Biometrics with Kinde auth
Our project is currently using Kinde auth and trying to implement biometrics feature for the mobile application (basically website turned into mobile app by Median, so we are using Kinde's react package)
Can you point me to the right guide or doc to implement this if Kinde does support this feature? Basically, we would need to sign in a user via post request or API call, without redirecting the user to the Kinde sign-in page so that the mobile can store the user's credentials.
Thanks in advance for your help.
2 Replies
Hi,
Thanks for reaching out. Kinde’s authentication system operates through OAuth 2.0 flows, which means it requires redirecting users to Kinde’s hosted authentication pages. Direct API authentication without redirection isn’t currently supported, including biometric authentication. For React applications, Kinde provides a React SDK that uses the Authorization Code Flow with PKCE for secure authentication. While the mobile device may support biometrics for local security, authentication with Kinde still requires the standard OAuth flow. If you’re looking to implement biometrics, you’d need to handle it separately as an additional security layer within your app. Let me know if this answers your question or if you need more details
Thanks for reaching out. Kinde’s authentication system operates through OAuth 2.0 flows, which means it requires redirecting users to Kinde’s hosted authentication pages. Direct API authentication without redirection isn’t currently supported, including biometric authentication. For React applications, Kinde provides a React SDK that uses the Authorization Code Flow with PKCE for secure authentication. While the mobile device may support biometrics for local security, authentication with Kinde still requires the standard OAuth flow. If you’re looking to implement biometrics, you’d need to handle it separately as an additional security layer within your app. Let me know if this answers your question or if you need more details
Thank you for replying soon. So, to reiterate, biometrics can only be implemented as another layer of security (like MFA) on top of the standard OAuth flow (authentication via redirection). Right?