I've implemented an In-App Pin Code Lock using a custom code approach. I hope someone will use the same approach or provide more suggestions on how to do it in the best way.
Upon signing in, users are prompted to set an in-app PIN, which is stored persistently in the app state.
Next, I use an action block to keep track of every user action and update it to the app state, referred to as 'lastActionTime.'
Following that, I use custom code to calculate the minutes elapsed since the last action timestamp stored in the app state called 'lastActionTime' by comparing it with the current timestamp. If more than 10 minutes have passed since the last action, the user is redirected to enter the in-app PIN.
Additionally, I created a persistent app state called 'wrongLoginCount' to keep records of the count of how many times an invalid PIN is entered. Even if the user attempts to close the app, the remaining attempts are displayed before the app gets locked after 5 consecutive wrong PIN entries. Upon entering the correct PIN, the 'wrongLoginCount' is reset to 0, and the 'lastActionTime' is updated to the current timestamp and user will be allowed to continue using the app.
What are your thoughts on this approach?