Account recovery
Keyless is able to recover an account from what we refer to as temporary state.
The temporary state is obtained:
from your backend through Keyless Identity Verification Bridge. More in IDV-Bridge.
from your client app using the Keyless Mobile SDK.
What follows refers to option 2: obtain the temporary state from the Keyless Mobile SDK.
What is the temporary state?
The Keyless temporary state contains all the necessary information to restore an account. It can be created during enrollment and authentication.
To create and use the temporary state Keyless requires the user biometric.
The temporay state internals are not important but you can expect a string similar to the following that you should pass as-is to recover the account:
Obtain the temporary state
Use the shouldRetrieveTemporaryState
parameter of the BiomEnrollConfig
or BiomAuthConfig
depending if you want to retrieve the temporary state during enrollment or authencation flows.
Dunring the enrollment flow:
During the authentication flow:
Recover from temporary state
Pass the temporary state during the enrollment flow to recover the account. The temporary state is the one you obtained and stored securely in the previous step.
When enrolling from the temporary state, Keyless shows the authentication UI to users. In the past users already went through the enrollment "onboarding" flow, we can reduce the friction in account recovery performing the authentication flow.
For technical reasons developers need to call Keyless.enroll
instead of Keyless.authenticate
even if the UI is the one from authentication flow.
The account is recovered and it's now possible to authenticate the user.
Last updated