How to integrate touchid fingerprint sensor function in ios8


In September 2013, apple equipped a series of hardware upgrades for the latest iPhone products released at that time. Among the iPhone 5S, the most innovative mechanism is undoubtedly the ultra-thin metal ring designed around the home button, that is, the fingerprint sensor called touch ID. Developers then began to take their API as a breakthrough, hoping to introduce this latest function into their own applications. Now a year has passed, and the new framework provided by IOS 8 makes it easier for developers to use this fingerprint sensing device.

This set of local authentication framework can easily realize user authentication. You can use it to complete the login mechanism of the application or protect the sensitive data in the application. In today’s tutorial, we will learn how to apply the whole set of options to our design results, what data we can get from the device, and guide you step by step to build a sample application.

To complete this tutorial, you need to install Xcode 6 to create a new project. In addition, you also need a device equipped with touch ID to test the sample application you have created.

1. Touch ID

Touch ID refers to the fingerprint sensing device installed in the iPhone 5S home button. Its appearance aims to help users complete the identification process more easily, so as to encourage users to use protection mechanisms as much as possible. You can configure up to five kinds of fingerprint identification information on each device. So far, touch ID has been used to unlock the device and complete the purchase in iTunes Store, app store and iBooks store. Before further exploring how to introduce it into your own applications, we first need to understand the sensor itself.

The touch ID sensor can scan the user’s fingerprint at a resolution of 500 pixels per inch and classify the fingerprint pattern into one of three types: arch, vortex and ring. The design of this sensor fully considers the convenience requirements. You can scan your fingers from any angle, and the current scanning results can correctly match the original fingerprint records in any direction.

Apple claims that for any given fingerprint pattern and touch ID, the probability of identification error is only one in 50000, which is significantly better than the original four digit PIN code mechanism – after all, its content can only provide 10000 possible combinations between 0001 and 9999. However, what Apple doesn’t clearly point out is that in some cases, we may not be able to use our own fingerprints to successfully unlock the operation, such as when the finger texture folds change after swimming.

If you plan to use touch ID, the most important thing is to first consider the use scenarios where users may not be able to verify with their fingers. Since Apple no longer allows us to use the pin code verification mechanism in the device, if the touch ID does not work normally, you’d better establish an additional password matching scheme in the application.

2. Safety precautions

The biggest problem caused by command sensors is that users’ privacy will be fundamentally violated. If everyone’s password content is leaked, you can save it in time through modification. Malicious people can’t continue to use it to access users’ sensitive data at all. However, if everyone’s fingerprint information or Apple’s fingerprint content algorithm is leaked, we obviously can’t change it quickly.

The local authentication framework is responsible for handling all user authentication tasks. When combined with touch ID, the most important thing is to ensure that the framework does not disclose any user related details and that no data is transmitted from the device. However, developers can use this framework to check whether specific users are allowed to use the corresponding application.

If you are already familiar with OAuth specification, you will find that the two authentication processing methods are actually quite similar. We require the third party to audit the user’s identity. If we fully trust the third party, we can directly provide the authentication certificate to the user according to its feedback.

3. LAContext

The core of the local authentication framework is the lacontext class. Developers can use lacontext instances to evaluate security policies. As of the time of this article, this is also the only management strategy available. It uses the touch ID sensor to check whether the user’s identity is the owner of the device. Other security management strategies may be launched in the future. For example, Apple may introduce a class of unauthorized roles that only allow them to access specific resources.

If the framework cannot complete the verification, an error message will be provided. There are several possible reasons why the verification of the equipment cannot be completed:

Laerrortouchidnotavailable the device itself does not have a fingerprint sensing device. Laerrorpasscodenotset # there is no password setting information on the device, that is, the touch ID function is disabled. Laerrortouchidnotenrolled has set a password mechanism, but no fingerprint content has been saved in the device configuration.

If you encounter an error message containing the above error code, you need to use other methods to complete the user authentication. In this case, you can no longer rely solely on touch ID to complete the protection work.

Let’s create a sample application to learn how to use the local authentication framework.

4. Project setting

First step

Open Xcode and select new > Project… From the file menu. Next, select single view application in the IOS application template list and click next.

Step two

Enter a name for our project. I call my application auth. Next, enter the organization name, company ID, and class prefix. Select iPhone in the devices list, then click next, and then select a file saving location for the project.

Step 3

Click viewcontroller H and define a new operation, authenticatebuttontapplied, which will trigger the whole verification process. The interface appearance of the viewcontroller class should be as follows:

#import <UIKit/UIKit.h> @interface ViewController : UIViewController - (IBAction)authenticateButtonTapped:(id)sender; @end

Step 4

Open main Storyboard and drag a button to the view of the controller. Change the label of the button so that it reads authneticate.

Step 5

Right click the button to display the connections inspector. Click the plus sign to the left of the touch up inside event and select the view controller to hold the button. At this time, a new menu will be displayed on the screen. You need to select the operations we have set up before.

5. The first step of user authentication

Open viewcontroller M to activate the authenticatebuttontapplied method. Add the following import statement for the local authentication framework at the beginning of the file.

#import <LocalAuthentication/LocalAuthentication.h>

Step two

In the authenticatebuttontapplied method, we create a set of background information and detect whether the background can evaluate the lapolicydeviceownerauthenticationwithbiometrics policy. If it is different, an error message will be displayed.

- (IBAction)authenticateButtonTapped:(id)sender {     LAContext *context = [[LAContext alloc] init];      NSError *error = nil;      if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) {          // Authenticate User      } else {          UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error"                                                         message:@"Your device cannot authenticate using TouchID." delegate:nil cancelButtonTitle:@"Ok" otherButtonTitles:nil];         [alert show];     } }

Step 3

If the lacontext object can be authenticated with touch ID, then we can audit the user identity. If there is no error message, we can judge whether the current user belongs to the device holder. Finally, the authenticatebuttontapped method is implemented through the following code.

- (void)authenicateButtonTapped:(id)sender {    LAContext *context = [[LAContext alloc] init];    NSError *error = nil;    if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) {        [context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics                localizedReason:@"Are you the device owner?"                          reply:^(BOOL success, NSError *error) {            if (error) {                UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" message:@"There was a problem verifying your identity." delegate:nil                                                      cancelButtonTitle:@"Ok"                                                      otherButtonTitles:nil];                [alert show];                return;            }            if (success) {                UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Success"                                                                message:@"You are the device owner!" delegate:nil cancelButtonTitle:@"Ok" otherButtonTitles:nil];                [alert show];            } else {                UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" message:@"You are not the device owner." delegate:nilcancelButtonTitle:@"Ok" otherButtonTitles:nil];                [alert show];            }        }];    } else {        UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error"                                                        message:@"Your device cannot authenticate using TouchID."                                                       delegate:nil                                              cancelButtonTitle:@"Ok"                                              otherButtonTitles:nil];        [alert show];    } }

6. Build and run

Next, we need to build and run this application on the physical device equipped with fingerprint sensor, and authenticate by touching the home button. As long as your device can effectively support the touch ID function, the authentication mechanism in the application should be passed correctly. When you put your finger on the sensor, the application can correctly identify whether the user belongs to the legal holder of the device.


In today’s tutorial, we learned that IOS 8 has recently added the local authentication framework. By checking the user’s identity, lacontext class allows users to complete the identification work on the premise that they cannot directly provide any sensitive data to the application itself.

English original link:iOS 8: Integrating Touch ID