Search code examples
iosobjective-cmdmtouch-id

Want to secure my app with combination of TouchID & email

One of my app has log-in feature with email & password and it's working fine as expected.

Now, what my client wants here email + TouchID (without password) need to login into the app.

so my first question is can I do that with both combinations of TouchID & email login?

I have used Touch id for a simple unlock of my app but never use an email with touchid any idea how can I do that?

I have search and lot many apps are doing the same but how?

from one blog I found that with the help of MDM I can configure this but I haven't used MDM (Mobile device management) so not sure about this.

Thanks in advance.

Solution

  • You can use kSecAccessControlTouchIDCurrentSet to store email into keychain at the time of registration. with this, the item you will be storing into keychain will be combination of Current TouchID + Email.

    At the time of login, You can retrieve Email from Keychain using touchId and and compare it with entered email.

    To Store email into keychain, use following code : (works on iOS 9 and above-- Will not work on iOS 8)

    -(void)saveToKeyChain:(NSString*)email{
    CFErrorRef error = NULL;

    SecAccessControlRef scaObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAccessControlTouchIDCurrentSet,         &error);

    NSDictionary *attributes = @{
                                 (__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
                                 (__bridge id)kSecAttrService  :@"ToucIdWithEmailExample",
                                  (__bridge id)kSecValueData    :[email dataUsingEncoding:NSUTF8StringEncoding],
                                  (__bridge id)kSecUseNoAuthenticationUI  :@YES,

                                  (__bridge id)kSecAttrAccessControl  : (__bridge_transfer  id)scaObject
                                 };

    OSStatus initialWriteStatus =  SecItemAdd((__bridge CFDictionaryRef)attributes, nil);

}

kSecAccessControlTouchIDCurrentSet in above will take store Email with current authenticated touch.

    To retrive keychain data, you can use following:

    -(void)retriveKeyChainData{

    NSDictionary *queryAttributes = @{
                                 (__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
                                 (__bridge id)kSecAttrService  :@"ToucIdWithEmailExample",
                                 (__bridge id)kSecReturnData    : @YES,

                                 (__bridge id)kSecUseOperationPrompt  : @"Authenticate"
                                 }.mutableCopy;

    CFTypeRef dataTypeRef = NULL;
    OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)queryAttributes, &dataTypeRef);

    if(status == errSecSuccess)
    {
        NSData *data = (__bridge NSData*)(dataTypeRef);
    }



}

    This function will retrieve Email id which you stored at the time of registration. You can compare it with entered email and Validate.

    you can go through this tutorial - if you want to understand it in detail.