I am developing an login feature using username/password and biometric authentication. My thinking usecase is:
- User login via username/password for the first time and get there
Token(access_token/refresh_token). - User go to app's setting and enable biometric authentication.
- App will show and verify biometric from user.
- App will save "Encrypted Data" data here when biometric is success.
- User does logout app
- User does login via biometric
And I am very concern at 2 points:
-
At step 4, which thing should I encrypt? Token or username/password? . If Token, it can be expired, if username/password, it seems not a good idea.
-
At step 5, the token will be cleared, so in step 6, after verify biometric, how can I re-login user? Will it depends on my saved data at step 3? or if user logout, we should also disable biometric?
Thanks in advance.
from How to re-login using Biometric authentication?
No comments:
Post a Comment