Did you find how to implement it? What I know so far (I'm new to mobile dev) if it helps anyone else who lands here, your service returns both a Refresh Token and an Access Token, the AT should have a short lifespan and your RT is used just once to get a new AT and a new RT. So with this in mind what needs to happen is that you would need to store your RT, if the Biometric Auth succeeds you go and grab the corresponding RT, send that back to your service. I don't know if there is a library that helps with this, i guess you could also store the user and pwd instead of the token and send that for auth. I'm also looking for an example of some sort.