iOS Swift: Touch ID Authentication
This tutorial will show you how to use Touch ID and the Credentials Manager. We recommend you to Log in to follow this quickstart with examples configured for your account.
I want to integrate with my app15 minutes
I want to explore a sample app2 minutes
Get a sample configured with your account settings or check it out on Github.
Before You Start
Before you continue with this tutorial, make sure that you have completed the previous tutorials. This tutorial assumes that:
- You have integrated Auth0.swift as a dependency in your project.
- You are familiar with presenting the login screen. To learn more, see the Login tutorial.
- You know how to renew a user's credentials with a Refresh Token. To learn more, see the User Sessions tutorial.
Apply Touch ID Authentication
This tutorial shows you how to renew the user's credentials without presenting the user with the login page. Additionally, the guide shows you how to use Touch ID to validate the renewal.
Add the Credentials Manager
Add a property to your class for the credentials manager:
Next, initialize the credentials manager in the appropriate
init method of your class:
Enrolling in Multi-factor Authentication
Present the login page. Add the
offline_access scope to receive a
When the user logs in, the credentials object is encrypted and stored securely in the keychain.
Renew the User's Credentials
To automatically renew the user's credentials, use the credentials method in the credentials manager.
The credentials manager retrieves stored credentials from the keychain and checks if the Access Token is still valid:
- If the current credentials are still valid, the credentials manager returns them
- If the Access Token has expired, the credentials manager renews them using the Refresh Token and returns them
Add the following:
Enable Touch ID
After the line that initialized the credentials manager, add a line that enables Touch ID:
Next time you call the
credentials method, the user will be prompted for their Touch ID with a "Touch to Authenticate" message.
Improve the User Experience
If the user has logged out and you have cleared the credentials from the credentials manager, for example, with the following:
The user is still prompted for their touch ID. This returns an error in the
credentials closure because there are no credentials to renew from.
The credentials manager has a
hasValid() method that lets you know if there are valid credentials that can be returned directly or renewed and returned.
You can add this check before you call the