I’m using Nixos on a Framework Laptop using the Sway window manager. I’ve been able to enable the fingerprint reader and enroll fingerprints with:

  services.fprintd.enable = true;
  security.pam.services.login.fprintAuth = true;
  services.gnome.gnome-keyring.enable = true;
    systemd.services.fprintd = {
      wantedBy = [ "multi-user.target" ];
      serviceConfig.Type = "simple";
    };

However, I am never actually prompted for fingerprint authentication by sudo or polkit prompts. Where would I go to actually enable that?

Try:

security.pam.services.polkit-1.fprintAuth = true;

and/or

security.pam.services.sudo.fprintAuth = true;

Does this work?

you didn’t explicitly mention that you set services.fprintd.enable = true; - can you please confirm if you did this or not?

if you set that value then basically everything should just magically work and suggestions from @Lyndeno shouldn’t be necessary - see this line for explanation

Yes, that line is also present.

No, doesn’t seem to have had any effect.

i would suggest turning on debug logging for fprintd and polkit:

https://github.com/FrameworkComputer/fprintd:

Debugging

To enable debug output run systemctl edit fprintd.service then enter:

[Service]
Environment=G_MESSAGES_DEBUG=all

Save the result and restart fprintd using systemctl restart fprintd.service.

After that, you can grab the logs using journalctl -u fprintd.service.

and setting security.polkit.debug = true;

i also have a framework laptop and make heavy use of the fingerprint reader… everything just worked as expected once my fingerprint was enrolled and the services.fprintd.enable option was set true… so let’s dig into the logs, because something seems off

That’s helpful, didn’t realize that was available. Seems like a promising clue-

6月 19 14:57:02 agility systemd[1]: Started Fingerprint Authentication Daemon.
 6月 19 14:57:02 agility fprintd[12893]: About to load configuration file '/nix/store/vk044swsc9r71wl59zgxh7215ny8y0w5-fprintd-1.94.5/etc/fprintd.conf'
 6月 19 14:57:02 agility fprintd[12893]: Launching FprintObject
 6月 19 14:57:02 agility fprintd[12893]: Initializing FpContext (libfprint version 1.94.9)
 6月 19 14:57:02 agility fprintd[12893]: Preparing devices for resume
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 1D6B:0003
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 0BDA:5634
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 8087:0032
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 1D6B:0002
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 1D6B:0003
 6月 19 14:57:02 agility fprintd[12893]: No driver found for USB device 1D6B:0002
 6月 19 14:57:02 agility fprintd[12893]: Device reported probe completion
 6月 19 14:57:02 agility fprintd[12893]: Got delay inhibitor for sleep.
 6月 19 14:57:02 agility fprintd[12893]: Completing action FPI_DEVICE_ACTION_PROBE in idle!
 6月 19 14:57:02 agility fprintd[12893]: Not updating temperature model, device can run continuously!
 6月 19 14:57:02 agility fprintd[12893]: Device Goodix MOC Fingerprint Sensor scan type changed to 'press'
 6月 19 14:57:02 agility fprintd[12893]: Device Goodix MOC Fingerprint Sensor enroll stages changed to 13
 6月 19 14:57:02 agility fprintd[12893]: Finger present 0
 6月 19 14:57:02 agility fprintd[12893]: Finger needed 0
 6月 19 14:57:02 agility fprintd[12893]: entering main loop
 6月 19 14:57:02 agility fprintd[12893]: D-Bus service launched with name: net.reactivated.Fprint
 6月 19 14:57:02 agility fprintd[12893]: Requesting authorization from :1.170 to call method 'ListEnrolledFingers' for device 'Goodix MOC Fingerprint Sensor'
 6月 19 14:57:02 agility fprintd[12893]: Getting authorization to perform Polkit action net.reactivated.fprint.device.setusername
 6月 19 14:57:02 agility fprintd[12893]: Getting authorization to perform Polkit action net.reactivated.fprint.device.verify
 6月 19 14:57:02 agility fprintd[12893]: Authorization granted to :1.170 to call method 'ListEnrolledFingers' for device 'Goodix MOC Fingerprint Sensor'!
 6月 19 14:57:02 agility fprintd[12893]: file_storage_discover_prints() for user '***' in '/var/lib/fprint/micah/goodixmoc/UIDF9A4A071_XXXX_MOC_B0'
 6月 19 14:57:02 agility fprintd[12893]: scan_dev_storedir(): opendir("/var/lib/fprint/***/goodixmoc/UIDF9A4A071_XXXX_MOC_B0") failed: Error opening directory “/var/lib/fprint/***/goodixmoc/UIDF9A4A>

Ok, that was the clue I needed. Turns out that I had been enrolling fingerprints for the root user, rather than my normal account. using sudo fprintd-enroll USER vs sudo fprintd-enroll fixed the problem.