SecureTokenStore
Component Detail
Infrastructure
medium complexity
mobile
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Wraps the device platform secure enclave storage (iOS Keychain, Android Keystore) to persist and retrieve the session token tied to a completed primary login. Access to the stored token is gated behind a successful biometric or device-credential challenge set at write time. Provides a consistent interface abstracting platform differences.
secure-token-store
Sources & reasoning
Line 42 describes biometrics as the follow-up to BankID/Vipps first-time login, explicitly naming Face ID and fingerprint. Line 276 specifies tokens stored in the platform secure store, which is the mechanism biometric unlock uses. Both references place this in the Fase 2 / BankID-Vipps rollout context, mapping to v1.0.
-
docs/source/likeperson.md · line 42med biometrisk innlogging (Face ID / fingeravtrykk) etterpå
-
docs/source/likeperson.md · line 276Biometric session unlock (Face ID / fingerprint) after first login. Mobile stores tokens in the platform secure store
Responsibilities
- Write session tokens to platform secure storage with biometric-access policy applied
- Read session tokens only after the platform has confirmed biometric or device-credential success
- Delete stored tokens on logout, account switch, or biometric lockout
- Report storage availability and access policy support for the current device
Interfaces
storeToken(key: string, token: string, policy: AccessPolicy): Promise<void>
retrieveToken(key: string): Promise<string | null>
deleteToken(key: string): Promise<void>
isAvailable(): Promise<boolean>