Package ch.nevis.mobile.sdk.api.operation.authcloudapi

Interface AuthCloudApiRegistration

All Superinterfaces:
HttpOperation<AuthCloudApiRegistration>, Operation
public interface AuthCloudApiRegistration extends HttpOperation<AuthCloudApiRegistration>
The object that can be used to trigger a registration operation from the response to the Authentication Cloud API enroll request.

Usage example: 

  private void register(Operations operations, String enrollResponse, DeviceInformation deviceInformation) {
      operations.authCloudApiRegistration()
          .enrollResponse(enrollResponse)
          .deviceInformation(deviceInformation)
          .authenticatorSelector((ctx, consumer) -> {
              // select authenticator
          })
          .biometricUserVerifier(biometricUserVerifier)
          .onError(error -> {
              // handle error
          })
          .onSuccess(result -> {
              // handle success
          })
          .execute();
  }

The fingerprint and biometric authenticators are enrolled at the OS level. That is why, if one of them must be registered, the user must authenticate through either the provided FingerprintUserVerifier or BiometricUserVerifier. In the case of the PIN, the PIN is enrolled during registration, so no authentication is needed.

See Also:

  • Method Details

    • enrollResponse

      AuthCloudApiRegistration enrollResponse(String response)
      Specifies the response to the Authentication Cloud API enroll request. The JSON has the following format: 
       {
     "userId": "7e16ba00-92e2-4fcb-b30e-1af8fdc843aa",
     "username": "u12345",
     "status": "new",
     "createdAt": "2020-10-09T12:13:11.845958Z",
     "updatedAt": "2020-10-09T12:13:11.845958Z",
     "authenticators": [],
     "enrollment": {
         "transactionId": "67cae36e-e3d5-4d67-9aa6-ab7ae3050576",
         "statusToken": "eyJhbGciO...PxOZZYow",
         "qrCode": {
             "type": "image/png",
             "size": 300,
             "dataUri": "data:image/png;base64,iVBO...YII"
         },
         "appLinkUri": "https://{instance}.mauth.nevis.cloud/open?dispatchTokenResponse=eyJub...IxIn0"
     }
 }
      NOTE: you must provide either the whole response through this method, or the URL with the appLinkUri(String) method. Only one of them can be provided.
      Parameters:
      response - the enroll response in JSON format
      Returns:
      an AuthCloudApiRegistration

    • appLinkUri

      AuthCloudApiRegistration appLinkUri(String appLinkUri)
      Specifies the value of the appLinkUri attribute in the enroll response sent by the server. The URL has the following format https://{instance}-app.mauth.nevis.cloud/open?dispatchTokenResponse=eyJub...AQIn3. NOTE: you must provide either the appLinkUri through the method, or the whole response with the enrollResponse(String) method. Only one of them can be provided.
      Parameters:
      appLinkUri - the URL contained in the appLinkUri attribute value
      Returns:
      an AuthCloudApiRegistration

    • deviceInformation

      AuthCloudApiRegistration deviceInformation(DeviceInformation deviceInformation)
      Specifies the device information to be used. The DeviceInformation is required only if there is not a DeviceInformation already defined (that is, if this is the first registration). If a DeviceInformation was already provided in an existing registration, the provided value will be ignored.
      Parameters:
      deviceInformation - the device information
      Returns:
      an AuthCloudApiRegistration

    • allowDevicePasscodeAsFallback

      AuthCloudApiRegistration allowDevicePasscodeAsFallback(boolean allowDevicePasscodeAsFallback)
      Specifies whether the OS device passcode (PIN, password, gesture) can be used as fallback during biometric authentication. If not specified, the device passcode cannot be used as fallback.

      This setting will be ignored on devices running Android API 29 or lower.

      Parameters:
      allowDevicePasscodeAsFallback - whether the device passcode can be used as fallback when using the biometric authenticator, or not
      Returns:
      an AuthCloudApiRegistration

    • invalidateOnNewOsBiometrics

      AuthCloudApiRegistration invalidateOnNewOsBiometrics(boolean invalidateOnNewOsBiometrics)
      Specifies whether the authenticator must be invalidated if the user adds new biometric credentials in the OS settings. If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCode.KEY_DISAPPEARED_PERMANENTLY will be returned by the authentication operation.

