I want to implement Apple's touchId/FaceId for my app. Currently the app has Login screen, where the user enters the userId and password. I submit the userId and password to the back end server(located at let's say https://example.com/Login?username=abc&password=xyz@123(just an example)). The backend server returns me authentication cookies. This cookies I use to access the rest of the rest api services I am reading a number of articles which tells about how you can use Apple's touch Id with https://developer.apple.com/documentation/localauthentication framework. It displays the generic pop up asking the use the touch Id, and returns true if the touch Id authentication is successful.
My question comes up here. If I use the touch Id and the authentication is successful. How do I proceed? Basically, I would need the authentication cookies to access the rest apis.
One flow I am assuming is. When the user enables the touchId/faceId in settings page of my app, I store the usercredentials in the keychain. Once the user is logged out, and the user uses touch Id and authentication is successful, I access the keychain, retrieve the password for the user, call the api https://example.com/Login?username=abc&password=xyz@123 get the authentication cookies and use them for accessing the rest of the web apis.
Is my assumption correct? Or there is a better way of implementing it? Any examples or references would be great.
Thanks.
