I understand how to use the iOS fingerprint authentication mechanism, but I am doubtful about where and how to store the user credentials. Once the fingerprint is authenticated, I need to send the user details to the server. Since the user did not type it in anywhere, I assume I will have to store it when the user types it in the first time. Where do I store these credentials securely? Is iOS KeyChain the solution for this?
Here is how i implemented touch id for my app.
1. check if fingerprint is enabled : user credentials is stored in keychain
2. if fingerprint is enabled, prompt for fingerprint touch
3. else show login screen
4. if user checks "enable fingerprint" checkbox and logs in, store username and password in keychain
5. else login as normal
I used the following plugin :
https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id
Related
I want to use it in my Login screen. In detail, instead of asking user to enter Login Id and Password, I want user to go for Touch Id and if he/she is a device owner, then allow them to go inside app (Post Login screen).
My question is, if the user changes the password using a web application, then in this case touchId should fail. How can I achieve this?
You can use Touch ID to protect a password that is stored in the keychain. Once the keychain item is unlocked then present the username/password to your web site for verification. If verification fails then prompt the user to enter the password. Once the new password has been successfully verified then update the keychain item.
Download the iTunesConnect app for an example of this behaviour.
Sample code on using TouchID with Keychain is here - https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html
Hello to all I want to do a little question ... I'm using parse.com in my app. The login procedure of my user is through the use of parse.com with the classic method username and password that the user types in two textField.
So far everything works but I wanted to implement an additional method of login using the TouchID, but it becomes hard to implement with parse.com because the touchID identifies the impression and the user is not in the database Parse.com therefore when using the TouchID my app returns (rightly) an error because it does not recognize the user among those present in the database ...
Have any of you managed to use the method of biometric TouchID for a login created through parse.com ??? or you know if there is a method that can allow me to do this?
Thank you all
TouchId is just used to authenticate a user to the device - it does not identify a user. You can have fingerprints for different people enrolled into the phone but there is no identity stored with them - they are just valid credentials to authenticate to the device.
You can use touchId to retrieve items from the keychain, so you can store your Parse userid and password in the keychain (the user will need to type them the first time) and then use touchID to unlock these stored credentials for future authentication.
Apple have some sample code that demonstrates using touchID to authenticate to the keychain and for local authentication
I am developing an enterprise application which has user authentication which will be validated at the server side whenever user tries to login through web-service.
I have got a requirement to use iOS touch id for authentication as Apple released the API for 3rd party apps from iOS8.
I could able to find the tutorials on How to use the Touch ID for local authentication, but I am not able to understand how to map my user credentials with the Touch ID.
The exact requirement is user should be able to login to the application with Fingerprint Scanner i.e. using Touch ID but the backend validation should also happen.
How to map the User credentials with the Touch ID finger print? is it possible? if YES, where to store the mapping on local or server side?
Could anyone please help me to understand/implement the same.
Thanks in advance.
Working with TouchID is very easy, For your cases, There is two ways to authenticate user:-
Assumption:- When user is login, we are on application end storing secret token which helps us to validate user.
Using TouchID(iOS 8):-
Using Touch ID, we will get success call back from LAContext user authentication methods if user fingerprints are valid. After that we can acknowledge server directly if required & no required to validate user on server as it is already validate them self using fingerprint scanning.
We must be need to handle authentication fallback mechanism to handle such scenario like "failed to detect finger prints, etc.", In that case we need to authenticate user using Custom PIN or Device Passcode.
Custom PIN/Device Passcode(iOS 9):-
We can either user Custom PIN or Device passcode to authenticate user.
If we are authenticate user with Custom PIN than we required to store user authentication PIN on server & authenticate user every time when access application from background.
If we are authenticate user using Device Passcode(iOS 9), When user enter correct PIN, we will get success call in LAContext user authentication method. After that we can acknowledge server or directly give application access to user.
I'm planing to integrate Touch ID into my app and use it as an alternative to username & password authentication. Here is my though for the process:
First time: Login by username & password -> enable Touch ID -> receive an access key from server.
Second time (with Touch ID enabled): Touch ID authentication success -> directly access server by access ID.
So, securing access key is vital here. Besides Apple's data protection APIs (which offers no protection if user's device is unlocked), is there any better way to protect it?
Also, is this the correct way to utilize Touch ID?
I do not know if this will be helpful or not but you could store the username and password in Apple's keychain upon success. Then once the touch Id is authenticated the second time you can grab the username and password from keychain (Make sure to check if it stills exists) and attempt a login. Or I believe you could store the access key there instead of username and password.
I want to save authentication of my hotspot in my user preferences. Ex: I sign into my wifi using an app with my username and password, then unblock my network, so next time I'm go in this LAN, it should use the credentials I've put in app. So app has to save the wifi auth in user profile. I'm using NSUserDefaults to store my user and keychain for password. Is this the correct way?
As far as I know, there isn't a way for the app to directly setup an access point in the iOS system; I can not see a reason to save wifi authentication credentials in your app if the system will do this already (probably in a more secure manner)? If you simply save this in your user's preferences, then you will get into security issues if you want to change this password later.
However, yes you can distribute a provisioning profile which contains the credentials to your access point so that the user doesn't need to type it in. You could for example, from the app, open an URL pointing to a server web address that will serve the profile for your users. But then you don't even need an app just for that.. you could generate a QR code pointing to that URL and use one of the existing QRCode decoding apps for example.