      This setting only applies to biometric (Authenticator.BIOMETRIC_AUTHENTICATOR_AAID) and fingerprint (Authenticator.FINGERPRINT_AUTHENTICATOR_AAID) authenticators.

      By setting this parameter to true, you increase the security but there is a loss of convenience: adding a new OS biometric credential does not imply necessarily that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

      If not specified, the authenticator will be invalidated when the user adds a new biometric credential in the OS settings.

      Note that if the device supports Class 2 sensors, and if class 2 sensors are allowed (see allowClass2Sensors(boolean)), the value set in this method will be ignored and the authenticator will not be invalidated if the user adds new biometric credentials in the OS settings.

      There are some known issues associate with this feature when using some Google Pixel devices. See here

      for details.

      This setting will be ignored on devices running Android API 28 or lower.

      Parameters:
      invalidateOnNewOsBiometrics - whether an addition of biometric credentials in the OS should invalidate this authenticator (if the authenticator is biometric or fingerprint)
      Returns:
      an AuthCloudApiRegistration

    • allowClass2Sensors

      AuthCloudApiRegistration allowClass2Sensors(boolean allowClass2Sensors)
      Specifies whether Class 2 (formerly weak) biometric sensors are allowed if the biometric authenticator is selected. By default, the SDK will only allow to use Class 3 (formerly strong) sensors. Using Class 2 sensors is less secure and discouraged. When a Class 2 sensor is used, the FIDO UAF keys are not protected by the operating system by requiring user authentication. If the SDK detects that only Class 3 (strong) biometric sensors are available in the mobile device, even if Class 2 sensors are allowed, the FIDO UAF credentials will be protected by the operating system by requiring user authentication. However, in some cases it may be acceptable for the sake of end-user convenience. Allowing Class 2 sensors will enable for instance the use of face recognition in some Samsung devices.
      Parameters:
      allowClass2Sensors - whether using Class 2 biometric sensors is allowed if the biometric authenticator is selected
      Returns:
      an AuthCloudApiRegistration
      See Also:

    • authenticatorSelector

      AuthCloudApiRegistration authenticatorSelector(AuthenticatorSelector selector)
      Specifies the object that will take care of the selection of the authenticator to be used.

      Providing the authenticator selector is required.

      Parameters:
      selector - the AuthenticatorSelector
      Returns:
      an AuthCloudApiRegistration

    • pinEnroller

      AuthCloudApiRegistration pinEnroller(PinEnroller pinEnroller)
      Specifies the object that will take care of enrolling the PIN of the authenticator. It must be provided only if a PIN authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier or FingerprintUserVerifier is required.

      Parameters:
      pinEnroller - the PinEnroller
      Returns:
      an AuthCloudApiRegistration

    • fingerprintUserVerifier

      AuthCloudApiRegistration fingerprintUserVerifier(FingerprintUserVerifier userVerifier)
      Specifies the object that will take care of the fingerprint user verification. It must be provided only if a fingerprint authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the FingerprintUserVerifier
      Returns:
      an AuthCloudApiRegistration

    • biometricUserVerifier

      AuthCloudApiRegistration biometricUserVerifier(BiometricUserVerifier userVerifier)
      Specifies the object that will take care of the biometric user verification. It must be provided only if a biometric authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the BiometricUserVerifier
      Returns:
      an AuthCloudApiRegistration

    • devicePasscodeUserVerifier

      AuthCloudApiRegistration devicePasscodeUserVerifier(DevicePasscodeUserVerifier userVerifier)
      Specifies the object that will take care of the device passcode user verification. It must be provided only if a device passcode authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the DevicePasscodeUserVerifier
      Returns:
      a AuthCloudApiRegistration

    • onSuccess

      AuthCloudApiRegistration onSuccess(Runnable onSuccess)
      Specifies the object that will be invoked if the registration completed successfully. This object will be invoked in the main/UI thread.

      Providing the object handling the success is required.

      Parameters:
      onSuccess - the object invoked on successful registration.
      Returns:
      an AuthCloudApiRegistration

    • onError

      AuthCloudApiRegistration onError(Consumer<AuthCloudApiError> errorConsumer)
      Specifies the object that will be invoked if the registration failed. The specified object will receive an AuthCloudApiOperationError. This object will be invoked in the main/UI thread.

      Providing the object handling the error is required.

      Parameters:
      errorConsumer - the consumer of an AuthCloudApiOperationError
      Returns:
      an AuthCloudApiRegistration