Handling TouchID Authentication for Login using Database in IOS

2.4k views Asked by At

I am new to IOS 8 and its new features..I want to use Touch ID in my app for Login into the application.

In General, My app have username,password,department for login.I will enter username,password and department and then backend will check with given correct match or not and send success response..

Now, If I have given Touch ID as option to login.Then I know how to use TouchID in my app with LAContext. But after success authentication how can I identify the user who authenticated is particular user..as no response is coming from API to save into database like unique key.

http://cdn.hayageek.com.s3.amazonaws.com/downloads/ios/TouchIdAuthentication.zip

I googled then I came to know is Touch ID with KeychainTouchID will works for this.. But, How can I use this for Username,password and department in keychain initially and then verify those details exists or not after TouchID authentication and then retrieve those and calling service with those values..

https://developer.apple.com/library/ios/samplecode/KeychainTouchID/History/History.html

Is this a correct approach or any other alternative for my requirements..

Example: Users are A,B & C having TouchID supported device say IPhone 5S..

In the app they kept some usernames say AA,BB & CC.

After A successfully authenticated using TouchID how can we say that the user is AA or BB or CC.

Any Ideas or suggestions is appreciated..

Thank you...

2

There are 2 answers

0
Cy-4AH On

You should store in the keychain TouchID-protected username and password. Then when you need authenticate user, just ask keychain for that data. IOS will automatically ask user to use his finger.If authentication was successful you will get yours username and password.

0
Naughty_Ottsel On

You can only get an idea of which user it is by asking them. There is no way to determine a user from the finger print. You have to look at Touch ID as essentially saying "here is a mathematical representation of a finger print. Does it match?" to which the response is either "Yes" or "No" There is no "Yes and it matches this person."

If I have understood your question correctly. User A, B & C could all have a fingerprint set for the device. You can ask the user to select their username for instance A would select A, B would select B etc. Get the user to enter their password. Ask the system for that password under the keychain. If the user authenticates then do a check with the entered password.

But if User B knew User A's password and selected that they were user A, once the touchID authentication has been successful they can still log in to User A's area.