invalidateOnNewOsBiometrics abstract method

Specifies whether the authenticator must be invalidated if the user changes biometric credentials in the OS settings.

If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCodeType.keyDisappearedPermanently will be returned by the authentication operation.

This setting only applies to biometric Aaid.biometric and fingerprint Aaid.fingerprint authenticators.

By setting this parameter to true, you increase the security but there is a loss of convenience: changing biometric credentials in the OS settings does not necessarily imply that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

Note that on Android if the device supports Class 2 sensors, and if Class 2 sensors are allowed (see allowClass2AndroidSensors), the value set in this method will be ignored and the authenticator will not be invalidated if the user changes biometric credentials in the OS settings.

If not specified, the authenticator will be invalidated when the user changes biometric credentials in the OS settings.

This setting and allowDevicePasscodeAsFallback cannot be enabled together.

IMPORTANT
On Android removing biometric credentials does not invalidate other existing credentials as opposed to iOS where removal also leads to invalidation.

Params:

• invalidateOnNewOsBiometrics: indicates whether changing biometric credentials in the OS should invalidate this authenticator.

Returns: a Registration object.