Set up Touch ID support for JSONStore

Developers can use Touch ID to store passwords in a protected keychain on iOS that can be unlocked only with the user's fingerprint. This feature can be used to store a password used to decrypt a user's JSONStore. The first time a user opens a JSONStore instance, a random password is generated and stored in the keychain. This password is used to encrypt the JSONStore. The second time a user opens a JSONStore instance, the password can be fetched from the keychain, which is retrieved with Touch ID authentication.

We must compile the iOS project against the iOS 8 SDK or above for Touch ID support. As a result, use XCode 6 or above.

We can download the sample application at Touch_ID_for_JSONStore.zip. The following list of files are included:

• KeychainSecurityUtilities.h: Native header file for JSONStore specific Touch ID methods. See this file for method documentation.

• KeychainSecurityUtilities.m: Native implementation file for JSONStore specific Touch ID methods.

• KeychainSecurityUtilitiesPlugin.h: Native header file for the Cordova plug-in.

• KeychainSecurityUtilitiesPlugin.m: Native implementation file for the Cordova plug-in.

• JSONStoreTouchIdPlugin.js: JavaScript wrapper file for Cordova hybrid calls that connecting JavaScript to the native Cordova plug-in.

• main.js: Example use of the hybrid API calls.

1. For Touch ID to work, we must link against the Apple-provided Local.Authentication.framework. Add the framework under Project Settings > Build Phases > Link Binary with Libraries.

2. For native, copy the KeychainSecurityUtilities.h and KeychainSecurityUtilities.m files to the native project's classes folder. If the project is a hybrid project, copy the KeychainSecurityUtilitiesPlugin.h and KeychainSecurityUtilitiesPlugin.m files too.

3. Optional: For hybrid, add the JavaScript interface for the Cordova plug-in (JSONStoreTouchIdPlugin.js) in the www/default/js/ folder. For more information about how to use the Cordova plug-in in a MobileFirst hybrid application, see the main.js file.

4. Optional: Add the following feature tag to the application's config.xml file to add the KeychainSecurityUtilitiesPlugin to the available plug-ins at run time.

   <feature name="KeychainSecurityUtilitiesPlugin">
     <param name="ios-package" value="KeychainSecurityUtilitiesPlugin" />
   </feature>

Results

When we run the sample application the first time, the application does not prompt for Touch ID because an existing password is not in the keychain. Internally, a random password is generated and stored in the keychain. Data is added and retrieved without a Touch ID prompt. On subsequent runs, Touch ID authentication is prompted because the password is available in the keychain. After the JSONStore instance is unlocked, the password is retrieved and used as the password to decrypt the user's JSONStore.

Parent topic: JSONStore security