I'm able to validate a user Touch ID successfully. However, what's the safest way to retrieve the user login and password to perform login once the touch ID authentication is successful.
For iTunes connect app, once the touch ID login is successful, seems like it will retrieve the password locally and fill it in the password UITextField. I'm guessing it's using keychain.
However is it safe to store user credentials on the iPhone itself? Are there any other methods?
You want to store the login information in the keychain, but you need to make sure that the accessibility parameter is set to kSecAttrAccessibleWhenUnlocked or kSecAttrAccessibleWhenUnlockedThisDeviceOnly (kSecAttrAccessibleWhenUnlockedThisDeviceOnly is a bit safer since the password will not leave the device, say when the device is backed up to your laptop.)
NSMutableDictionary *query = [NSMutableDictionary dictionary];
[query setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
[query setObject:account forKey:(id)kSecAttrAccount];
[query setObject:(id)kSecAttrAccessibleWhenUnlocked forKey:(id)kSecAttrAccessible];
[query setObject:[inputString dataUsingEncoding:NSUTF8StringEncoding] forKey:(id)kSecValueData];
OSStatus error = SecItemAdd((CFDictionaryRef)query, NULL);
(Code is from http://software-security.sans.org/blog/2011/01/05/using-keychain-to-store-passwords-ios-iphone-ipad/