Auth0.swift: Touch ID / Face ID Authentication
Here's the scenario: After user authentication, you want to store the user's credentials and use them as long as they are valid. Once they expire, you would want to renew them using the refreshToken
in order to avoid presenting the login page again. Rather than doing this automatically, you require the user to validate with their fingerprint or face.
You will be using the Credentials Manager utility in Auth0.swift to streamline the management of user credentials and perform biometric authentication.
Getting Started
First, import the Auth0
module:
import Auth0
Credentials Manager
Before retrieving credentials, you can also engage the biometric authentication (Face ID or Touch ID) supported by your iOS device.
Begin by setting up the Credentials Manager. Then enable biometrics. You can also pass in a title to show in the prompt.
let credentialsManager = CredentialsManager(authentication: Auth0.authentication())
credentialsManager.enableBiometrics(withTitle: "Touch ID / Face ID Login")
Was this helpful?
We strongly recommend that you add the NSFaceIDUsageDescription setting to your project's Info.plist
to display a reason for using Face ID. In some cases, if you do not provide a description string and the user attempts Face ID authentication, the user's attempt may fail.
...
<key>NSFaceIDUsageDescription</key>
<string>Reason why we use Face ID here</string>
...
Was this helpful?
Login
Present the Universal Login page and, upon successful authentication, pass the credentials to the Credentials Manager.
Auth0
.webAuth()
.scope("openid profile offline_access")
.audience("https://{yourDomain}/userinfo")
.start {
switch $0 {
case .failure(let error):
// Handle error
case .success(let credentials):
// Store credentials securely with the Credentials Manager
credentialsManager.store(credentials: credentials)
}
}
Was this helpful?
Renew User Credentials
When you need to renew the user's credentials, you can call the credentials
method from the Credentials Manager.
credentialsManager.credentials { error, credentials in
guard error == nil, let credentials = credentials else {
// Handle error
// Fallback to login screen
}
// Continue routing the user as authentication was successful
}
Was this helpful?
There is no need manually store the new credentials as this is handled by the Credentials Manager during the renewal.
Next Steps
You can download a sample project and follow the instructions in the iOS quickstart section on Touch ID / Face ID in iOS.