问题
Before implementing, I like to have an idea.Here is how i think it works, The first time user logs in into my app with username and password I save both the user and pass in my app. Second time, user willing to enter the app I give him option to use fingerprint inster of entering usename + password. If he uses fingerprint, I validate it and if validation is successful I use the saved username and password to call the login api. Is this way of thinking, and flow right?
回答1:
To login with fingerprint API, you have to :
- Generate a asymmetric key on android
- send public key to your server
- prompt user to touch fingerprint
- if android authenticate user then you have a CryptoObject with your private key
- sign a payload (for instance user id and a random) and send it to server
- On server check payload signature with public key
http://android-developers.blogspot.fr/2015/10/new-in-android-samples-authenticating.html
来源:https://stackoverflow.com/questions/40552412/how-does-fingerprint-authentication-work-in-mobile