Biometrics to access the Token Store

## Biometrics to access the Token Store

### Problem

Mobile devices are more likely to be lost, stolen, or used by unauthorized persons. To strengthen the security of an app and protect it from unauthorized access. One way is to lower the session expiration time. Which causes the user to go through the login process more often.

### Solution

Instead, we can use biometric authentication for accessing the token store in our application.

Use Fingerprint / Face authentication HIDL for Android to access the token store. The id, refresh, and access token would then be encrypted before storing them.

This would introduce an open / locked state on the token store. When opening the app, the user would have to unlock the store with biometrics. Then the tokens can be decrypted and cached in memory until the app is closed.

We could also lock the store after some inactive time.

Should the user decline biometric authentication, persistent token storage will be disabled, requiring authentication via FusionAuth upon each application launch or following any event resulting in memory cache clearing.

### Alternatives/workarounds
TBD

### Additional context
N/A

### Community guidelines
All issues filed in this repository must abide by the [FusionAuth community guidelines](https://fusionauth.io/community/forum/topic/1000/code-of-conduct).

### How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Biometrics to access the Token Store #194