Performing Operations

The NevisAuthenticationSession class conforms to different protocols that define the operations exposed by the SDK. The NevisOperations protocol specifies the standard FIDO UAF 1.1 operations, also described as in-band operations. In addition, the SDK also supports operations that are not standard FIDO service but proprietary NEVIS Mobile Authentication backend functionality, built on top of the FIDO standards. Those features include out-of-band operations and dispatch target management, defined by the OutOfBandOperations.

See Operations for more details.

  • The list of constants defined by the Nevis Mobile Authentication SDK.

    See more

    Declaration

    Swift

    public enum NevisMobileAuthenticationSDK
  • The NevisAuthenticationSession class represents the main entry point to the NEVIS Mobile Authentication SDK and FIDO UAF capability.

    You use instances of this class to perform operations supported by the SDK, exposed through different protocols.

    Types of Operations

    The InBandOperations protocol specifies the standard FIDO UAF 1.1 operations, also described as FIDO operations.

    In addition, the SDK also supports operations that are not standard FIDO service but proprietary NEVIS Mobile Authentication backend functionality, built on top of the FIDO standards. Those features include out-of-band operations and dispatch target management, defined by the OutOfBandOperations and DispatchTargetOperations protocols, respectively.

    See more

    Declaration

    Swift

    public class NevisAuthenticationSession
    extension NevisAuthenticationSession: InBandOperations
    extension NevisAuthenticationSession: InBandOperationsMultiAccount
    extension NevisAuthenticationSession: OutOfBandOperations
    extension NevisAuthenticationSession: OutOfBandOperationsMultiAccount
  • A type that represents an error that can be thrown in the NEVIS domain.

    See more

    Declaration

    Swift

    public struct NevisError : Error
    extension NevisError: Equatable
    extension NevisError: LocalizedError
  • A composed type that allows to perform all operations exposed by the SDK.

    Declaration

    Swift

    public typealias NevisOperations = InBandOperations & OutOfBandOperations
  • The list of supported policies used to evaluate server trusts.

    Warning

    Applications are encouraged to always pin certificates in production environments.

    Encoding and Decoding

    NevisServerPinningPolicy conforms to Codable in order to be easily decoded from JSON or a property list. Because the type is defined as an enum with associated values, it must follow a specific structure that defines the policy option and its associated value(s), if any. See NevisServerPinningPolicy.CodingKeys for the list of available keys and NevisServerPinningPolicy.RawValues for the list of available raw values.

    The following JSON representation defines a policy that enables certificate pinning for a specific list of SPKI hashes:

    {
        "policy" : "pinCertificates",
        "certificateSPKIHashes" : ["XXXXX", "00000"]
    }
    

    The following JSON representation defines a policy that disables certificate pinning:

    {
        "policy" : "disablePinning"
    }
    
    See more

    Declaration

    Swift

    public enum NevisServerPinningPolicy
    extension NevisServerPinningPolicy: Codable

FIDO Operations

Out-of-Band Operations

  • The OutOfBandOperations protocol specifies the out-of-band (OOB) operations and actions exposed by the SDK. This protocol also exposes methods to manage dispatch target entities. Dispatch targets allow to involve users in out-of-band operations. A dispatch target describes a destination to which a NEVIS Mobile Authentication backend can dispatch a token. For instance it can be the registration token that can be used to send Push notifications to a mobile application.

    See more

    Declaration

    Swift

    public protocol OutOfBandOperations
  • The OutOfBandOperations protocol specifies the out-of-band (OOB) operations and actions exposed by the SDK. This protocol also exposes methods to manage dispatch target entities. Dispatch targets allow to involve users in out-of-band operations. A dispatch target describes a destination to which a NEVIS Mobile Authentication backend can dispatch a token. For instance it can be the registration token that can be used to send Push notifications to a mobile application.

    See more

    Declaration

    Swift

    public protocol OutOfBandOperationsMultiAccount
  • The DispatchChannel enum contains the available dispatch names as configured in NEVIS Mobile Authentication backend.

    See more

    Declaration

    Swift

    public enum DispatchChannel : String, Codable, CaseIterable
  • A DispatchTargetConfiguration instance defines the options required to create a dispatch target.

    See more

    Declaration

    Swift

    public struct DispatchTargetConfiguration
  • A RedeemToken instance contains information to be redeemed in order to trigger FIDO UAF operations.

    The information is extracted from different channels like QR-Code, Push Notification, etc.

    See more

    Declaration

    Swift

    public struct RedeemToken : Codable
  • Provides the authorization elements required to perform operations on protected resources.

    Within NEVIS Mobile Authentication, nevisAuth is also involved if authentication is required to initiate a FIDO operation. When registering with FIDO UAF credentials, the HTTPClient must authenticate to obtain some authorization tokens (HTTP cookies, JWT, etc.). So the client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations (like registrations) on behalf of an arbitrary user.)

    Some operations can also generate an AuthorizationProvider what the application can use to access protected resources. This is a typical case of authentication. Once the authentication is completed, some authorization tokens might have been granted.

    Declaration

    Swift

    public protocol AuthorizationProvider
  • An HTTP cookie based authorization provider.

    See more

    Declaration

    Swift

    public struct CookieAuthorizationProvider : AuthorizationProvider
  • A JWT based authorization provider.

    See more

    Declaration

    Swift

    public struct JwtAuthorizationProvider : AuthorizationProvider
  • Provides the elements required to run an operation in a session.

    When authenticating with FIDO UAF credentials, the HTTPClient must provide some authorization tokens (HTTP cookies, JWT, etc.). These authorization elements might already be available, due to a previous authentication. In these cases, FIDO UAF is not used as first factor authentication, SessionProvider is used to provide the needed authorization elements to HttpClient for a FIDO UAF authentication.

    The client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations on behalf of an arbitrary user.)

    SessionProvider provides this functionality.

    Currently only cookie based session management is supported. See CookieSessionProvider

    Declaration

    Swift

    public protocol SessionProvider
  • An HTTP cookie based session provider.

    See more

    Declaration

    Swift

    public struct CookieSessionProvider : SessionProvider
  • A JWT based session provider.

    See more

    Declaration

    Swift

    public struct JwtSessionProvider : SessionProvider