Mobile Authentication (FIDO UAF) Example Apps
These applications are provided for demonstration and learning purposes only. They are not hardened, audited, or supported for use in production environments. Do not deploy them as-is in a live system.
This page introduces the Nevis Mobile Authentication SDK example applications and how they relate to Authentication Cloud. For full setup instructions, see the Mobile Authentication SDK quickstart guide.
Nevis provides open-source example applications for Android, iOS, Flutter, and React Native that demonstrate end-to-end FIDO UAF registration and authentication using the Nevis Mobile Authentication SDK. The apps are a practical starting point for development teams who want to embed mobile authentication directly into their own applications.
The Mobile Authentication SDK uses the FIDO UAF 1.1 standard, which creates device-bound credentials. Unlike platform passkeys (FIDO2), UAF credentials cannot be backed up or synchronized to another device — the private key lives on the device that performed the registration. This makes them suitable for use cases where device-binding is a security requirement.
For a comparison of the two approaches, see Platform behavior and limitations in the FIDO2 example apps guide.
Available example applications
Nevis provides one or more example applications per platform, each illustrating a different architectural style. All applications expose the same set of features.
- Android
- iOS
- Flutter
- React Native
| Repository | Architecture |
|---|---|
| nevis-mobile-authentication-sdk-example-app-android | Simple (ViewModel-based) |
| nevis-mobile-authentication-sdk-example-app-android-coroutines | Clean Architecture with coroutines |
The Android example apps reference the debug version of the SDK only. To build a release-signed app for distribution via Google Play, contact [email protected] to obtain the release SDK and the finalizer plugin.
| Repository | Architecture |
|---|---|
| nevis-mobile-authentication-sdk-example-app-ios | Declarative (MVP) |
| nevis-mobile-authentication-sdk-example-app-ios-rx | Reactive (MVVM with RxSwift) |
| Repository | Architecture |
|---|---|
| nevis-mobile-authentication-sdk-example-app-flutter | Flutter/Dart |
| Repository | Architecture |
|---|---|
| nevis-mobile-authentication-sdk-example-app-react | React Native/TypeScript |
What the apps demonstrate
All example applications demonstrate the core FIDO UAF flows:
- Out-of-band registration: scan a QR code generated by the Authentication Cloud Test & Debug page to register the device and select an authenticator (biometrics, PIN, password, or device passcode).
- Out-of-band authentication: scan a QR code from the Test & Debug page to complete an authentication challenge on the device.
- In-band authentication: authenticate the current device without scanning a QR code, simulating how the SDK is used inside your own application.
- Deregistration: remove registered accounts and authenticators from the device and the backend.
- PIN and Password change: update PIN or Password credentials locally without involving the backend.
- Device information change: update the device name stored on the backend.
Supported authenticators depend on device capabilities. PIN and Password authenticators are always available. Biometric authenticators (fingerprint, Face ID) and device passcode are available when the device hardware and operating system settings permit.
How to get started
Follow the Mobile Authentication SDK quickstart guide for step-by-step instructions on cloning the repositories, building the apps, and running them against your Authentication Cloud instance.
The quickstart guide covers:
- Prerequisites: Authentication Cloud instance and access key.
- Cloning the example application for your platform.
- Building and running the app.
- Using the app together with the Authentication Cloud Test & Debug page.
Production alternatives
The example applications are SDK integration samples. For deployments that do not require full SDK integration, Nevis offers two ready-to-use alternatives:
- Nevis Access App: a brandable, production-ready mobile app built on the same Mobile Authentication SDK. It provides the full FIDO UAF authentication experience without requiring you to write SDK integration code.
- FIDO2/passkey example apps: if your use case does not require device-bound credentials, the FIDO2 example apps demonstrate passkey-based authentication using the standard platform APIs (Android Credential Manager and iOS Authentication Services), with no additional SDK dependency.