🏠 Overview 🧩 Components 🧩 Biometric Token Exchange Service

Biometric Token Exchange Service

Component Detail

Service Layer medium complexity mobile
3
Dependencies
1
Dependents
1
Entities
0
Integrations

Description

On a successful biometric pass, retrieves the device-bound refresh token from Secure Token Store and silently exchanges it for a new short-lived access token via Auth Service. Detects expired or revoked refresh tokens and falls through to full credential login, then disables the biometric path until the next complete login.

Feature: Biometric Login (Face ID/Fingerprint)

biometric-token-exchange-service

Sources & reasoning

The orchestration of retrieving a stored refresh token, calling the token-refresh endpoint, handling expiry/revocation fallback, and re-storing the rotated token is distinct enough from UI presentation and secure storage to warrant its own service. Isolating this logic also makes the fallback path testable independently.

No source references — this artifact was included based on reasoning alone (see above).

Responsibilities

  • Retrieve stored refresh token from Secure Token Store on biometric success
  • Call Auth Service refresh endpoint to obtain a new access token
  • Detect token expiry or revocation and trigger credential login fallback
  • Re-store the rotated refresh token in Secure Token Store after successful exchange
  • Toggle biometric path enabled/disabled based on refresh token availability

Interfaces

attemptBiometricUnlock() -> Future<AuthResult>
invalidateBiometricSession()
isBiometricSessionActive() -> bool

Relationships

Dependencies (3)

Components this component depends on

infrastructure Secure Token Store service Auth Service Shared ui Biometric Auth Widget

Dependents (1)

Components that depend on this component

ui Biometric Auth Widget

Related Data Entities (1)

Data entities managed by this component

Session 21 fields core