I want to add biometric user sign in to my flutter app. Currently I have implemented the email/password type firebase authentication in the app. Along with that, I would like to add the biometric sign in functionality so that the user can access the mobile app without re-entering the username and password everytime.
I have found some articles regarding the biometrics in mobile apps. Some of them suggested to store the user credentials using flutter_secure_storage pub package and register the biometrics using local_auth package. Whenever there is successful biometric verification, the credentials are used from the secure storage and the user gets signed in using firebase_auth method. However, there are people who oppose this solution regarding storing the credentials on the client device.
Another solution was to use JWT token somehow for the signing in of the user after biometric verification. But I unable to understand the concept of JWT token in firebase and how to use them. Btw the users I'm talking about are already registered in my firebase authentication before they can enable the biometrics.
I'm looking to solve the issue of reentering the credentials every time on app login and implement biometric sign in instead. I want to know if there is anyway of implementing the biometric user sign in without storing the user credential on the client device as it can pose a security risk in case of data breach on client's device. I would be happy to know your suggestions/ any other ideas.
To get the token of the firebase current user you need to call getIdToken From but as for solution to your issue is to use the
local_authonly for checking if the user is the owner of the phone, then if it is then you just need to refresh the firebase token and make auto authentication since the firebase session are long live, check this answer for how to refresh the token.