Biometric Login
Use case
- Users must register their biometric data in their OS settings (not in your apps).
- All registered biometric data of different people in one device is valid for use.
Scenario 1: First time install
- User download the app
- User open the app
- User navigate to login page
- User tap "Biometric login" button
- Show message:
Dialog
Biometric login has not been activated on your device.
Please log in and activate it on "Preferences" page.
Scenario 2: Activating biometric login
- User log in with regular username and password
- User navigate to "Preferences" page
- User tap "Biometric login" option (checkbox)
- App will send credentials to server: username + password + deviceId
- Server will issues a long-live refresh token
- Refresh token will be saved by using the function below:
biometric.ts
const refreshToken = 'xxxxx.yyyyy.zzzzz'
await Fingerprint.registerBiometricSecret({
secret: refreshToken
})
Scenario 3: Login with biometric (after the activation)
- User open the app
- User navigate to login page
- User tap "Biometric login" button
- Authenticate the user using biometry (fingerprint or faceId)
- If authenticated, load refreshToken from the biometric registry and send it to the server
- Server exchanges refreshToken for a valid access-token
biometric.ts
const secret = await Fingerprint.loadBiometricSecret()
const credential = JSON.parse(secret)
// POST api/v2/token
Test case
Scenario 1: User log in with different fingers
- User activate the biometric login feature in "Preferences" page using their thumb
- User try to log in using another registered finger
Result
Log in success
Scenario 2: User register new fingers
- User activate the biometric login feature in "Preferences" page using their thumb
- User go to OS settings, then register new finger
- User go back to app, then try to log in
Result
Log in failed