This repository contains the example app demonstrating how to use the Nevis Mobile Authentication SDK in an iOS mobile application. The Nevis Mobile Authentication SDK allows you to integrate passwordless authentication to your existing mobile app, backed by the FIDO UAF 1.1 Standard.
Some SDK features demonstrated in this example app are:
- Using the SDK with the Nevis Authentication Cloud
- Registering with QR code & app link URIs
- Simulating in-band authentication after registration
- Deregistering a registered account
- Changing the PIN of the PIN authenticator
- Changing the device information
Please note that the example app only demonstrates a subset of the available SDK features. The main purpose is to demonstrate how the SDK can be used, not to cover all supported scenarios.
Before you start compiling and using the example applications please ensure you have the following ready:
- An Authentication Cloud instance provided by Nevis.
- An access key to use with the Authentication Cloud.
Your development setup has to meet the following prerequisites:
- iOS 12 or later
- Xcode 14.2, including Swift 5.7.2
Dependencies in this project are provided via Cocoapods. Please install all dependencies by running
pod install
Before being able to use the example app with your Authentication Cloud instance, you'll need to update the configuration file with the right host information.
Edit the ConfigAuthenticationCloud.plist file and replace the host name information with your Authentication Cloud instance.
The example apps are supporting two kinds of configuration: authenticationCloud
and identitySuite
.
Note
Only build-time configuration change is supported.
To change the configuration open the AppAssembly.swift file which describes the dependency injection related configuration using the Swinject
library.
The environment
parameter should be changed when injecting the ConfigurationLoaderImpl
component to one of the values already mentioned.
The example applications handle deep links which contain a valid dispatchTokenResponse
query parameter of an out-of-band operation.
The feature is achieved with Custom URL Schemes.
Note
Further information: Define custom url scheme.
Modify the content of CFBundleURLSchemes
array in the Info.plist file with the right scheme information of your environment.
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>nevisaccess</string>
</array>
</dict>
</array>
Now you're ready to build and run the example app by choosing Product > Run from Xcode's menu or by clicking the Run button in your project’s toolbar.
Note
Running the app on an iOS device requires codesign setup.
Now that the iOS example app is up and running, it's time to try it out!
Check out our Quickstart Guide.
In this section you can find hints about how the Nevis Mobile Authentication SDK is integrated into the example app.
- All SDK invocation is implemented in the corresponding presenter class.
- All SDK specific user interaction related protocol implementation can be found in the Interaction folder.
The HomePresenter class is responsible for creating and initializing a MobileAuthenticationClient
instance which is the entry point to the SDK. Later this instance can be used to start the different operations.
Before being able to authenticate using the Nevis Mobile Authentication SDK, go through the registration process. Depending on the use case, there are two types of registration: in-app registration and out-of-band registration.
If the application is using a backend using the Nevis Authentication Cloud, the AuthCloudApiRegistrationPresenter class will be used by passing the enrollment
response or an appLinkUri
.
When the backend used by the application does not use the Nevis Authentication Cloud the name of the user to be registered is passed to the UsernamePasswordLoginPresenter class.
If authorization is required by the backend to register, provide an AuthorizationProvider
. In the example app a CookieAuthorizationProvider
is created from the cookies (see UsernamePasswordLoginPresenter) obtained by the LoginServiceImpl class.
When the registration is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationHandlerImpl class starts the out-of-band operation.
Using the authentication operation, you can verify the identity of the user using an already registered authenticator. Depending on the use case, there are two types of authentication: in-app authentication and out-of-band authentication.
For the application to trigger the authentication, the name of the user is provided to the SelectAccountPresenter class.
When the authentication is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationHandlerImpl class starts the out-of-band operation.
There are cases when specific information is to be presented to the user during the user verification process, known as transaction confirmation. The AuthenticatorSelectionContext
and the AccountSelectionContext
contain a byte array with the information. In the example app it is handled in the AccountSelectorImpl class.
The HomePresenter class is responsible for deregistering either a user or all of the registered users from the device.
With the change PIN operation you can modify the PIN of a registered PIN authenticator for a given user. It is implemented in:
- in case of a single registered user see the HomePresenter class.
- in case of multiple registered users see the SelectAccountPresenter class.
With the change password operation you can modify the password of a registered Password authenticator for a given user. It is implemented in:
- in case of a single registered user see the HomePresenter class.
- in case of multiple registered users see the SelectAccountPresenter class.
Out-of-band operations occur when a message is delivered to the application through an alternate channel like a push notification, a QR code, or a deep link. With the help of the OutOfBandOperationHandlerImpl class the application can create an OutOfBandPayload
either from a JSON or a Base64 URL encoded String. The OutOfBandPayload
is then used to start an OutOfBandOperation
, see chapters Out-of-Band Registration and Out-of-Band Authentication.
During registration, the device information can be provided that contains the name identifying your device, and also the Firebase Cloud Messaging registration token. Updating both the name and the token is implemented in the ChangeDeviceInformationPresenter class.
© 2023 made with ❤ by Nevis