A way to overwrite data without prompt #108
Comments
|
Your flow is indeed correct, I am facing similar issue the duration between reading, refreshing & writing the new refresh token might be passed to but the scenario I mentioned above, I could not find a workaround for it! |
|
Thank you for your response. I have somehow missed Right now, as a workaround, we are storing token in secure storage and using biometric authentication only for authentication. It works, but the issue here is that biometric entrance does not add additional security layer, it serves simply as a quick login method |
|
i don't think this is possible.. because to write data you have to retrieve the encryption key which can only be done by authenticating the user.. The only way I could think of is doing your own encryption.. ie. storing an encryption key in biometric storage and keep it in memory for the whole duration of your app's lifecycle.. if you only need to overwrite it on app start (because i'd assume the refresh token is long-living anyway?) although it would probably be worth improving "unauthenticated" storage options.. for storage without biometric protection the plugin currently uses the defaults.. which on iOS means the device has to be unlocked in order to access the data, while on Android the default seems to allow access at all times.. |
I have implemented biometric authentication in my app by storing refresh token in biometric storage and met following case. As soon as my app starts, user is prompted to use fingerprint/faceID. Upon success, refresh token is retrieved and exchanged for access token via network request. The problem is that when access token is issued, new refresh token is issued as well and old token is not valid anymore so I have to rewrite it. But if I call write method another biometric prompt shows up which is unacceptable.
So is there a way to overwrite data without prompt or is my flow incorrect?
The text was updated successfully, but these errors were encountered: