One of my app has log-in feature with email & password and it's working fine as expected.
Now, what my client wants here email + TouchID (without password) need to login into the app.
so my first question is can I do that with both combinations of TouchID & email login?
I have used Touch id for a simple unlock of my app but never use an email with touchid any idea how can I do that?
I have search and lot many apps are doing the same but how?
from one blog I found that with the help of MDM I can configure this but I haven't used MDM (Mobile device management) so not sure about this.
Thanks in advance.
You can use kSecAccessControlTouchIDCurrentSet to store email into keychain at the time of registration. with this, the item you will be storing into keychain will be combination of Current TouchID + Email.
At the time of login, You can retrieve Email from Keychain using touchId and and compare it with entered email.
To Store email into keychain, use following code : (works on iOS 9 and above-- Will not work on iOS 8)
-(void)saveToKeyChain:(NSString*)email{
CFErrorRef error = NULL;
SecAccessControlRef scaObject = SecAccessControlCreateWithFlags(kCFAllocatorDefault,kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAccessControlTouchIDCurrentSet, &error);
NSDictionary *attributes = @{
(__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService :@"ToucIdWithEmailExample",
(__bridge id)kSecValueData :[email dataUsingEncoding:NSUTF8StringEncoding],
(__bridge id)kSecUseNoAuthenticationUI :@YES,
(__bridge id)kSecAttrAccessControl : (__bridge_transfer id)scaObject
};
OSStatus initialWriteStatus = SecItemAdd((__bridge CFDictionaryRef)attributes, nil);
}
kSecAccessControlTouchIDCurrentSet in above will take store Email with current authenticated touch.
To retrive keychain data, you can use following:
-(void)retriveKeyChainData{
NSDictionary *queryAttributes = @{
(__bridge id)kSecClass:(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService :@"ToucIdWithEmailExample",
(__bridge id)kSecReturnData : @YES,
(__bridge id)kSecUseOperationPrompt : @"Authenticate"
}.mutableCopy;
CFTypeRef dataTypeRef = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)queryAttributes, &dataTypeRef);
if(status == errSecSuccess)
{
NSData *data = (__bridge NSData*)(dataTypeRef);
}
}
This function will retrieve Email id which you stored at the time of registration. You can compare it with entered email and Validate.
you can go through this tutorial - if you want to understand it in detail.