Nevis Logo

Nevis Mobile Authentication SDK iOS Example App

Main Branch Commit Verify Pull Request

This repository contains the example app demonstrating how to use the Nevis Mobile Authentication SDK in an iOS mobile application. The Nevis Mobile Authentication SDK allows you to integrate passwordless authentication to your existing mobile app, backed by the FIDO UAF 1.1 Standard.

Some SDK features demonstrated in this example app are:

  • Using the SDK with the Nevis Authentication Cloud
  • Registering with QR code & app link URIs
  • Simulating in-band authentication after registration
  • Deregistering a registered account
  • Changing the PIN of the PIN authenticator
  • Changing the device information

Please note that the example app only demonstrates a subset of the available SDK features. The main purpose is to demonstrate how the SDK can be used, not to cover all supported scenarios.

Getting Started

Before you start compiling and using the example applications please ensure you have the following ready:

Your development setup has to meet the following prerequisites:

  • iOS 12 or later
  • Xcode 14.2, including Swift 5.7.2

Initialization

Dependencies in this project are provided via Cocoapods. Please install all dependencies by running

pod install

Configuration

Before being able to use the example app with your Authentication Cloud instance, you'll need to update the configuration file with the right host information.

Edit the ConfigAuthenticationCloud.plist file and replace the host name information with your Authentication Cloud instance.

Configuration Change

The example apps are supporting two kinds of configuration: authenticationCloud and identitySuite.

Note

Only build-time configuration change is supported.

To change the configuration open the AppAssembly.swift file which describes the dependency injection related configuration using the Swinject library. The environment parameter should be changed when injecting the ConfigurationLoaderImpl component to one of the values already mentioned.

Handling deep links

The example applications handle deep links which contain a valid dispatchTokenResponse query parameter of an out-of-band operation.

The feature is achieved with Custom URL Schemes.

Note

Further information: Define custom url scheme.

Custom URL Schemes

Modify the content of CFBundleURLSchemes array in the Info.plist file with the right scheme information of your environment.

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>nevisaccess</string>
        </array>
    </dict>
</array>

Build & run

Now you're ready to build and run the example app by choosing Product > Run from Xcode's menu or by clicking the Run button in your project’s toolbar.

Note

Running the app on an iOS device requires codesign setup.

Try it out

Now that the iOS example app is up and running, it's time to try it out!

Check out our Quickstart Guide.

Integration Notes

In this section you can find hints about how the Nevis Mobile Authentication SDK is integrated into the example app.

  • All SDK invocation is implemented in the corresponding presenter class.
  • All SDK specific user interaction related protocol implementation can be found in the Interaction folder.

Initialization

The HomePresenter class is responsible for creating and initializing a MobileAuthenticationClient instance which is the entry point to the SDK. Later this instance can be used to start the different operations.

Registration

Before being able to authenticate using the Nevis Mobile Authentication SDK, go through the registration process. Depending on the use case, there are two types of registration: in-app registration and out-of-band registration.

In-app registration

If the application is using a backend using the Nevis Authentication Cloud, the AuthCloudApiRegistrationPresenter class will be used by passing the enrollment response or an appLinkUri.

When the backend used by the application does not use the Nevis Authentication Cloud the name of the user to be registered is passed to the UsernamePasswordLoginPresenter class. If authorization is required by the backend to register, provide an AuthorizationProvider. In the example app a CookieAuthorizationProvider is created from the cookies (see UsernamePasswordLoginPresenter) obtained by the LoginServiceImpl class.

Out-of-band registration

When the registration is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationHandlerImpl class starts the out-of-band operation.

Authentication

Using the authentication operation, you can verify the identity of the user using an already registered authenticator. Depending on the use case, there are two types of authentication: in-app authentication and out-of-band authentication.

In-app authentication

For the application to trigger the authentication, the name of the user is provided to the SelectAccountPresenter class.

Out-of-band authentication

When the authentication is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationHandlerImpl class starts the out-of-band operation.

Transaction confirmation

There are cases when specific information is to be presented to the user during the user verification process, known as transaction confirmation. The AuthenticatorSelectionContext and the AccountSelectionContext contain a byte array with the information. In the example app it is handled in the AccountSelectorImpl class.

Deregistration

The HomePresenter class is responsible for deregistering either a user or all of the registered users from the device.

Other operations

Change PIN

With the change PIN operation you can modify the PIN of a registered PIN authenticator for a given user. It is implemented in:

Change Password

With the change password operation you can modify the password of a registered Password authenticator for a given user. It is implemented in:

Decode out-of-band payload

Out-of-band operations occur when a message is delivered to the application through an alternate channel like a push notification, a QR code, or a deep link. With the help of the OutOfBandOperationHandlerImpl class the application can create an OutOfBandPayload either from a JSON or a Base64 URL encoded String. The OutOfBandPayload is then used to start an OutOfBandOperation, see chapters Out-of-Band Registration and Out-of-Band Authentication.

Change device information

During registration, the device information can be provided that contains the name identifying your device, and also the Firebase Cloud Messaging registration token. Updating both the name and the token is implemented in the ChangeDeviceInformationPresenter class.

© 2023 made with ❤ by Nevis