DEV Community: Shahul Hameed The latest articles on DEV Community by Shahul Hameed (@shahul_hameed_ac3daac4fc7). https://dev.to/shahul_hameed_ac3daac4fc7 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3925449%2F77b1e757-b62f-4c8e-bae8-66eb886f6a96.png DEV Community: Shahul Hameed https://dev.to/shahul_hameed_ac3daac4fc7 en biometric_guard: The Best Flutter Package for Biometric Authentication with Session Management (Android & iOS) Shahul Hameed Mon, 11 May 2026 17:08:40 +0000 https://dev.to/shahul_hameed_ac3daac4fc7/biometricguard-the-best-flutter-package-for-biometric-authentication-with-session-management-dop https://dev.to/shahul_hameed_ac3daac4fc7/biometricguard-the-best-flutter-package-for-biometric-authentication-with-session-management-dop <p>A complete guide to <code>biometric_guard</code> — a Flutter package for biometric and device-credential authentication with built-in session management, widget guards, route guards, reactive UI state, and lifecycle-safe background/foreground handling.</p> <h2> What Is biometric_guard? </h2> <p>If you've ever used Flutter biometric authentication, you've probably come across <code>local_auth</code>.</p> <p>While <code>local_auth</code> provides the core <code>authenticate()</code> API, developers still need to build:</p> <ul> <li>Session timeout handling</li> <li>Route protection</li> <li>Widget-level guards</li> <li>Background/foreground lifecycle handling</li> <li>Reactive UI updates</li> <li>Testing utilities</li> </ul> <p><code>biometric_guard</code> brings all of these features together in one clean and easy-to-use API.</p> <h2> Why Use biometric_guard? </h2> <h3> Key Features </h3> <ul> <li>Session timeout support</li> <li> <code>BiometricGuard</code> for widget-level protection</li> <li> <code>BiometricRoute</code> for route-level authentication</li> <li> <code>SessionStateBuilder</code> for reactive UI</li> <li>Fingerprint, Face ID, Touch ID, and device credentials</li> <li>Resume authentication when returning from background</li> <li>Biometric-only mode</li> <li>Strongly typed <code>AuthResult</code> </li> <li>Testing support</li> </ul> <h2> Platform Support </h2> <p><strong>Android</strong></p> <ul> <li>Minimum Version: API 23 (Android 6.0)</li> <li>Supports Fingerprint Authentication</li> <li>Supports Face Authentication</li> <li>Supports PIN / Device Credentials</li> <li>Supports Resume on Foreground</li> </ul> <p><strong>iOS</strong></p> <ul> <li>Minimum Version: iOS 13.0</li> <li>Supports Touch ID</li> <li>Supports Face ID</li> <li>Supports Passcode Authentication</li> <li>Supports Resume on Foreground</li> </ul> <h2> Installation </h2> <p>Add the package to your <code>pubspec.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">dependencies</span><span class="pi">:</span> <span class="na">biometric_guard</span><span class="pi">:</span> <span class="s">^1.0.4</span> </code></pre> </div> <p>Then run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>flutter pub get </code></pre> </div> <h1> Android Setup </h1> <h2> 1. Change MainActivity Base Class </h2> <p>Open:</p> <p><code>android/app/src/main/kotlin/.../MainActivity.kt</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight kotlin"><code><span class="c1">// Before</span> <span class="k">import</span> <span class="nn">io.flutter.embedding.android.FlutterActivity</span> <span class="kd">class</span> <span class="nc">MainActivity</span> <span class="p">:</span> <span class="nc">FlutterActivity</span><span class="p">()</span> <span class="c1">// After</span> <span class="k">import</span> <span class="nn">io.flutter.embedding.android.FlutterFragmentActivity</span> <span class="kd">class</span> <span class="nc">MainActivity</span> <span class="p">:</span> <span class="nc">FlutterFragmentActivity</span><span class="p">()</span> </code></pre> </div> <blockquote> <p>Without this change, authentication will fail with <code>AuthResultCode.notFragmentActivity</code>.</p> </blockquote> <h2> 2. Add Permissions </h2> <p>In <code>AndroidManifest.xml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;uses-permission</span> <span class="na">android:name=</span><span class="s">"android.permission.USE_BIOMETRIC"</span> <span class="nt">/&gt;</span> <span class="nt">&lt;uses-permission</span> <span class="na">android:name=</span><span class="s">"android.permission.USE_FINGERPRINT"</span> <span class="nt">/&gt;</span> </code></pre> </div> <h2> 3. Set Minimum SDK </h2> <p>In <code>build.gradle</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight gradle"><code><span class="n">android</span> <span class="o">{</span> <span class="n">defaultConfig</span> <span class="o">{</span> <span class="n">minSdkVersion</span> <span class="mi">23</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h1> iOS Setup </h1> <h2> 1. Add Face ID Usage Description </h2> <p>In <code>ios/Runner/Info.plist</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="nt">&lt;key&gt;</span>NSFaceIDUsageDescription<span class="nt">&lt;/key&gt;</span> <span class="nt">&lt;string&gt;</span>We use Face ID to verify your identity.