Securing Login with Touch ID and Keychain

Securing Login with Touch ID and Keychain

  

I need help devising application security similar to what my local bank offers using Touch ID.

When I login to my local bank's app for the first time, I must authenticate with my credentials (username and password).  After I login (and only after I login), I am presented with an option to enable Touch ID (on iPhone).  

When you look more deeply at the workflow you discover that the app is taking the credentials I just entered and storing them in the Apple's secure Keychain.  After local authentication is confirmed, keychain access is granted to retrieve the saved credentials which are submitted to the server for authentication.  If the credentials are authenticated I am logged in.  If for whatever reason, my saved credentials are invalid, I am not granted access.  

In this example, Touch ID is used to save secure credentials -- but importantly -- the credentials are still authenticated to login.

How do we accomplish this method of securing an application using OutSystems?  The Touch ID plug-in appears to only confirm that a user has authenticated locally.  It does nothing to retrieve securely saved credentials for submission to the server.  

Have you taken a look at this plugin?

https://github.com/sjhoeksma/cordova-plugin-keychain-touch-id

I have but it doesn't just wrapping up that cordova plug-in doesn't address the problem of auto-logging in a user to the platform with the credentials stored in Keychain.

How do you pass credentials to the OutSystems authentication system?