Is there any guidance on how we might implement bi...
# support-questionsg
Garrett
01/09/2023, 11:12 PMIs there any guidance on how we might implement biometric auth for a thirdparty. In this case we're wanting to use google. We have the social signup working but are currently researching how we might add a biometric login with it.
r
rp
01/10/2023, 4:13 AMHey @Garrett
rp
01/10/2023, 4:13 AMI assume that you want to add this as a second factor?
rp
01/10/2023, 4:26 AMOr do you mean a flow where the android app implicitly takes the Google’s credentials after a successful biometric auth? Similar to how iPhones do for apple login?
g
Garrett
01/10/2023, 3:54 PMThe latter.
r
rp
01/10/2023, 3:54 PMThis would be something that needs to be done via a native SDK for android. Perhaps @nkshah2 can shed some light
g
Garrett
01/10/2023, 3:55 PMThank you!
Garrett
01/10/2023, 4:01 PMSome more detail that might be helpful: Our current plan is to build a native app that is basically just a native login screen and the rest of the app is a webview.
n
nkshah2
01/10/2023, 4:02 PMHi,
Google actually provides a sample app that explains how you would go about adding biometric login to your app and how you can hook it up with regular auth
https://developer.android.com/codelabs/biometric-login#0
nkshah2
01/10/2023, 4:02 PMTheir sample uses email password auth but the same steps should apple to social auth as well
r
rp
01/10/2023, 4:03 PMapply*
n
nkshah2
01/10/2023, 4:05 PMBefore you explore the example app, are you looking to just prompt the user for biometric and then take them through a separate flow for social login?
g
Garrett
01/10/2023, 4:06 PMI guess it's just not clear to me where the integration point is with supertokens.
Garrett
01/10/2023, 4:06 PMdo we pass something to thirdPartySignInAndUp()?
n
nkshah2
01/10/2023, 4:08 PMRight so for the native android SDK you would call the APIs exposed by SuperTokens manually and the android sdk would handle sessions and auto refreshing for you
nkshah2
01/10/2023, 4:09 PMFrom an integration point of view you would first complete sign in with google using the official package
nkshah2
01/10/2023, 4:09 PMAnd then use the id token that google returns and call the signInUp endpoint that SuperTokens provides
g
Garrett
01/10/2023, 4:15 PMGotcha - so to recap:
1. use Google's official package in the native app
2. Send the user through that flow
3. On success, take the id token google returns and pass it to the webview
4. now in the supertokens JS SDK, call thirdPartySignInAndUp() passing it the id token?
r
rp
01/10/2023, 4:15 PMYou don't need to pass it to the web view. You can just call the backened API from the android app directly with the id token and use our android SDK for session management
g
Garrett
01/10/2023, 4:16 PMand our app's webview using the JS SDK will all work as well?
r
rp
01/10/2023, 4:16 PMohh so if you are using the web view in your app already, then yea, you need to pass the id token to that
n
nkshah2
01/10/2023, 4:16 PMYou could pass it to the webview if you don’t have any logic on the native side that needs auth protection
nkshah2
01/10/2023, 4:17 PMIf you need auth protection on both native and web then I think there’s a way to have both use the same cookie store on android
r
rp
01/10/2023, 4:17 PMAnd then in the web view, you make an API call similar to how it's shown here: https://github.com/supertokens/supertokens-react-native/blob/master/examples/with-thirdpartyemailpassword/google.js#L53
g
Garrett
01/10/2023, 4:21 PMawesome - and that andriod link you sent me details how to store the id token from google - I think that covers all my questions.
Garrett
01/10/2023, 4:21 PMThanks to both of you!
r
rp
01/10/2023, 4:21 PMsounds good. Let us know if you get stuck anywhere 🙂