auth/com.midnight.kuira.core.auth/AuthPolicy/VALIDITY_DURATION_SECONDS

VALIDITY_DURATION_SECONDS

const val VALIDITY_DURATION_SECONDS: Int = 30

Auth-validity window in seconds. After any successful BiometricPrompt or device-credential auth, biometric-gated Keystore keys are usable for this many seconds without re-prompting.

Trade-off:

  • 0 — per-use (strictest). Every Keystore op prompts. Drove the post-restore triple-prompt UX bug.

  • 30 — current default. Matches "user just authenticated" intent: SeedVault loads done immediately after a restore, app launch, or signing flow don't re-prompt, but a stolen unlocked device has at most 30s of stale auth credit.

  • 300+ — convenience-leaning (5min+). Closer to what consumer wallets do, weaker against snatch attacks within the window. Reach for this only with an explicit UX justification.

Increase only with security review.