Use secret key of Expo Local Authentication to encrypt username and password

I am looking forward to implementing biometric fingerprint and face id in my app. I searched throughout the web, but couldn’t find any package for biometric except expo local authentication.
I implemented it in my project, however, I am not sure how flow of biometric authentication works, but I want to use the secret key generated by expo-local-authentication to encrypt username and password and store encrypted data in async storage for subsequent login of the user.

How do I implemented this? Any help is appreciated, thank you in advance.

Hey @basirpayenda ,

tl;dr - I use LocalAuthentication to offer an alternative to the typical username/password+login button flow, and SecureStore to empower those biometric options. I would strongly recommend against homegrown key generation/management (or for that matter, any credentials for your users, but I won’t push my convictions here). Once a user has successfully logged into the app, those credentials are stored in the secure layer of the device; going forward they are able to (upon biometric enrollment) use FaceID/Fingerprint/Biometry to log in instead

I’ve only managed this in one app thus far, but at a high level, the approach looks like:

  • check for biometric hardware on the device - hasHardwareAsync()
  • If present, check for the types of biometry available - supportedAuthenticationTypesAsync()
  • Finally, (device has appropriate hardware and at least one method found) check for enrollment (i.e. a saved face/fingerprint/pin/etc.) - isEnrolledAsync()

That last method *may be getting deprecated; on an unrelated search for an issue I’m having I came across this thread.

That said, a quick drive-by of what LocalAuthentication is used for might help you along. I use the above flow to see if I should enable a button for biometric login (otherwise, that would be a disappointing user experience for someone who doesn’t have those features, right?)

LocalAuthentication simply handles the bridge between your app and the native biometry on the device, so once a user kicks off that process (button press, automatically on opening your app, however you have it set up), it makes use of authenticateAsync which looks to handle the attempted biometry test (i.e. face unlock, finger press) and passes back the result (success/failure)

Hopefully this helps!