<span class="nt">&lt;/string&gt;</span> </code></pre> </div> <h2> 2. Set Minimum Deployment Target </h2> <p>In <code>Podfile</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">platform</span> <span class="ss">:ios</span><span class="p">,</span> <span class="s1">'13.0'</span> </code></pre> </div> <h1> Quick Start </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="kn">import</span> <span class="s">'package:biometric_guard/biometric_guard.dart'</span><span class="o">;</span> <span class="kd">final</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">BiometricSessionManager</span><span class="o">.</span><span class="na">instance</span><span class="o">.</span><span class="na">authenticate</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">secure</span><span class="p">,</span> <span class="p">);</span> <span class="k">if</span> <span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="na">isSuccess</span><span class="p">)</span> <span class="p">{</span> <span class="n">print</span><span class="p">(</span><span class="s">'Authenticated successfully'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="na">isCanceled</span><span class="p">)</span> <span class="p">{</span> <span class="n">print</span><span class="p">(</span><span class="s">'User cancelled'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="na">isLockedOut</span><span class="p">)</span> <span class="p">{</span> <span class="n">print</span><span class="p">(</span><span class="s">'Too many failed attempts'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">print</span><span class="p">(</span><span class="n">result</span><span class="o">.</span><span class="na">message</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h1> BiometricGuard — Widget-Level Protection </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">BiometricGuard</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">secure</span><span class="p">,</span> <span class="nl">sessionTimeout:</span> <span class="kd">const</span> <span class="n">Duration</span><span class="p">(</span><span class="nl">minutes:</span> <span class="mi">5</span><span class="p">),</span> <span class="nl">onSuccess:</span> <span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="n">Navigator</span><span class="o">.</span><span class="na">pushNamed</span><span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="s">'/home'</span><span class="p">),</span> <span class="nl">onFailure:</span> <span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="n">_showAuthErrorDialog</span><span class="p">(</span><span class="n">context</span><span class="p">),</span> <span class="nl">child:</span> <span class="kd">const</span> <span class="n">HomeScreen</span><span class="p">(),</span> <span class="p">)</span> </code></pre> </div> <h1> Custom Prompt Strings </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">BiometricGuard</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">custom</span><span class="p">,</span> <span class="nl">contents:</span> <span class="kd">const</span> <span class="n">AuthContents</span><span class="p">(</span> <span class="nl">title:</span> <span class="s">'Unlock Vault'</span><span class="p">,</span> <span class="nl">subtitle:</span> <span class="s">'Use your fingerprint or face'</span><span class="p">,</span> <span class="nl">description:</span> <span class="s">'Your data is protected by biometric lock'</span><span class="p">,</span> <span class="p">),</span> <span class="nl">child:</span> <span class="kd">const</span> <span class="n">VaultScreen</span><span class="p">(),</span> <span class="p">)</span> </code></pre> </div> <h1> BiometricRoute — Route-Level Protection </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="k">await</span> <span class="n">Navigator</span><span class="o">.</span><span class="na">push</span><span class="p">(</span> <span class="n">context</span><span class="p">,</span> <span class="n">BiometricRoute</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">payment</span><span class="p">,</span> <span class="nl">builder:</span> <span class="p">(</span><span class="n">_</span><span class="p">)</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">PaymentScreen</span><span class="p">(),</span> <span class="p">),</span> <span class="p">);</span> </code></pre> </div> <h1> Biometric-Only Mode </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">BiometricRoute</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">payment</span><span class="p">,</span> <span class="nl">options:</span> <span class="kd">const</span> <span class="n">AuthOptions</span><span class="p">(</span> <span class="nl">biometricOnly:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">),</span> <span class="nl">builder:</span> <span class="p">(</span><span class="n">_</span><span class="p">)</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">PaymentScreen</span><span class="p">(),</span> <span class="p">)</span> </code></pre> </div> <h1> Session Management API </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="kd">final</span> <span class="n">manager</span> <span class="o">=</span> <span class="n">BiometricSessionManager</span><span class="o">.