Support setting authentication time so you can do multiple sign operation within the specified time frame #7
Comments
|
Also nice to have: allow authentication for multiple keys. This would e.g. allow to receive a sd-jwt and mdoc bound to different keys with a single biometric authentication prompt. For iOS we can create an authentication context beforehand, and then pass a reference to the context: https://developer.apple.com/documentation/security/ksecuseauthenticationcontext. We should probably add a method that allows creating an authentication context, and then you get back an identifier that you can use for the specified period of time. For android the developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUserAuthenticationParameters(int,%20int) authenticates all keys for the period of time, which does have security implications. |
To prevent multiple biometric prompts in a short time span
iOS: https://developer.apple.com/documentation/localauthentication/lacontext/touchidauthenticationallowablereuseduration
Android: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setUserAuthenticationParameters(int,%20int)
The text was updated successfully, but these errors were encountered: