How to Use Apple‘s Touch ID Fingerprint API in Your Mobile App

07/22/2014 / 0 Comments

Find out just how easy the secure two-factor authentication using your fingerprint is.
Download the SecSign ID app on your phone and test the login or contact us for more information



Recently, we added Apple’s Touch ID fingerprint validation as a biometric login in our SecSign ID app. SecSign ID allows users to securely log into web sites and applications without using passwords.

This alternative login process prevents all password theft and means that user accounts cannot be compromised by hacking, phishing, or malware.

To help other developers, we would like to share our experiences with the integration of Apple’s Touch ID API into Objective-C iPhone applications.

Requirements for Touch ID Fingerprint Integration:

  • XCode 6
  • iPhone 5s with iOS 8

This guide shows how to achieve three objectives:

1 Find out whether the device supports fingerprint validation and whether a fingerprint is enrolled.
2. Validate a fingerprint only.
3. Validate a fingerprint or the device’s passcode depending on the user’s choice.

The users can choose whether they want to authenticate either by fingerprint or passcode/PIN (see image below)
two_factor_authentication_touchID

1. How to determine if a user’s device supports fingerprint validation and whether a fingerprint is registered

First of all LocalAuthentication needs to be imported, which requires XCode 6:!

2. How to validate and verify a Touch ID fingerprint

Start the fingerprint validation. This call returns immediately and does not wait for the result. Hence a function has to be supplied which will be called once the fingerprint validation is finished. Additionally, a string can be supplied which the device will display in the fingerprint view explaining the reason for the fingerprint scan:

Please note: If the fingerprint view of iOS appears it will cause applicationWillResignActive of the application to be called. If you have some clean-up code there as we did then you may want to move it to applicationDidEnterBackground. applicationDidEnterBackground is only called if the application has really entered the background. This will happen if the user presses the home button but not just for a fingerprint scan.

 

3. Validate a fingerprint or the device´s passcode, depending on the user’s choice.

What happens if the fingerprint validation fails? The user expects a passcode entry, much like the passcode entry to unlock the iPhone. However, using the LocalAuthentication above, the device will show an error if fingerprint validation fails. Then there is no way to start a device passcode entry afterwards. Therefore, we need an alternative approach.

Starting with iOS 8, keychain entries may have a new access condition requiring a user presence check in order to read the keychain entry. This check is actually a fingerprint validation with device passcode entry as fallback. Hence, all we have to do is to store a dummy value in the keychain and try to read it whenever we want a fingerprint scan and/or device passcode validation.

Here is the code. The first part creates the keychain entry with the user presence check access condition. The code only has to be run once.

The second part of the code shall be called whenever a fingerprint scan or device passcode validation is needed.

You might want to add a statement somewhere which prevents the iOS 8 specific code from being called on older iOS version:

This is all there is to do.

See it in Action

We would love to hear your feedback. To see the code in action, please watch our YouTube demo video showcasing the world’s first Apple Touch ID web login. And you can visit our website to learn more about our current SecSign ID solution and download the current version of our app in the iTunes App Store.

If you would like to offer secure logins for your users, including Touch ID support and without using vulnerable, password-based logins, you can use the free SecSign ID API to integrate our mobile two-factor authentication with your app. And you can use our free SecSign ID plugins to integrate our secure login methodology with your website.

Leave a Reply

0 Comments

Want to join the discussion?
Feel free to contribute!

Your email address will not be published. Required fields are marked *

Latest Blog Posts, Updates & Features

Do NOT follow this link or you will be banned from the site!