ios-swift
/

iOS Authentication – Biometrics and Secure Identity

Last Sync: Today

On this page

5
0%
5 min read
Remaining
5 minleft

Click any section to jump — progress syncs automatically

ios-swift

iOS Authentication – Biometrics and Secure Identity

The iOS Security Frameworks

iOS provides two primary frameworks for authentication. LocalAuthentication is used for on-device biometric checks (FaceID/TouchID). AuthenticationServices is used for federated identity providers, specifically 'Sign in with Apple.' As an Architect, you should aim to provide a 'Passwordless' experience to reduce friction while maintaining enterprise-grade security.

  1. Biometric Authentication (FaceID/TouchID)

Using the LocalAuthentication framework, you can request the system to verify the user's identity. The actual biometric data never leaves the device; the 'Secure Enclave' simply returns a boolean success or failure. You must add the NSFaceIDUsageDescription key to your Info.plist to use this feature.

SWIFTRead-only
1
import LocalAuthentication

func authenticateUser() {
    let context = LAContext()
    var error: NSError?

    // Check if biometrics are available on this device
    if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
        let reason = "Authenticate to access your Revochamp projects."

        context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) { success, authenticationError in
            DispatchQueue.main.async {
                if success {
                    print("Access Granted")
                } else {
                    print("Authentication Failed")
                }
            }
        }
    }
}

  1. Sign in with Apple

If your app offers any third-party login (like Google or Facebook), Apple requires you to also offer Sign in with Apple. It provides a consistent UI and allows users to hide their real email address, sharing a unique, relay address with your Python backend instead.

  1. The Keychain for Token Storage

Once a user is authenticated, you should never store their session tokens in UserDefaults. Instead, use the Keychain Services. The Keychain is an encrypted database specifically designed for small bits of sensitive data like passwords, keys, and tokens. It persists even if the app is deleted and reinstalled.

Authentication Comparison

FeatureLocalAuthentication (Biometric)Sign in with Apple (Identity)
PurposeQuick unlock / re-authAccount creation / Login
Data PrivacyStored in Secure EnclaveManaged by Apple ID
Network RequiredNo (Offline)Yes (Online)
SetupInfo.plist descriptionCapability in Xcode
Flutter BridgeVia local_auth pluginVia sign_in_with_apple plugin

Test Your Knowledge

Q1
of 3

Which framework is used for FaceID and TouchID authentication in Swift?

A
SecurityServices
B
LocalAuthentication
C
BiometricKit
D
IdentityUI
Q2
of 3

Where should sensitive tokens and passwords be stored on an iOS device?

A
UserDefaults
B
Info.plist
C
Keychain
D
CoreData
Q3
of 3

Which Info.plist key is required to use FaceID?

A
NSCameraUsageDescription
B
NSFaceIDUsageDescription
C
NSBiometricUsageDescription
D
NSIdentityUsageDescription

Frequently Asked Questions

What is the Secure Enclave?

It is a dedicated hardware-based security processor isolated from the main processor. It handles all biometric data and cryptographic keys, ensuring that even if the main OS kernel is compromised, your sensitive auth data remains safe.

Can I use FaceID if the user has disabled it?

No. If biometrics are unavailable or the user denies permission, you should provide a fallback, such as the device passcode or a standard username/password login.

Does 'Sign in with Apple' work on Android?

Yes. Apple provides a JS-based version for web and Android, which you can integrate into the non-iOS versions of your Revochamp app for a unified cross-platform account system.

Previous

ios permissions

Next

ios testing

Related Content

Need help?

Explore our comprehensive docs or start a chat with our tech experts.