I have developed many web based applications and focused a lot on authentication LDAP, SAML and in application passwords. Now I am moving to building native mobile application and would like to take advantage of finger print authentication.
In order to use my server side web services, a user needs to authenticate, once authenticated they are presented with a token for the remainder of the session. Finger print authentication on native mobile devices is completed locally on the device.
My question is typically or in general terms do most apps using finger print just use it locally and then send a users credentials to the server?
Effectively the finger print is "front" to obtaining a locally stored copy for a users credentials. Where these locally stored credentials have been entered on initial setup and stored securely on the device ?
