Save/restore user credentials to/from keychain #186
Comments
|
This would be a crucial feature. Without the ability to either store/encrypt data or obtain a secret token, the biometric authentication guard is just a visual gimmick, as it could be bypassed trivially, especially for web-based apps with Cordova. In particular, consider the following scenario: We want to authenticate against an external API, and to make the user's life easier let them authenticate by fingerprint. This means we need to remember user credentials, but only want to use them whenever the user proved their presence by fingerprint. In order to prevent unauthorized access, those credentials need to be encrypted while not in use, which is impossible in a secure way since we cannot obtain a secret key from within the app itself (as an attacker could access the same too). Hence we need to rely on external support for encryption, or at least providing secrets (such as a fingerprint id). As far as I understand, the main blocker is that the iOS plugin backing this one doesn't expose such functionality. It might be worth considering using a different/additional one which does, like cordova-plugin-keychain-touch-id. |
|
@exxbrain Does it make sense to look at this issue now with your library supporting it? See #179 (comment) I personally don't need this feature and don't have the expertise to do it, so someone needing would need to implement this. |
|
This would definitely be an awesome implementation, considering https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id is super outdated. |
…redentials (#236) Major rewrite with new features Co-authored-by: Denis Zakharov <d.zakharov@bssys.com> Co-authored-by: Lionel Brouchet <lionel.brouchet@86400.com.au>
Feature Request
during #149 discussion
Feature Description
That's would be awesome possibility to store encoded user credentials to keychain and restore it.
Same issue here, that would be great to save/retrieve user credential from keychain for few reasons. Firstly first because there's many apps (including mine) where password uses not for auth only, but for encrypting users data (cryptowallets, keychains apps, etc), so in this case your plugin does just a half-deal, another half i should do by myself, encrypting user pass and store it somewhere, this's not so hardcode in there, but would be the awesome feature. Secondly, for security reasons, e.g. changing password when you should confirm old password by urself, or use the fingerprint with keychain to aprrove
Hey, it's me, here my old passwordbut not onlyIt's my biometrics here, another case is banking-app where all sort of user actions should be approved by predefined user pin.The text was updated successfully, but these errors were encountered: