docs(biometrics): update (#438)

Author: Ombuweb

packages/biometrics/README.md

@@ -1,5 +1,28 @@
 # @nativescript/biometrics
 
+## Contents
+* [Intro](#intro)
+* [Installation](#installation)
+* [Use @nativescript/biometrics](#use-nativescriptbiometrics)
+	* [Check if the device supports biometrics authentification](#check-if-the-device-supports-biometrics-authentification)
+	* [Biometrics authentification support on Android](#biometrics-authentification-support-on-android)
+	* [Face ID authentification support on iOS](#face-id-authentification-support-on-ios)
+	* [Verify user biometrics](#verify-user-biometrics)
+* [API](#api)
+	* [BiometricAuth class](#biometricauth-class)
+	* [BiometricIDAvailableResult interface](#biometricidavailableresult-interface)
+	* [IOSOptions interface](#iosoptions-interface)
+	* [Android interface](#androidoptions-interface)
+	* [BiometricResult interface](#biometricresult-interface)
+	* [ERROR_CODES Enum](#error_codes-enum)
+* [License](#license)
+
+## Intro
+A plugin that allows you to authenticate users with biometrics, such as fingerprints, facial recognition, etc. 
+
+> **Note**
+This plugin replaces [@nativescript/fingerprint-auth](../fingerprint-auth).
+
 ## Installation
 
 ```cli
@@ -8,54 +31,50 @@ npm install @nativescript/biometrics
 > **Note**
 This plugin replaces [@nativescript/fingerprint-auth](../fingerprint-auth).
 
+## Use the @nativescript/biometrics plugin
+
+### Check if the device supports biometrics authentification
 
-## Usage
+To check if the device supports biometrics authentication, call the `available()` method on a `BiometricAuth` instance.
 
-### Importing
-To use the plugin, you should first import it.
 ```ts
 import { BiometricAuth, BiometricIDAvailableResult } from "@nativescript/biometrics";
 
-```
-### Checking for support
-
-To check if the device supports biometrics authentication, call the `available()` method.
-
-```js
 var biometricAuth = new BiometricAuth();
 
-biometricAuth.available().then(function (avail) {
-	console.log('Available? ' + avail);
+biometricAuth.available().then((result: BiometricIDAvailableResult) => {
+console.log(`Biometric ID available? ${result.any}`);
+console.log(`Touch? ${result.touch}`);
+console.log(`Face? ${result.face}`);
+console.log(`Biometrics? ${result.biometrics}`);
+
 });
+
 ```
-```typescript
-class MyClass {
-  private biometricAuth: BiometricAuth;
-
-  constructor() {
-    this.biometricAuth = new BiometricAuth();
-	
-	this.biometricAuth.available().then((result: BiometricIDAvailableResult) => {
-    console.log(`Biometric ID available? ${result.any}`);
-    console.log(`Touch? ${result.touch}`);
-    console.log(`Face? ${result.face}`);
-	console.log(`Biometrics? ${result.biometrics}`);
-  });
-  }
-
-  
-}
+
+#### Biometrics authentification support on Android
+
+- It's only supported on `API 23+`. 
+- In some devices, the OS does not consider face recognition secure enough and as a result, your app cannot use it for biometric authentication. 
+This is the case with many Samsung devices. For example, Samsung Galaxy S10 ha Consequently, if the device has Face Recognition enabled and face scan saved, `available()` returns `{ any: true, biometrics: false }`. 
+
+#### Face ID authentification support on iOS
+
+- It is only supported in iOS 11+.
+
+- To allow Face ID support in your app, provide the reason of supporting it as the value of the `NSFaceIDUsageDescription` key in the `app/App_Resources/ios/Info.plist` file:
+
+```xml
+<key>NSFaceIDUsageDescription</key>
+<string>For easy authentication with our app.</string>
 ```
-> **Note: Android** 
-It's only supported on `API 23+`. <br> <br>In some devices, face recognition isn't considered secure enough by the system to be used as biometric authentication,therefore it cannot be used for biometric authentication. This is decided by the device itself.
-This is the case in many Samsung devices. For example, Samsung Galaxy S10 has both fingerprint scanner and face recognition but only fingerprints are accepted as biometric authentication. <br> <br>So what happens is: <br>- If the device has Face Recognition enabled and face scan saved,calling `available()` returns `{ any: true, biometrics: false }`. You might expect the device to show Face Recognition when you call `verifyBiometric()` but Samsung does not consider Face Recognition secure on this device so you'll never be prompted. <br>- If you enroll a fingerprint in the Touch Recognition and call the `verifyBiometric()` method, the user will be prompted for the fingerprint scan.
+- On a simulator, to enroll a face and test Face ID authentification, use the `Features->Face ID` menu items.
 
-### Verifying a user's biometric
+### Verify user biometrics
 
-To verify a user's biometric, call the `verifyBiometric()` method.
+To verify user biometrics, call the `verifyBiometric()` method and pass it a [VerifyBiometricOptions](#verifybiometricoptions) object.
 
 > **Note: iOS** 
-Use `Features->Face ID` menu items to enroll a face and signal a successs/failure to recognize a face.
 `verifyBiometric()` will fail on IOS simulator unless the `pinfallBack` option is used.
 
 ```typescript
@@ -74,22 +93,14 @@ biometricAuth
 	.catch((err) => console.log(`Biometric ID NOT OK: ${JSON.stringify(err)}`));
 ```
 
-### Requirements for Face ID Auth (iOS)
 
-Support for Face ID was added in iOS 11+. To allow Face ID support in your app, you need to state the reason for it by adding the value for the `NSFaceIDUsageDescription` key to the `app/App_Resources/ios/Info.plist` file:
+### Detect change in enrolled fingerprints (iOS)
 
-```xml
-<key>NSFaceIDUsageDescription</key>
-<string>For easy authentication with our app.</string>
-```
-
-### Detecting change in enrolled fingerprints (iOS)
+For iOS 9+ you can check if enrolled fingerprints have changed since
+the last time you checked it. It's recommended you add this check to counter hacker attacks
+on your app. For more details, see [this article](https://www.linkedin.com/pulse/fingerprint-trojan-per-thorsheim/).
 
-Since iOS 9 you can check if there is a change in enrolled fingerprints since
-the last time you checked it. It's recommended you add this check so you can counter hacker attacks
-to your app. See [this article](https://www.linkedin.com/pulse/fingerprint-trojan-per-thorsheim/) for more details.
-
-To check if there is a change in enrolled fingerprints, call the `didBiometricDatabaseChange()` method. If it returns `true`, you probably want to re-authenticate your user
+To check if enrolled fingerprints have changed, call the `didBiometricDatabaseChange()` method. If it returns `true`, you probably want to re-authenticate your user
 before accepting valid fingerprints again.
 
 ```typescript
@@ -109,19 +120,24 @@ biometricAuth.available().then((avail) => {
 
 ## Biometrics and cryptography
 
-### Normal operation
+To combine biometrics authentification with cryptography, for more secure data protection, set the `secret` and `keyName` options when you call `verifyBiometric()`.
+
+If you do not pass the `pinFallback` or `keyName` options to the `verifyBiometric()` method, the plugin will automatically:
+1. create a secure key
+2. prompts the user to authenticate for a face/fingerprint
+3. attempts to use the key to encrypt some text. 
 
-If you do not pass the `pinFallback` or `keyName` options to the `verifyBiometric()` method, then the plugin will create a secure key, call the authorization methods to trigger face/fingerprint and then attempt to use the key to encrypt some text. The idea being that the key will not be accessible unless the user has successfully authenticated.
+That automatic key generation, however, is not foolproof.
 
-This ,however, is not foolproof and the most secure method is to pass the `secret` and `keyName`options to encrypt/decrypt text.
 
-### Encrypting/Decrypting with Authentication
+### Encrypting/Decrypting with biometrics authentication
 
 The best practice is to use the options to encrypt some secret that is validated independently.
 
 #### Encrypting your secret
 
-To encrypt a secret key name, pass the `secret` and `keyName`options to the `verifyBiometric()` method. 
+
+To encrypt some sensitive string, pass the `secret` and `keyName`options to the `verifyBiometric()` method. Set the sensitive string as the `secret` property's value and the name of the key to access that secret as the value of the `keyName` property.
 
