VerifyUv Method

VerifyUv(PinUvAuthTokenPermissions, string?)

Performs a User Verification (UV) check on the YubiKey using the onboard biometric sensor. This method is only supported on YubiKey Bio Series devices. Uses the KeyCollector for touch prompting.

public void VerifyUv(PinUvAuthTokenPermissions permissions, string? relyingPartyId = null)

Parameters

Type	Name	Description
PinUvAuthTokenPermissions	permissions	The set of operations that this auth token should be permitted to do.
string	relyingPartyId	Some `permissions` require the qualification of a relying party ID. This parameter should only be specified when a permission requires it, otherwise it should be left null. See PinUvAuthTokenPermissions for more details on which permissions require the RP ID and for which it is optional.

Exceptions

Type	Condition
OperationCanceledException	The user cancelled UV collection. This happens when the application returns `false` in the `KeyCollector`.

Remarks

A YubiKey is manufactured with no PIN and no biometric templates set. A PIN must be set before a user can register fingerprints. After a PIN has been set, a user can enroll one or more fingers using their platform or operating system's built in registration mechanism.

Once both a PIN has been set and a fingerprint has been registered, a user can perform verification. This method initiates the biometric (or user verification) process. If the user cannot match a valid finger within the allowed number of retries, it is best practice to fall back to PIN verification.

Unlike other applications in this SDK (such as PIV and OATH), the SDK will not automatically verify PIN or UV using the KeyCollector in methods like MakeCredential(MakeCredentialParameters) due to FIDO2's complex user verification process. Your application must call this method explicitly before attempting to perform a FIDO2 operation that requires verification.

If the YubiKey was unable to verify a registered fingerprint, the SDK will automatically retry. The key collector will be called again to notify your app that touch is required. Each time the key collector is called, the IsRetry member will be set to true and the RetryCount will be updated to reflect the number of retries left before the YubiKey blocks further UV attempts. To cancel UV collection operations, simply return false in the handler for the key collector. When the retries have been exhausted, a `SecurityException` will be thrown. This, along with user cancellation, are indicators that your application should switch to verification with PIN.