Using Touch ID or Face ID without storing user biometrics

I apologize in advance if this topic does not fit Stackoverflow (I ask moderators to move it where appropriate). Thanks.

I was wondering how apps use Touch ID or Face ID to verify identity without storing the biometric data into their servers.

Authentication without Touch/Face ID (oversimplifying here)

1. User logs into their banking app.
2. Username and password sent to server to be verified.
3. Username and password is checked against information stored in bank server.
4. On valid username and password combination, a token is issued to be used for the current session.

After user allows the app to use their Touch/Face ID...

Authentication with Touch/Face ID

1. User logs into their banking app.
2. They verify with their Touch/Face ID

... what happens here? What is sent to the server to be verified?

I read that Biometric data is stored in a secure chip on the phone and this is not stored on any server.

For iOS, apart from the package for Touch/Face ID, we also need to work with keychain access. Why? What's stored here?

Thank you.

The typical flow is:

First login:

• User authenticates with username/password
• If authentication is successful they are asked if they want to use TouchID/FaceID
• If they do, the username and password are stored in the keychain, with a requirement of biometric authentication to access the data

On subsequent logins:

• App attempts to retrieve stored username/password triggering biometric authentication
• App uses stored username & password to authenticate to the server.