 ```typescript
 biometricAuth
@@ -141,7 +157,7 @@ biometricAuth
     	.catch((err) => this.set('status', `Biometric ID NOT OK: " + ${JSON.stringify(err)}`));
 ```
 
-For Android the encrypted result and vector would then be stored in your app and used the next time when signing in the user by calling `verifyBiometric()` again:
+For Android, the encrypted and initialization vector is then stored in your app and used each time when signing in the user with `verifyBiometric()`:
 
 ####  Decrypting your secret
 
@@ -165,9 +181,10 @@ biometricAuth
     	.catch((err) => this.set('status', `Biometric ID NOT OK: " + ${JSON.stringify(err)}`));
 ```
 
-### Fallback to Pin
+#### Fallback to Pin
+
+To allow biometrics authentification to fallback on lock screen credentials, set `pinFallback` to `true`. Note that thissetting also disables cryptography.
 
-To allow the user to fallback on lock screen credentials, set `pinFallback` to `true`. This also disables cryptography.
 
 ```typescript
 biometricAuth
@@ -187,23 +204,26 @@ biometricAuth
 ## API
 
 ### BiometricAuth Class
+
 | Name | Return Type | Description|
 |-----|-------|-----------|
 |`available()`|`Promise<BiometricIDAvailableResult>`| Checks if biometric authentification is supported on the device. See [BiometricIDAvailableResult](#biometricidavailableresult) for more details.|
 | `didBiometricDatabaseChange(options?: VerifyBiometricOptions)`|`Promise<boolean>` | Checks if there is a change in a biometric of the user.|
 | `verifyBiometric(options: VerifyBiometricOptions)`|`Promise<BiometricResult>`| Verifies the biometrics auth using the specified [VerifyBiometricOptions](#verifybiometricoptions) object. |
-| `close()` | `void`| Closes Face/Fingerprint prompt. Will not do anything on Android if `pinFallBack` is `true`.|
+| `close()` | `void`| Closes Face/Fingerprint prompt. If `pinFallBack` is `true`, `close()` does not have effect on Android.|
 | `deleteKey(keyName?: string)`|`void`| Deletes the specified key. |
 
-### BiometricIDAvailableResult
+### BiometricIDAvailableResult interface
+
 | Name | Type| Description|
 |------|-----|------------|
 | `any`| `boolean`| `true` if no biometric authentification is available on android but device has pin/pattern/password set.|
 | `touch`| `boolean`| _Optional_: `iOS only`|
 | `face`| `boolean`| _Optional_: `iOS only`|
 | `biometrics` | `boolean` | _Optional_: (`Android only`) indicates if Face/Fingerprint is available.|
 
-### VerifyBiometricOptions
+### VerifyBiometricOptions interface
+
 | Name | Type| Description|
 |------|-----|------------|
 | `title`| `string`| _Optional_: (`Android only`)The title for the the fingerprint screen. Defaults to whatever the device default is.|
@@ -216,21 +236,25 @@ biometricAuth
 | `android` | [AndroidOptions](#androidoptions) | _Optional_: Android-specific options. |
 | `ios`| [IOSOptions](#iosoptions) | _Optional_: iOS-specific options. |
 
-### IOSOptions
+### IOSOptions interface
+
 | Name | Type| Description|
 |------|-----|------------|
 | `customFallback` | `boolean` | _Optional_: Indicates whether to allow a custom fallback from biometrics.|
 | `fetchSecret` | `boolean` | _Optional_: Indicates whether to attempt to fetch secret from the specified key.|
 
-### AndroidOptions
+### AndroidOptions interface
+
 | Name | Type| Description|
 |------|-----|------------|
 | `decryptText` | `string`|  If set and `pinFallback` is `true`, and `keyName` is set then this string will be decrypted via the Biometric controlled Key. |
  If set and pinFallback is true, and keyName is set then this string will be decrypted via the Biometric controlled Key.|
 | `iv`| `string` | _Optional_: Retrieved from the result of an encryption. |
 | `validityDuration` | `number` | _Optional_: The period, in seconds, for which operations on the key are valid without triggering a biometric prompt.|
 
-### BiometricResult
+
+### BiometricResult interface
+
 | Name | Type| Description|
 |------|-----|------------|
 |`code`| [ERROR_CODES](#error_codes-enum) |