I've attempted many times to create a login page that was secure and avoids the default white box FMGO Login screen, many users or companies that I created apps for do not understand what a .fmp12 file is when the login box prompts them for their credentials (the top of the login dialog box says sign in to myfile.fmp12) , additionally this visual is not very professional or esthetically pleasing. In a desperate attempt to make the login process more presentable and still embrace touchID and faceID technologies, this is what I came up with. I just hope there's not any major security flaws with my approach.
1) Create a login page layout.
2) Create a Login Account name and create a custom priv. set for the Login Account.
Only allow access to this one login layout.
3) Automatically login with the Login account. This will always bypass the default iOS SDK login
4) Create a login script.
5) Allow the user to decide to save their credentials upon success to keychain.
Run SaveKeychain plugin function (This is a plugin a wrote: fmKeychain.fmplugin ) This will securely place their FileMaker Credentials in the iOS Keychain protected by touchID/faceID.
6) I've added a layout script trigger when the login page loads up for the first time/ or anytime.
It will test whether or not their is a stored credential available on their iOS Device. If there is the face/or touch icon request will be made and the user can then login and then they will be directed to the app's dashboard/main menu.
**note GetKeychain() is my custom function from a plugin that I made. I have allowed the Login Guest account to execute-only for these two scripts. The account has access to nothing else.
Thats pretty much it. Does anyone see any security FileMaker flaws with this design?
Hopefully, nothing too concerning since the Login Guest account is very limited. I really feel like having a way to control the TouchID/FaceID actions via plugin allowed me to serve up a really nice custom login page. Also the faceID /touchID button on the login page will relaunch the face /finder scan again incase I missed it in time on the first try.
What are everyone's thoughts on this topic?