Identity Vault
Ionic Identity Vault is an all-in-one frontend identity management system that combines security best practices and the latest in biometric authentication options available on iOS and Android.
The Vault manages secure user identity and session tokens, ensuring sensitive tokens are encrypted at rest, stored only in secure locations on the device, and unlocked only with biometric identity (TouchID/FaceID).
Without Ionic Identity Vault, Ionic developers have to resort to combining third party Cordova plugins, often resulting in insecure setups due to the lack of correct implementation of biometric and at-rest encryption strategies. Learn more.
#
InstallationIf you have not already setup Ionic Enterprise in your app, follow the one-time setup steps.
Next, install the plugin:
- Capacitor
- Cordova
Update the native project config files:
#
Reference AppsThe Identity Vault reference apps offer a complete login/logout experience that includes biometrics (Face ID with passcode as a fallback), secure token storage, background data hiding, and session timeouts. Two variants of the reference apps are available. The first variant demonstrates using Identity Vault to integrate with an existing generic authentication workflow. The second variant demonstrates using Identity Vault in conjuction with Auth Connect to provide a fully secured OAuth/OpenID Connect authentication workflow.
#
Configuring the VaultThe IonicIdentityVaultUser
class takes a generic session type which represents the type of the session you'll store in the vault. You can use the DefaultSession or extend the class to create a custom session. In the constructor of your Identity
service, the vault is configured by providing options to the super()
call:
#
Automatically adding your token to requestsIf you'd like to automatically add your authorization token from your identity service to every request, you can see a simple example at in our demo repo.