Thank you for the detailed post to implement bio-materic into the application.

I have a question.

When user first time login with their username/password the app get userToken from the server and then user enable bio-authentication.

Once user logout and login into system again with bioauthentication, the previously stored token used.

What if token expired from the backend, how to handle that case when use biomatric authentication?