</span><span class="na">instance</span><span class="p">;</span> <span class="c1">// Check if session is valid</span> <span class="kd">final</span> <span class="n">valid</span> <span class="o">=</span> <span class="n">manager</span><span class="o">.</span><span class="na">isSessionValid</span><span class="p">(</span> <span class="kd">const</span> <span class="n">Duration</span><span class="p">(</span><span class="nl">minutes:</span> <span class="mi">5</span><span class="p">),</span> <span class="p">);</span> <span class="c1">// Force re-authentication</span> <span class="n">manager</span><span class="o">.</span><span class="na">invalidateSession</span><span class="p">();</span> <span class="c1">// Check device support</span> <span class="kd">final</span> <span class="n">supported</span> <span class="o">=</span> <span class="k">await</span> <span class="n">manager</span><span class="o">.</span><span class="na">isDeviceSupported</span><span class="p">();</span> <span class="c1">// Get available biometric types</span> <span class="kd">final</span> <span class="n">types</span> <span class="o">=</span> <span class="k">await</span> <span class="n">manager</span><span class="o">.</span><span class="na">getAvailableTypes</span><span class="p">();</span> <span class="c1">// Cancel current prompt</span> <span class="k">await</span> <span class="n">manager</span><span class="o">.</span><span class="na">cancelAuthentication</span><span class="p">();</span> </code></pre> </div> <h1> Reactive UI with SessionStateBuilder </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">SessionStateBuilder</span><span class="p">(</span> <span class="nl">sessionTimeout:</span> <span class="kd">const</span> <span class="n">Duration</span><span class="p">(</span><span class="nl">minutes:</span> <span class="mi">5</span><span class="p">),</span> <span class="nl">builder:</span> <span class="p">(</span><span class="n">context</span><span class="p">,</span> <span class="n">state</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">switch</span> <span class="p">(</span><span class="n">state</span><span class="p">)</span> <span class="p">{</span> <span class="n">SessionActive</span><span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">Icon</span><span class="p">(</span><span class="n">Icons</span><span class="o">.</span><span class="na">lock_open</span><span class="p">),</span> <span class="n">SessionExpired</span><span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">Icon</span><span class="p">(</span><span class="n">Icons</span><span class="o">.</span><span class="na">lock</span><span class="p">),</span> <span class="n">SessionAuthenticating</span><span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">CircularProgressIndicator</span><span class="p">(),</span> <span class="n">SessionFailed</span><span class="p">()</span> <span class="o">=</span><span class="p">&gt;</span> <span class="kd">const</span> <span class="n">Icon</span><span class="p">(</span><span class="n">Icons</span><span class="o">.</span><span class="na">error_outline</span><span class="p">),</span> <span class="p">};</span> <span class="p">},</span> <span class="p">)</span> </code></pre> </div> <h1> SessionLockIndicator </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">SessionLockIndicator</span><span class="p">(</span> <span class="nl">sessionTimeout:</span> <span class="kd">const</span> <span class="n">Duration</span><span class="p">(</span><span class="nl">minutes:</span> <span class="mi">5</span><span class="p">),</span> <span class="nl">activeChild:</span> <span class="kd">const</span> <span class="n">Icon</span><span class="p">(</span><span class="n">Icons</span><span class="o">.</span><span class="na">lock_open</span><span class="p">),</span> <span class="nl">lockedChild:</span> <span class="kd">const</span> <span class="n">Icon</span><span class="p">(</span><span class="n">Icons</span><span class="o">.</span><span class="na">lock</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <h1> AuthIntent </h1> <p><code>AuthIntent</code> automatically provides context-specific prompt titles.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Intent</th> <th>Use Case</th> </tr> </thead> <tbody> <tr> <td><code>AuthIntent.secure</code></td> <td>Login and sensitive screens</td> </tr> <tr> <td><code>AuthIntent.payment</code></td> <td>Payments and transfers</td> </tr> <tr> <td><code>AuthIntent.credentials</code></td> <td>Password managers</td> </tr> <tr> <td><code>AuthIntent.custom</code></td> <td>Fully customized prompts</td> </tr> </tbody> </table></div> <h1> AuthResult </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="kd">class</span> <span class="nc">AuthResult</span> <span class="p">{</span> <span class="kd">final</span> <span class="n">AuthResultCode</span> <span class="n">code</span><span class="p">;</span> <span class="kd">final</span> <span class="kt">String</span> <span class="n">message</span><span class="p">;</span> <span class="kd">final</span> <span class="n">AuthType</span> <span class="n">type</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Convenience getters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">result</span><span class="o">.