[SOLVED] fingerprint login on flutter

fingerprint login on flutter

Roughly, what i want is to delevop a login on flutter with firebase auth using only my fingerprint

what i was thinking is to:

request the fingerprint with local auth
generate some kind of id, token, or string based on the fingerprint ( or some keyword that acts like the document id) that leads to a document in a colection in firestore with the info of the users in the app (everything excepts the password, of course)
next sign in and show the main view in the app

the tough part is generating the id, because it obviously doesnt reach the exact fingerprint due to privacy/security reasons, and about the main idea i have no idea how to achieve it or achieve something near

this is the main flow i had in mind at this moment after struggling a bit:

request fingerprint:

If it fails, try again
If successful, continue

Request the keyword/id/string:

If it fails, try again. There should be an option to cancel the operation and return to the login view.
If successful, using the keyword, search for the document with the exact id
If found, then signin with the SinginWithCustomToken
If not found, then completely abort the operation and notify the user.

I had this thought on my head, and just wanted to settle it out, and also wanted to know if im thinking the right way or just overthinking it too much, or if is even a viable feature to focus on.

Solution

You can’t directly generate an ID or token from the fingerprint due to privacy restrictions. Instead, use the local_auth package to verify the user’s fingerprint locally on the device. After the user logs in once using a traditional method (like email/password), generate a Firebase custom token (via a server or Firebase Admin SDK) and save it securely on the device using flutter_secure_storage. For subsequent logins, when the fingerprint scan succeeds, retrieve this stored token and use Firebase’s signInWithCustomToken method to authenticate the user and access the app. This approach is practical, secure, and works well, though it requires an initial setup with a non-fingerprint login to associate the token with the user’s account.