I am trying to prevent a user from needing to constantly log in after the idle timeout period in a mobile app, but messing with the idle timeout in service studio will affect our reactive web applications.
Facebook and every other mobile app requires a single login that persists until the user logs out or changes their password, but there does not seem to be a good way to do this with Outsystems. The ability to do this without modifying our reactive web applications would be ideal, but we can also settle for fingerprint identification.
However, fingerprint identification also does not work because none of the Outsystems forge components return client credentials, only whether the fingerprint is valid. I found a forum post from 4-5 years ago but nobody gave any good answers: https://www.outsystems.com/forums/discussion/23059/securing-login-with-touch-id-and-keychain/
How would you make a mobile app that doesn't make the user constantly log in without affecting reactive web apps or, alternatively, let them log in with their fingerprint like with banking apps?
Edit: I see that the KeyStorePlugin from forge may work, but is this secure enough to hard code a key? We need to be HIPAA compliant, and hard coding keys seems like a big no-no.
Hi Matthew,
Isn't it not the case that whether the settings are shared for mobile and reactive, depends on the SSO setting per app type? Only when The setting Single sign-on between app types (SSO) is turned on (default) settings are shared. Can you not consider turning this setting off?
https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Configure_App_Authentication
Regards,
Daniel