Sign in with fingerprint in oauth 2.0

Question

I have a REST api secured with an OAuth 2.0 authentication model. Now I have a client that would like to develop a mobile application (Android) that will use this API. This applicaiton will use the built in fingerprint scanner inn Android for login. Do anyone have any suggestions for how this application should do the authentication against my OAuth 2.0 service? When we have created mobile applications before, we have used the standard Oauth login where the application opens the default browser and logs in using the standard Oauth login process, but what to do if the user should be able to login using fingerprint?

Answer 1

We solved this using regular Oauth and a refresh token. We log in to the applications once using the default oauth flow, and then we store the refresh token, but the user have to authenticate using fingerprint to be able to fetch the refresh token and then the application will exchange the refresh token for an access token.

Answer 2

How about using auth0 services for server side and client side?

1. Implement biometric authentication at client side (install android sdk) for sending auth state to the server side
2. Implement logic at server side for receiving auth state from the client and use that state to authenticate users with your OAuth solution uses non interactive client

Or you can use only the auth0 services to achieve what you want