The magic behind Apple Biometrics
How to make the brave new world of fingerprint and facial recognition work in your App Development
by Carlos Machado Marcos, iOS Team Lead, Sage
As iPhone users we have all used Biometrics at some point: to login, to confirm a bank transfer, to access passwords, etc.
It is an extremely fast and painless process: just put your finger on the button or even faster, the camera recognizes your face. But how does this really work? How does Apple transform an extremely complex and secure process into a seemingly easy and completely transparent feature for the user?
It is very easy. All the recognition logic is managed by iOS. The user just has to record their fingerprint or their face once, and voila — iOS takes care of the rest.
In this article, I am going to explain how to implement a couple of biometric use cases that will help you to block some parts of your app, to make faster sign-in processes, to share passwords between your app and your Safari web page, and manage your stored passwords.
True/False Logic Door
A logic door is a mechanism that responds YES or NO. Depending on the response, the user will be able to continue with the process they are hoping to complete, or will be blocked/disallowed to act.
In this case, the door opens when biometrics recognition is successful. To add this door, the app developer just must add this snippet of code:
This code just launches a question for the user, for example: “hey, is that you?”. If recognition is valid, the user can continue, if not, is rejected.
This is frequently used when you want to block access to somewhere, for instance to a note in the Notes App or block access to an app itself.
For example — it is used by Auth0 SDK to restrict access to the OAuth credentials that are stored in the local keychain.
Autofill
How many times must we input our credentials? How many times do we forget them? And how many times do we use the same password everywhere? The answer is LOTS
The solution to this is Password Autofill which was release in iOS11 and improved in iOS12.
With Password Autofill, all the credentials are stored in the local keychain.
And they are accessible with biometrics authentication or by manually tapping the same code you use to unblock the device.
Managed by iOS; you do not have to worry about anything. Furthermore, the keychain is shared using CloudID (if the user has previously enabled), so, it will work in Safari App too.
How to use it?
It is also amazingly easy to implement but requires a little more work.
Enable Autofill Password through the Settings app on your device.
Settings -> Password & Accounts
Add the Capability “Associated Domains” in XCode. In that way, your app and your website will be associated.
webcredentials: yourdomain.com
Add Apple App Site Association file to your website with the name apple-app-site-association in the well-known directory or just in the root directory.
The content of this file should be a JSON file with the bundle of your app.
Create a simple login form in your app with 2 text fields, one for the username and another one for the password and assign these content types:
userTextfield.textContentType = .username
passwordTextfield.textContentType = .password
And that is it! As long as you have implemented this correctly, you should be able to see this both in your app, and in Safari.
Bonus track:
This feature also includes:
· Recommendation for strong passwords.
· It offers the option to store the password if the user wants to.
· It offers the option of update the password if the user changes it.
· It also works for another field like email, postcode job title, address, country, phone, etc. There is a total of 27 different content types.
Conclusion
As the technology evolves Face ID and Touch ID are ever more secure and familiar authentication methods that people trust. If a user has enabled biometric authentication, you can assume they understand how it works, appreciate its convenience, and prefer to use it whenever possible.
