Is there any guidance on how we might implement biometric au

Question

Is there any guidance on how we might implement biometric auth for a thirdparty In this case we re wanting to use google We have the social signup working but are currently researching how we might add a biometric login with it

rp · Answer

Hey < Garrett>

rp · Answer

I assume that you want to add this as a second factor

rp · Answer

Or do you mean a flow where the android app implicitly takes the Google s credentials after a successful biometric auth Similar to how iPhones do for apple login

Garrett · Answer

The latter

rp · Answer

This would be something that needs to be done via a native SDK for android Perhaps < nkshah2> can shed some light

Garrett · Answer

Thank you

Garrett · Answer

Some more detail that might be helpful Our current plan is to build a native app that is basically just a native login screen and the rest of the app is a webview

nkshah2 · Answer

Hi Google actually provides a sample app that explains how you would go about adding biometric login to your app and how you can hook it up with regular auth https developer android com codelabs biometric login 0

nkshah2 · Answer

Their sample uses email password auth but the same steps should apple to social auth as well

rp · Answer

apply

nkshah2 · Answer

Before you explore the example app are you looking to just prompt the user for biometric and then take them through a separate flow for social login

Garrett · Answer

I guess it s just not clear to me where the integration point is with supertokens

Garrett · Answer

do we pass something to thirdPartySignInAndUp

nkshah2 · Answer

Right so for the native android SDK you would call the APIs exposed by SuperTokens manually and the android sdk would handle sessions and auto refreshing for you

nkshah2 · Answer

From an integration point of view you would first complete sign in with google using the official package

nkshah2 · Answer

And then use the id token that google returns and call the signInUp endpoint that SuperTokens provides

Garrett · Answer

Gotcha so to recap 1 use Google s official package in the native app 2 Send the user through that flow 3 On success take the id token google returns and pass it to the webview 4 now in the supertokens JS SDK call thirdPartySignInAndUp passing it the id token

rp · Answer

You don t need to pass it to the web view You can just call the backened API from the android app directly with the id token and use our android SDK for session management

Garrett · Answer

and our app s webview using the JS SDK will all work as well

rp · Answer

ohh so if you are using the web view in your app already then yea you need to pass the id token to that

nkshah2 · Answer

You could pass it to the webview if you don t have any logic on the native side that needs auth protection

nkshah2 · Answer

If you need auth protection on both native and web then I think there s a way to have both use the same cookie store on android

rp · Answer

And then in the web view you make an API call similar to how it s shown here https github com supertokens supertokens react native blob master examples with thirdpartyemailpassword google js L53

Garrett · Answer

awesome and that andriod link you sent me details how to store the id token from google I think that covers all my questions

Garrett · Answer

Thanks to both of you

rp · Answer

sounds good Let us know if you get stuck anywhere