Reputation: 343
FingerPrint authentication with Firebase
I want to develop an app that uses fingerprint authentication with firebase (Android and IOS) what I want is the authentication to take place on the firebase Database not on the phone it self(so the user's fingerprint Id must be stored in firebase) is there anyway to do it ? the fingerprint scanner does generate a unique ID for scanned fingers ?if yes can you provide me with Java code to it? Thank you
Upvotes: 6
Views: 13505
Answers (4)
Reputation: 448
I know this is a really old question, but it still has relevance today. As such I did a little research on this exact thing as I too would like to offer biometric sign-ons. I think that you'll need to wire up the Web Authentication API to work in tandem with Firebase Authentication on your server.
Brainstorming the flow of such an integration
So, what I imagine this looks like is you have a user sign up or sign in, and much like other applications you allow them to select "Sign in using biometrics" and when they have that flag turned on, after successful authentication with their normal Firebase credentials, then you can have them do a biometric verification.
After successful biometric verification you would then store the public key (the device they used now containing the private key and other details) and then also store whatever ID gets generated and store that in your database.
Next time they want to sign in allow them to use biometrics (using public key, user ID, etc.) and after successful biometric verification you then communicate with the server one more time and use the Google Firebase Admin tooling to force the generation of an auth token. See link to documentation below.
All you need with this is the corresponding "UID" of the firebase user, which ideally will have been stored with the generated ID of the biometric key-pair, then respond to your application with that generated token:
Force the generation of a token with a uid:
Then in the client use the generated token coupled with the signInWithCustomToken(...) method to finish signing in:
Upvotes: 1
Reputation: 7636
The Web Authentication API (also known as WebAuthn) is a new web specification written by the W3C in 2019.
It allows for passwordless authentication using biometrics (FaceID, fingerprints, Windows Hello, etc).
It is probably not a perfect solution for you as it does not necessarily fit into a Firebase world exactly, but with some custom backend code you can probably get it to work.
Upvotes: 2
Reputation: 970
- Fingerprint data of any kind must not be backed up to any other source, including the cloud or your computer or any application
- Fingerprint authentication must be used by the process that requested it (no sharing of any fingerprint data, even just the yes or no answer to see if it was correct)
TEE stands for Trusted Execution Environment
Source: Android Central (https://www.androidcentral.com/how-does-android-save-your-fingerprints)
Upvotes: 1
Reputation: 343
the fingerprint image nor its features are accessible by the API. From android website:
Thus, raw images and processed fingerprint features must not be passed in untrusted memory. All such biometric data needs to be secured within sensor hardware or trusted memory. (Memory inside the TEE is considered as trusted memory; memory outside the TEE is considered untrusted.)
Upvotes: 3
Related Questions
- React Native fingerprint authentication for android and ios both
- How to use android biometrics with firebase email authentication?
- Android Biomectrics fingerprint scanner for user search
- Sign in with fingerprint in oauth 2.0
- Authenticate by Device with Firebase
- React Native fingerprint authentication in Android
- iOS/Android finger print - authentication server side
- Finger print authentication
- Android Authentication with FingerPrint
- Android Fingerprint authentication