2

I am using Fingerprint AIO to secure my mobile app, but I am a bit confused about what to do here. As far as I can tell, this library only expose 2 functions isAvailable() and show(). So I give it a try on my project:

  import { FingerprintAIO, FingerprintOptions } from '@ionic-native/fingerprint-aio/ngx';

  initFingerprint() {
    const opt: FingerprintOptions = {
      title: 'Fingerprint - FaceID authentication',
      subtitle: "It's quick and easy",
      description: '',
      fallbackButtonTitle: 'Use Pin',
      cancelButtonTitle: 'Cancel',
      disableBackup: false
    }
    this.faio.show(opt)
      .then((result) => {
        console.log(result)
        // What should I do here ???
      })
      .catch((error) => {
        console.log(error);
      })
  }

The function above works fine, but what should I do in the then() callback? How can I tell my server that this user already authenticated successfully with their finger (or face)?

My assumption is that I need to encrypt their username and password in a text file then decrypt it later if they successfully authenticated and send that information to my server. But this seems like a lot of thing to do.

P/s: Here the library: https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio

Lê Quang Bảo
  • 2,670
  • 2
  • 27
  • 40
  • 1
    The biometric authentication request simply returns yes/no to indicate whether the user was authenticated. What you do with the result is up to you. You could use the authentication to get credentials from the keychain, for example. On iOS you can have the request for the credentials from the keychain automatically trigger the biometric authentication. – Paulw11 Jun 02 '20 at 04:33

2 Answers2

2

Try checking out this post: Cordova fingerprint authentication on server

I was trying to do the same thing as you: use the FingerprintAIO to get some kind of token representing the person's fingerprint, which I'd then link to their username in the server to allow fingerprint logins.

Turns out that's not how it's supposed to work.

The most-voted-for answer shows a helpful diagram outlining how biometric authentication is supposed to work. Unfortunately, it's a little more difficult: instead of some unique key gotten from the fingerprint, you need to store a key. This means that you and I will have to rethink how we plan to rethink how we implement fingerprint authentication!

Becky Saunders
  • 40
  • 6
0

Use this style instead:

this.faio.show(opt, successCallback, errorCallback);

function successCallback(){
  alert("Authentication successful");
}

function errorCallback(error){
  alert("Authentication invalid " + error.message);
}

in success logically you have to unlock the app and navigate forward, and in error, you should prevent it and request pin or fingerprint again.

Mahdi Zarei
  • 5,644
  • 7
  • 24
  • 54
  • I'm asking about what to do in the `successCallback()`. I need to tell my server that this user has authenticated successfully, but I am not sure how to do that. Normally, if they login with username + password, my server will use that information to verify and response with a token. But if they use fingerprint, there is nothing for my server verify. Do I need to store username/password on their device? – Lê Quang Bảo Jun 03 '20 at 02:58
  • 1
    @LêQuangBảo first of all, logically it's not proper to ask username and password in each entrance. so I recommend that you just keep a token and in each entrance check if you have a token or not. then for each entrance either they enter a pin and you check it then check the token and then send a request to the server. and for fingerprint, I have an idea but I'm not sure that if it's the right thing to do, you can enter the pin programmatically if the fingerprint was valid. so in the success callback, you can call the success pin function. – Mahdi Zarei Jun 03 '20 at 03:58