在OAuth 2.0中使用指纹登录 [英] Sign in with fingerprint in oauth 2.0

问题描述

我有一个由OAuth 2.0身份验证模型保护的REST api.现在，我有一个客户想要开发将使用此API的移动应用程序(Android).该应用程序将使用Android内置的指纹扫描仪进行登录.对于该应用程序应如何针对我的OAuth 2.0服务进行身份验证，是否有人有任何建议?以前创建移动应用程序时，我们使用了标准的Oauth登录，该应用程序打开默认浏览器并使用标准的Oauth登录过程登录，但是如果用户应该能够使用指纹登录怎么办?

I have a REST api secured with an OAuth 2.0 authentication model. Now I have a client that would like to develop a mobile application (Android) that will use this API. This applicaiton will use the built in fingerprint scanner inn Android for login. Do anyone have any suggestions for how this application should do the authentication against my OAuth 2.0 service? When we have created mobile applications before, we have used the standard Oauth login where the application opens the default browser and logs in using the standard Oauth login process, but what to do if the user should be able to login using fingerprint?

推荐答案

我们使用常规的Oauth和刷新令牌解决了此问题.我们使用默认的oauth流程登录到应用程序一次，然后存储刷新令牌，但是用户必须使用指纹进行身份验证才能获取刷新令牌，然后应用程序将刷新令牌替换为访问令牌.

We solved this using regular Oauth and a refresh token. We log in to the applications once using the default oauth flow, and then we store the refresh token, but the user have to authenticate using fingerprint to be able to fetch the refresh token and then the application will exchange the refresh token for an access token.

这篇关于在OAuth 2.0中使用指纹登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！