Biometric Auth Service
Component Detail
Service Layer
medium complexity
mobile
2
Dependencies
1
Dependents
0
Entities
0
Integrations
Description
Orchestrates the full biometric unlock flow: checks device capability, retrieves the stored refresh token from SecureTokenStore, calls POST /auth/refresh via ApiHttpClient, and delivers a new access token to the session layer. Enforces re-authentication rules - after 30 consecutive days of inactivity or after token revocation, it returns a RequiresFullLogin signal instead of attempting refresh.
biometric-auth-service
Responsibilities
- Check biometric hardware availability and enrollment status before attempting unlock
- Retrieve refresh token from SecureTokenStore and call POST /auth/refresh on biometric success
- Enforce 30-day inactivity and revocation policy by returning RequiresFullLogin
- Persist last-successful-auth timestamp to support inactivity enforcement
- Clear stored token and signal RequiresFullLogin when refresh call returns 401
Interfaces
attemptBiometricUnlock() → Future<BiometricResult>
isBiometricAvailable() → Future<bool>
enrollBiometric() → Future<void>
revokeBiometricEnrollment() → Future<void>
checkInactivityPolicy() → bool
Relationships
Dependencies (2)
Components this component depends on