iosobjective-cmdmtouch-id

Want to secure my app with combination of TouchID & email


One of my app has log-in feature with email & password and it's working fine as expected.

Now, what my client wants here email + TouchID (without password) need to login into the app.

so my first question is can I do that with both combinations of TouchID & email login?

I have used Touch id for a simple unlock of my app but never use an email with touchid any idea how can I do that?

I have search and lot many apps are doing the same but how?

from one blog I found that with the help of MDM I can configure this but I haven't used MDM (Mobile device management) so not sure about this.

Thanks in advance.


Solution

  • You can use kSecAccessControlTouchIDCurrentSet to store email into keychain at the time of registration. with this, the item you will be storing into keychain will be combination of Current TouchID + Email.

    At the time of login, You can retrieve Email from Keychain using touchId and and compare it with entered email.

    To Store email into keychain, use following code : (works on iOS 9 and above-- Will not work on iOS 8)

    -(void)saveToKeyChain:(NSString*)email{
        CFErrorRef error = NULL;
    
        SecAccessControlRef scaObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAccessControlTouchIDCurrentSet,         &error);
    
        NSDictionary *attributes = @{
                                     (__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
                                     (__bridge id)kSecAttrService  :@"ToucIdWithEmailExample",
                                      (__bridge id)kSecValueData    :[email dataUsingEncoding:NSUTF8StringEncoding],
                                      (__bridge id)kSecUseNoAuthenticationUI  :@YES,
    
                                      (__bridge id)kSecAttrAccessControl  : (__bridge_transfer  id)scaObject
                                     };
    
        OSStatus initialWriteStatus =  SecItemAdd((__bridge CFDictionaryRef)attributes, nil);
    
    }
    
    kSecAccessControlTouchIDCurrentSet in above will take store Email with current authenticated touch.
    

    To retrive keychain data, you can use following:

    -(void)retriveKeyChainData{
    
        NSDictionary *queryAttributes = @{
                                     (__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
                                     (__bridge id)kSecAttrService  :@"ToucIdWithEmailExample",
                                     (__bridge id)kSecReturnData    : @YES,
    
                                     (__bridge id)kSecUseOperationPrompt  : @"Authenticate"
                                     }.mutableCopy;
    
        CFTypeRef dataTypeRef = NULL;
        OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)queryAttributes, &dataTypeRef);
    
        if(status == errSecSuccess)
        {
            NSData *data = (__bridge NSData*)(dataTypeRef);
        }
    
    
    
    }
    

    This function will retrieve Email id which you stored at the time of registration. You can compare it with entered email and Validate.

    you can go through this tutorial - if you want to understand it in detail.