Using Touch ID with Keychain and LocalAuthentication

Todd Fabacher tfabacher at gmail.com
Thu Aug 17 09:35:28 EDT 2017


Hello Mark or Monte or any knowledgeable soul,


We are working with the United Nations to create their first LMS mobile
App. The problem is they are security freaks. It took their hackers about 4
hours to send me screen shots of the encryption key I scripted in LiveCode
and compiled for iOS. Normally we don't put code like this in our apps, but
they are insisting to use the LocalAuthentication with the TouchID to
unlock the App.

LocalAuthentication, does not actually store any values, it just validates
that the fingerprint matches. The MergeExt mergLA
http://mergext.com/home/mergla/ does the trick - well done.

The problem is how do I store a unique key to retrieve the UN/PW on the
server or even just store the values on the local device? I can use
encryption, they can read the key from code and have said it is NOT an
option. So, my good friends at the UN have suggested that I use the iOS
Keychain functionality.

They have provided a sample of what Apple is doing and suggest that
LiveCode be able to do the same. Is there any way to utilize the Keychain
functionality on the device?

WDC session video and presentation: You will need Safri to watch the video:
https://developer.apple.com/videos/play/wwdc2014/711/

Here is their Code:
https://developer.apple.com/library/content/samplecode/KeychainTouchID/Introduction/Intro.html#//apple_ref/doc/uid/TP40014530-Intro-DontLinkElementID_2

So my goal is to store a token or UN/PW in the iOS Keychain to pull it out
using LocalAuthentication. I think many of LC app developers must be facing
the same problem.

--Todd



More information about the Use-livecode mailing list