Before implementing, I like to have an idea.Here is how i think it works, The first time user logs in into my app with username and password I save both the user and pass in my app. Second time, user willing to enter the app I give him option to use fingerprint inster of entering usename + password. If he uses fingerprint, I validate it and if validation is successful I use the saved username and password to call the login api. Is this way of thinking, and flow right?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
To login with fingerprint API, you have to :
- Generate a asymmetric key on android
- send public key to your server
- prompt user to touch fingerprint
- if android authenticate user then you have a CryptoObject with your private key
- sign a payload (for instance user id and a random) and send it to server
- On server check payload signature with public key
http://android-developers.blogspot.fr/2015/10/new-in-android-samples-authenticating.html