</span><span class="na">isSuccess</span> <span class="n">result</span><span class="o">.</span><span class="na">isCanceled</span> <span class="n">result</span><span class="o">.</span><span class="na">isLockedOut</span> </code></pre> </div> <h1> Resume Authentication on Foreground </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="k">await</span> <span class="n">BiometricSessionManager</span><span class="o">.</span><span class="na">instance</span><span class="o">.</span><span class="na">authenticate</span><span class="p">(</span> <span class="nl">intent:</span> <span class="n">AuthIntent</span><span class="o">.</span><span class="na">secure</span><span class="p">,</span> <span class="nl">options:</span> <span class="kd">const</span> <span class="n">AuthOptions</span><span class="p">(</span> <span class="nl">resumeOnForeground:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">),</span> <span class="p">);</span> </code></pre> </div> <p>Useful for:</p> <ul> <li>Banking apps</li> <li>Healthcare apps</li> <li>Enterprise applications</li> </ul> <h1> Testing Support </h1> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="kd">final</span> <span class="n">manager</span> <span class="o">=</span> <span class="n">BiometricSessionManager</span><span class="o">.</span><span class="na">forTesting</span><span class="p">(</span> <span class="n">_FakeChannel</span><span class="p">(</span> <span class="n">AuthResult</span><span class="p">(</span> <span class="nl">code:</span> <span class="n">AuthResultCode</span><span class="o">.</span><span class="na">success</span><span class="p">,</span> <span class="nl">message:</span> <span class="s">'ok'</span><span class="p">,</span> <span class="nl">type:</span> <span class="n">AuthType</span><span class="o">.</span><span class="na">biometric</span><span class="p">,</span> <span class="p">),</span> <span class="p">),</span> <span class="p">);</span> </code></pre> </div> <h1> Common Errors and Fixes </h1> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Problem</th> <th>Solution</th> </tr> </thead> <tbody> <tr> <td><code>notFragmentActivity</code></td> <td>Use <code>FlutterFragmentActivity</code> </td> </tr> <tr> <td>Face ID crash</td> <td>Add <code>NSFaceIDUsageDescription</code> </td> </tr> <tr> <td><code>noCredentials</code></td> <td>Enroll biometrics or device PIN</td> </tr> <tr> <td><code>lockedOut</code></td> <td>Wait or unlock device with PIN</td> </tr> <tr> <td>Prompt not appearing</td> <td>Add biometric permissions</td> </tr> <tr> <td>Build error</td> <td>Set <code>minSdkVersion 23</code> </td> </tr> <tr> <td>Pod install failure</td> <td>Set iOS deployment target to 12.0</td> </tr> </tbody> </table></div> <h1> Frequently Asked Questions </h1> <h2> Does it work with only PIN or passcode? </h2> <p>Yes. Device credentials are supported even when biometrics are not enrolled.</p> <h2> Is the session persisted across app restarts? </h2> <p>No. Sessions are stored in memory only.</p> <h2> How do I force re-authentication? </h2> <div class="highlight js-code-highlight"> <pre class="highlight dart"><code><span class="n">BiometricSessionManager</span><span class="o">.</span><span class="na">instance</span><span class="o">.</span><span class="na">invalidateSession</span><span class="p">();</span> </code></pre> </div> <h2> Why does iOS sometimes return <code>deviceCredential</code>? </h2> <p>When <code>biometricOnly: false</code>, iOS may not report whether Face ID or passcode was used.</p> <h1> Ideal Use Cases </h1> <ul> <li>Banking applications</li> <li>Password managers</li> <li>Healthcare apps</li> <li>Enterprise applications</li> <li>Any app requiring secure access control</li> </ul> <h1> Conclusion </h1> <p><code>biometric_guard</code> is a complete biometric authentication solution for Flutter.</p> <p>It goes beyond <code>local_auth</code> by providing:</p> <ul> <li>Session management</li> <li>Widget guards</li> <li>Route guards</li> <li>Lifecycle-safe authentication</li> <li>Reactive UI updates</li> <li>Testing support</li> </ul> <p>If you're building a secure Flutter application, <code>biometric_guard</code> can significantly reduce boilerplate and improve reliability.</p> <h1> Install It Today </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">dependencies</span><span class="pi">:</span> <span class="na">biometric_guard</span><span class="pi">:</span> <span class="s">^1.0.4</span> </code></pre> </div> <p>Pub.dev: <a href="https://pub.dev/packages/biometric_guard" rel="noopener noreferrer">https://pub.dev/packages/biometric_guard</a></p> <p>GitHub: <a href="https://github.com/shahulhameed24/biometric_guard" rel="noopener noreferrer">https://github.com/shahulhameed24/biometric_guard</a></p> <p>If this package is useful, consider giving it a ⭐ on GitHub.</p> <p>Built with ❤️ by Shahul Hameed</p> flutter dart security opensource