touchIDAuthenticationAllowableReuseDuration available. ignoring.")
         }
       }
+      var flag = SecAccessControlCreateFlags.userPresence
+      if initOptions.iosBiometricOnly {
+        if #available(iOS 11.3, *) {
+          flag = SecAccessControlCreateFlags.biometryCurrentSet
+        } else {
+          flag = SecAccessControlCreateFlags.touchIDCurrentSet
+        }
+      }
       let access = SecAccessControlCreateWithFlags(nil, // Use the default allocator.
         kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
-        .userPresence,
+        flag,
         nil) // Ignore any error.
       query.merge([
         kSecUseAuthenticationContext as String: context,