I have a REST api secured with an OAuth 2.0 authentication model. Now I have a client that would like to develop a mobile application (Android) that will use this API. This applicaiton will use the built in fingerprint scanner inn Android for login. Do anyone have any suggestions for how this application should do the authentication against my OAuth 2.0 service? When we have created mobile applications before, we have used the standard Oauth login where the application opens the default browser and logs in using the standard Oauth login process, but what to do if the user should be able to login using fingerprint?
We solved this using regular Oauth and a refresh token. We log in to the applications once using the default oauth flow, and then we store the refresh token, but the user have to authenticate using fingerprint to be able to fetch the refresh token and then the application will exchange the refresh token for an access token.
How about using auth0 services for server side and client side?
Or you can use only the auth0 services to achieve what you want
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With