I am using Fingerprint AIO to secure my mobile app, but I am a bit confused about what to do here. As far as I can tell, this library only expose 2 functions isAvailable() and show(). So I give it a try on my project:
import { FingerprintAIO, FingerprintOptions } from '@ionic-native/fingerprint-aio/ngx';
initFingerprint() {
const opt: FingerprintOptions = {
title: 'Fingerprint - FaceID authentication',
subtitle: "It's quick and easy",
description: '',
fallbackButtonTitle: 'Use Pin',
cancelButtonTitle: 'Cancel',
disableBackup: false
}
this.faio.show(opt)
.then((result) => {
console.log(result)
// What should I do here ???
})
.catch((error) => {
console.log(error);
})
}
The function above works fine, but what should I do in the then() callback? How can I tell my server that this user already authenticated successfully with their finger (or face)?
My assumption is that I need to encrypt their username and password in a text file then decrypt it later if they successfully authenticated and send that information to my server. But this seems like a lot of thing to do.
P/s: Here the library: https://github.com/NiklasMerz/cordova-plugin-fingerprint-aio
Try checking out this post: Cordova fingerprint authentication on server
I was trying to do the same thing as you: use the FingerprintAIO to get some kind of token representing the person's fingerprint, which I'd then link to their username in the server to allow fingerprint logins.
Turns out that's not how it's supposed to work.
The most-voted-for answer shows a helpful diagram outlining how biometric authentication is supposed to work. Unfortunately, it's a little more difficult: instead of some unique key gotten from the fingerprint, you need to store a key. This means that you and I will have to rethink how we plan to rethink how we implement fingerprint authentication!