Local Authentication using biometric:

Using Face ID and Touch ID, the iOS app can authorize your identity and send the log in information to the back-end without any user interaction with the app. This is one of the most secure way to identify the user. Let's see how to implement it.

In the world of computer security, authentication falls into 3 categories:

(1). Something you know like user_id and password, PIN number etc. which are considered less secure.

(2). Something you have like it generates OTP (one time password), phone call to your personal mobile device etc.

(3). Something you are, this is most secure, which refers to a physical attribute of your body which is unique to the user. Like biometric information of retina scan, voice recognition, facial recognition, finger-print etc.

Architecture of local authentication:

The local authentication framework:

Biometric authentication for ios app is implemented using local authentication framework: LAContext

Flow 1: User enters the user_name and password first time

Flow 2: On success of log-in, the app will save the password to key-chain and user-name into user-defaults to use it later

Flow 3: While next time onwards, the user comes to LogIn page, the app retrieves user-name from user-defaults and password from key-chain and check whether the app can evaluate the authentication using biometric.

Flow 4: If the device supports Touch ID and Face ID, it will call logIn Service with stored user_name and password after successfully validating the user biometric.

Face ID:

Touch ID:

authenticate:

  func authenticateUser(successBlock: (() -> ())?, failureBlock: (()->())?) {
    
    // retrieve the user name
    guard let lastAccessedUserName = UserDefaults.standard.object(forKey: "lastAccessedUserName") as? String else { return }
    
    let context = LAContext()
    var error: NSError?
    
    if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
        // device can be used for biometric authentication
        // evalutate the policy
        context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: "Access requires authentication") { (success, err) in
            DispatchQueue.main.async { [weak self] in
                if success {
                    switch context.biometryType {
                    case .faceID, .touchID:
                        print("device support faceId or touchId authentication")
                        self?.loadPasswordFromKeychainAndAuthenticateUser(lastAccessedUserName, successBlock: successBlock, failureBlock: failureBlock)
                    default: break
                    }
                }
            }
        }
    } else { // device cannot be used for biometric authentication
        if let error = error {
            switch error.code {
            case LAError.Code.biometryNotEnrolled.rawValue: print("biometry is not enrolled")
            case LAError.Code.biometryLockout.rawValue: print("the phone is not passcode protected")
            case LAError.Code.biometryNotAvailable.rawValue: print("biometry is not availabled")
            default: break
            }
        }
    }
}