You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Mobile devices are more likely to be lost, stolen, or used by unauthorized persons. To strengthen the security of an app and protect it from unauthorized access. One way is to lower the session expiration time. Which causes the user to go through the login process more often.
Solution
Instead, we can use biometric authentication for accessing the token store in our application.
Use Face / Touch ID for iOS to access the token store. The id, refresh, and access token would then be encrypted before storing them.
This would introduce an open / locked state on the token store. When opening the app, the user would have to unlock the store with biometrics. Then the tokens can be decrypted and cached in memory until the app is closed.
We could also lock the store after some inactive time.
Should the user decline biometric authentication, persistent token storage will be disabled, requiring authentication via FusionAuth upon each application launch or following any event resulting in memory cache clearing.
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
Biometrics to access the Token Store
Problem
Mobile devices are more likely to be lost, stolen, or used by unauthorized persons. To strengthen the security of an app and protect it from unauthorized access. One way is to lower the session expiration time. Which causes the user to go through the login process more often.
Solution
Instead, we can use biometric authentication for accessing the token store in our application.
Use Face / Touch ID for iOS to access the token store. The id, refresh, and access token would then be encrypted before storing them.
This would introduce an open / locked state on the token store. When opening the app, the user would have to unlock the store with biometrics. Then the tokens can be decrypted and cached in memory until the app is closed.
We could also lock the store after some inactive time.
Should the user decline biometric authentication, persistent token storage will be disabled, requiring authentication via FusionAuth upon each application launch or following any event resulting in memory cache clearing.
Alternatives/workarounds
TBD
Additional context
N/A
Community guidelines
All issues filed in this repository must abide by the FusionAuth community guidelines.
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
The text was updated successfully, but these errors were encountered: