SecureTokenStore
Component Detail
Data Layer
medium complexity
mobile
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Abstracts platform-specific secure storage for the device-bound session token used in biometric continuation. On iOS it writes to the Keychain and on Android to the Keystore-backed EncryptedSharedPreferences, ensuring the token never leaves the device. It provides a uniform read/write/delete interface consumed by BiometricAuthService.
secure-token-store
Sources & reasoning
Lines 42 and 276 describe biometric login explicitly as a post-initial-login session mechanism co-delivered with BankID/Vipps. BankID/Vipps are Phase 2 (v1.0) per the priority matrix. Biometric depends on a prior full-credential session and is naturally co-delivered in Phase 2. Blueprint confirms v1.0.
-
docs/source/likeperson.md · line 42med biometrisk innlogging (Face ID / fingeravtrykk) etterpå
-
docs/source/likeperson.md · line 276Biometric session unlock (Face ID / fingerprint) after first login. Mobile stores tokens in the platform secure store
Responsibilities
- Write session tokens to the platform secure enclave (Keychain / Keystore)
- Read stored tokens with biometric-gated access flags where supported
- Delete tokens on logout or enrollment reset
- Report storage availability and whether an enrolled token exists
Interfaces
saveToken(key: string, token: string): Promise<void>
getToken(key: string): Promise<string | null>
deleteToken(key: string): Promise<void>
hasToken(key: string): Promise<boolean>