Using the AndroidX Biometric Prompt on a Samsung S9 (Android 10) works fine in when only fingerprints are registered on the device and we trigger biometrics to encrypt/decrypt a password.
However android.security.KeyStoreException: Key user not authenticated is thrown when decrypting the password after irises are registered as well. It makes sense because the key used to decrypt was authenticated only by fingerprint.
Re-encrypting the key after enabling irises has no issue and the exception isn't thrown.
Is there a clean way to handle this case? I don't see KeyInvalidatedException getting thrown in this scenario.