9

I am developing an enterprise application which has user authentication which will be validated at the server side whenever user tries to login through web-service.

I have got a requirement to use iOS touch id for authentication as Apple released the API for 3rd party apps from iOS8.

I could able to find the tutorials on How to use the Touch ID for local authentication, but I am not able to understand how to map my user credentials with the Touch ID.

The exact requirement is user should be able to login to the application with Fingerprint Scanner i.e. using Touch ID but the backend validation should also happen.

How to map the User credentials with the Touch ID finger print? is it possible? if YES, where to store the mapping on local or server side?

Could anyone please help me to understand/implement the same.

Thanks in advance.

CKT
  • 1,223
  • 4
  • 21
  • 39
  • 1
    maybe it will help you a little: http://stackoverflow.com/questions/26481720/touchid-for-login-user-with-database-parse-com-in-ios-8-0 and the apple example https://developer.apple.com/library/ios/samplecode/KeychainTouchID/Introduction/Intro.html – TonyMkenu Oct 21 '14 at 11:29

1 Answers1

1

Working with TouchID is very easy, For your cases, There is two ways to authenticate user:-

Assumption:- When user is login, we are on application end storing secret token which helps us to validate user.

  1. Using TouchID(iOS 8):-

    • Using Touch ID, we will get success call back from LAContext user authentication methods if user fingerprints are valid. After that we can acknowledge server directly if required & no required to validate user on server as it is already validate them self using fingerprint scanning.
    • We must be need to handle authentication fallback mechanism to handle such scenario like "failed to detect finger prints, etc.", In that case we need to authenticate user using Custom PIN or Device Passcode.

  2. Custom PIN/Device Passcode(iOS 9):-

    • We can either user Custom PIN or Device passcode to authenticate user.
    • If we are authenticate user with Custom PIN than we required to store user authentication PIN on server & authenticate user every time when access application from background.
    • If we are authenticate user using Device Passcode(iOS 9), When user enter correct PIN, we will get success call in LAContext user authentication method. After that we can acknowledge server or directly give application access to user.
Sagar Thummar
  • 2,034
  • 15
  • 21