Getting Started With Touch ID on the iPhone

Apple's Touch ID, introduced with the iPhone 5, lets users unlock their iPhones and perform other tasks. Touch ID takes the place of passwords, which can be hard to remember, or pins, which are simplistic and compromising.

Originally, TouchID could be used only to unlock the phone, but, as of iOS 8 and the release of the iPhone 6 and 6 Plus, Apple opened up the SDK to allow developers to use TouchID on third-party apps. This provided a new and exciting set of possibilities for securing apps and making them easier to use. With the release of the iPhone 6s, Touch ID is even faster.

How does Touch ID work?

The capacitative ring around the home button takes a high-resolution photo of your fingerprint, converts it into a mathematical equivalent representation, and sends it to the device’s Keychain, Apple’s secure database, and the LocalAuthentication framework. It then tries to match the mathematical representation of your fingerprint with the data on the chip. If there is a match, a token is sent back; otherwise, a failure notification is sent back.

Benefits of Touch ID

Using your fingerprint to perform operations is faster and easier than using passwords. When it comes to accessing apps, biometrics such as fingerprints are also more secure, as fingerprints can't be compromised or guessed.

Apple’s finger-printing implementation is quite robust: It allows for 360-degree readability of one’s finger, and users can even register multiple fingers. As Touch ID becomes more widely used, you can expect to see an increasing number of apps that make use of Touch ID. Some popular apps currently available include Mint, 1Password and PayPal.

How to integrate Touch ID in your app

Architectural Overview

You prompt users to authenticate using the LocalAuthentication framework, which handles all of the complexities of verifying users, leaving a simple interface that doesn’t expose any personal information about the individual user.

The most important class within the LocalAuthentication framework is theLAContext class, which at this stage only evaluates one authentication policy--that the person authenticating is in fact the owner of the device he or she is using.

Possible Authentication Policy Errors

There are a variety of reasons why the authentication process might fail. At any rate, the system lets the developer know so that the developer can provide an appropriate response, or alternative method of authenticating as a fallback measure.

LAErrorTouchIDNotAvailable would return if the device doesn’t have a fingerprint sensor (for example, if it's an older iPhone or iPad). LAErrorTouchIDNotEnrolled error code would yield if the device has not registered for Touch ID and LAErrorPasscodeNotSet if the device has not set a passcode (which is a prerequisite for registering for Touch ID).

Authenticating Users

In whichever view controller or class you are going to authenticate your users, you start off by importing the appropriate framework:

import LocalAuthentication

We then create a method, which we will use to authenticate, such as:

func authenticateViaTouchID() {

    // Create an alert
    var alert = UIAlertController(title: "", message: "", preferredStyle: UIAlertControllerStyle.Alert)
    // Add the cancel button to the alert
    alert.addAction(UIAlertAction(title: "Cancel", style: UIAlertActionStyle.Cancel, handler: nil))


    // Create the Local Authentication Context
    var touchIDContext = LAContext()
    var touchIDError : NSError?
    var reasonString = "Please place your finger on the sensor so we can authenticate you"

    // Check if we can access local device authentication
    if touchIDContext.canEvaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, error:&touchIDError) {
        // Check what the authentication response was
        touchIDContext.evaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, localizedReason: reasonString, reply: {
            (success: Bool, error: NSError?) -> Void in
            // Check if we passed or failed
            if success {
                // User authenticated using Local Device Authentication Successfully!

            } else {
                // Unsuccessful
                // Set the title of the unsuccessful alert
                alert.title = "Unsuccessful!"

                // Set the message of the alert
                switch error!.code {
                case LAError.UserCancel.rawValue:
                    alert.message = "User Cancelled"
                case LAError.AuthenticationFailed.rawValue:
                    alert.message = "Authentication Failed"
                case LAError.PasscodeNotSet.rawValue:
                    alert.message = "Passcode Not Set"
                case LAError.SystemCancel.rawValue:
                    alert.message = "System Cancelled"
                case LAError.UserFallback.rawValue:
                    alert.message = "User chose to try a password"
                default:
                    alert.message = "Unable to Authenticate!"
                }

                // Show the alert
                self.presentViewController(alert, animated: false, completion:{
                    self.dismissViewControllerAnimated(false, completion: nil)
                })

            }
        })
    } else {
        //This is probably an older device, older than an iPhone 5s

    }

Conclusion

So once you’ve implemented the method above, you should get the familiar Touch ID screen:

It’s quite easy--not much to it really--but you need to ensure that you always have a fall-back option for users who either don’t have a suitable device or have not set up their device for Touch ID, which is certainly a legitimate option. In the future, we should expect Apple to add other forms of authentication policies, either to have different groups of Touch ID users (restricted access) or other forms of biometric authentication (perhaps via voice).

Doron Katz A keen passion for emerging technologies, practices and methodologies, Doron embraces the vision of lean development with continuous customer development. Consultant for various startups, as a Project and Product Manager, with a mobile engineering background in iOS, and over 10 years of professional web development experience.

Comments