TryVerifyUv Method

TryVerifyUv(PinUvAuthTokenPermissions, string?)

Tries to Perform a User Verification (UV) check on the YubiKey using the onboard biometric sensor. This method is only supported on YubiKey Bio Series devices. The permissions argument must be something other than None.

C#
public bool TryVerifyUv(PinUvAuthTokenPermissions permissions, string? relyingPartyId = null)

Parameters

Type Name Description
PinUvAuthTokenPermissions permissions

The set of operations that this auth token should be permitted to do. This parameter cannot be None for UvVerification.
string relyingPartyId

Some permissions require the qualification of a relying party ID. This parameter should only be specified when a permission requires it, otherwise it should be left null. See PinUvAuthTokenPermissions for more details on which permissions require the RP ID and for which it is optional.

Returns

bool

A boolean, true if the verification succeeds, false if the user cancels.

Exceptions

Type Condition
InvalidOperationException

The YubiKey does not support onboard user-verification, or else it does support it but there are no fingerprints enrolled.
SecurityException

The YubiKey has blocked fingerprint verification because of too many "bad" readings.
TimeoutException

The YubiKey timed out waiting for the user to supply a fingerprint.
Fido2Exception

The permissions arg was None or the YubiKey was not able to complete the process for some reason described in the exception's message.

Remarks

This method will call the KeyCollector to prompt the user to provide the fingerprint. If there is no KeyCollector, this method will throw an exception.

When verifying using Uv, the caller must provide a valid permission. If the input permissions arg is None, this method will throw an exception.

A YubiKey is manufactured with no PIN and no biometric templates set. A PIN must be set before a user can register fingerprints. After a PIN has been set, a user can enroll one or more fingers using their platform or operating system's built in registration mechanism.

Once both a PIN has been set and a fingerprint has been registered, a user can perform verification. This method initiates the biometric (or user verification) process. If the user cannot match a valid finger within the allowed number of retries, it is best practice to fall back to PIN verification.

If the YubiKey was unable to verify a registered fingerprint, the SDK will automatically retry. The key collector will be called again to notify your app that touch is required. Each time the key collector is called, the IsRetry member will be set to true and the RetryCount will be updated to reflect the number of retries left before the YubiKey blocks further UV attempts. To cancel UV collection operations, call the SignalUserCancel delegate. When the retries have been exhausted, a SecurityException will be thrown. This, along with user cancellation, are indicators that your application should switch to verification with PIN.

If the user cancels the operation, this method will return false. If the YubiKey times out, this method will throw a TimeoutException.