Performing Operations
The NevisAuthenticationSession
class conforms to different protocols that define the operations exposed by the SDK. The NevisOperations
protocol specifies the standard FIDO UAF 1.1 operations, also described as in-band operations. In addition, the SDK also supports operations that are not standard FIDO service but proprietary NEVIS Mobile Authentication backend functionality, built on top of the FIDO standards. Those features include out-of-band operations and dispatch target management, defined by the OutOfBandOperations
.
See Operations for more details.
-
The list of constants defined by the Nevis Mobile Authentication SDK.
See moreDeclaration
Swift
public enum NevisMobileAuthenticationSDK
-
The
NevisAuthenticationSession
class represents the main entry point to the NEVIS Mobile Authentication SDK and FIDO UAF capability.You use instances of this class to perform operations supported by the SDK, exposed through different protocols.
Types of Operations
The
InBandOperations
protocol specifies the standard FIDO UAF 1.1 operations, also described as FIDO operations.In addition, the SDK also supports operations that are not standard FIDO service but proprietary NEVIS Mobile Authentication backend functionality, built on top of the FIDO standards. Those features include out-of-band operations and dispatch target management, defined by the
See moreOutOfBandOperations
andDispatchTargetOperations
protocols, respectively.Declaration
Swift
public class NevisAuthenticationSession
extension NevisAuthenticationSession: InBandOperations
extension NevisAuthenticationSession: InBandOperationsMultiAccount
extension NevisAuthenticationSession: OutOfBandOperations
extension NevisAuthenticationSession: OutOfBandOperationsMultiAccount
-
A type that represents an error that can be thrown in the NEVIS domain.
See moreDeclaration
Swift
public struct NevisError : Error
extension NevisError: Equatable
extension NevisError: LocalizedError
-
A composed type that allows to perform all operations exposed by the SDK.
Declaration
Swift
public typealias NevisOperations = InBandOperations & OutOfBandOperations
-
The list of supported policies used to evaluate server trusts.
Warning
Applications are encouraged to always pin certificates in production environments.Encoding and Decoding
NevisServerPinningPolicy
conforms toCodable
in order to be easily decoded from JSON or a property list. Because the type is defined as an enum with associated values, it must follow a specific structure that defines the policy option and its associated value(s), if any. SeeNevisServerPinningPolicy.CodingKeys
for the list of available keys andNevisServerPinningPolicy.RawValues
for the list of available raw values.The following JSON representation defines a policy that enables certificate pinning for a specific list of SPKI hashes:
{ "policy" : "pinCertificates", "certificateSPKIHashes" : ["XXXXX", "00000"] }
The following JSON representation defines a policy that disables certificate pinning:
See more{ "policy" : "disablePinning" }
Declaration
Swift
public enum NevisServerPinningPolicy
extension NevisServerPinningPolicy: Codable
-
The
See moreInBandOperations
protocol specifies the FIDO operations and actions exposed by the SDK.Declaration
Swift
public protocol InBandOperations
-
The
See moreInBandOperations
protocol specifies the FIDO operations and actions exposed by the SDK.Declaration
Swift
public protocol InBandOperationsMultiAccount
-
The
See moreOutOfBandOperations
protocol specifies the out-of-band (OOB) operations and actions exposed by the SDK. This protocol also exposes methods to manage dispatch target entities. Dispatch targets allow to involve users in out-of-band operations. A dispatch target describes a destination to which a NEVIS Mobile Authentication backend can dispatch a token. For instance it can be the registration token that can be used to send Push notifications to a mobile application.Declaration
Swift
public protocol OutOfBandOperations
-
The
See moreOutOfBandOperations
protocol specifies the out-of-band (OOB) operations and actions exposed by the SDK. This protocol also exposes methods to manage dispatch target entities. Dispatch targets allow to involve users in out-of-band operations. A dispatch target describes a destination to which a NEVIS Mobile Authentication backend can dispatch a token. For instance it can be the registration token that can be used to send Push notifications to a mobile application.Declaration
Swift
public protocol OutOfBandOperationsMultiAccount
-
The
See moreDispatchChannel
enum contains the available dispatch names as configured in NEVIS Mobile Authentication backend.Declaration
Swift
public enum DispatchChannel : String, Codable, CaseIterable
-
A
See moreDispatchTargetConfiguration
instance defines the options required to create a dispatch target.Declaration
Swift
public struct DispatchTargetConfiguration
-
A
RedeemToken
instance contains information to be redeemed in order to trigger FIDO UAF operations.The information is extracted from different channels like QR-Code, Push Notification, etc.
See moreDeclaration
Swift
public struct RedeemToken : Codable
-
Provides the authorization elements required to perform operations on protected resources.
Within NEVIS Mobile Authentication, nevisAuth is also involved if authentication is required to initiate a FIDO operation. When registering with FIDO UAF credentials, the
HTTPClient
must authenticate to obtain some authorization tokens (HTTP cookies, JWT, etc.). So the client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations (like registrations) on behalf of an arbitrary user.)Some operations can also generate an
AuthorizationProvider
what the application can use to access protected resources. This is a typical case of authentication. Once the authentication is completed, some authorization tokens might have been granted.Declaration
Swift
public protocol AuthorizationProvider
-
An HTTP cookie based authorization provider.
See moreDeclaration
Swift
public struct CookieAuthorizationProvider : AuthorizationProvider
-
A JWT based authorization provider.
See moreDeclaration
Swift
public struct JwtAuthorizationProvider : AuthorizationProvider
-
Provides the elements required to run an operation in a session.
When authenticating with FIDO UAF credentials, the
HTTPClient
must provide some authorization tokens (HTTP cookies, JWT, etc.). These authorization elements might already be available, due to a previous authentication. In these cases, FIDO UAF is not used as first factor authentication,SessionProvider
is used to provide the needed authorization elements toHttpClient
for a FIDO UAF authentication.The client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations on behalf of an arbitrary user.)
SessionProvider
provides this functionality.Currently only cookie based session management is supported. See
CookieSessionProvider
Declaration
Swift
public protocol SessionProvider
-
An HTTP cookie based session provider.
See moreDeclaration
Swift
public struct CookieSessionProvider : SessionProvider
-
A JWT based session provider.
See moreDeclaration
Swift
public struct JwtSessionProvider : SessionProvider