4

I was interested in adding the Touch ID option into my app. I have found many SO posts and other articles on how to implement it and how to handle errors. My question is if the user logs in, and then goes to the preferences VC and (if the device supports it) enables Touch ID....how do I retrieve the users email and password from Firebase...or store it?

I could be wrong, but I can't imagine Firebase would allow me to pull the user's password. So, would I just store the password from the log in VC in a constant and pass it from VC to VC just in case the user wants to enable Touch ID?

That doesn't seem like a great option either..

Edit

I want to clarify my question.

Initially in my app a user logs into the app using Firebase using an email and password. Later on if the user wants to he/she can enable Touch ID so instead of typing johnSmith@email.com and abc123 it knows on this phone that the user is johnSmith@email.com and the password is abc123.

My question is: How to I retrieve that users email and password? I do NOT have a child in my database with a list of emails and I DO NOT have a list of passwords.

The only thing I can think of to get the user is the following

 let user = FIRAuth.auth()?.currentUser

But is that enough for a Touch ID log in? That is just a random string and not his/her email

And how do I get the password?

RubberDucky4444
  • 2,330
  • 5
  • 38
  • 70
  • The first question is; if the user is logged in (to what?) why would you then want to retrieve their password and email, since they are already logged in? Also, you are correct that storing a password in the clear in a database is never a good option. You can encrypt it but even that is probably not best practice. – Jay Jan 28 '17 at 15:34
  • @Jay Sorry if it wasn't clear. If the user logs into my app through firebase. So they put in an email and password (have already created account). Later if they decide instead of putting email and password in every time they just want to use their thumb... HOW do I tell my app that if the user puts his/her thumb on the reader to enter in his/her email and password? – RubberDucky4444 Jan 29 '17 at 20:45
  • @Jay so if 2 different users enable Touch ID user A would put his thumb down and it would log only him in to only that phone, and user B would put her thumb down and it would only log her into only that phone..... – RubberDucky4444 Jan 29 '17 at 20:46
  • How did you manage that? – Alex Bean Aug 23 '18 at 13:33

1 Answers1

5

As long as Firebase doesnt support TouchId you will have to manage the username and password combination yourself. You will have to ask the user once for the username and password when he/she enables Touch Id and store the username/pw yourself.

The way to store sensitive information is by using Keychain, here is a sample project from Apple on how to do that.

Next time the user login gets confirmed by Touch Id you pull the username/pw from keychain and authenticate the user.

Simon
  • 2,419
  • 2
  • 18
  • 30