Common objects

The object representing a user account. An Account is created when a FIDO UAF registration is completed successfully.

The object defining a server. Each Account is defined in a given Server object.

Collects the Authentication Attestation IDs of all supported Authenticators.

The username which represents an Account

An object describing an authenticator.

An object containing information about the registrations of an authenticator.

The object containing the user enrollment information. Depending on the nature of the authenticator, this object will be either a OsUserEnrollment or a SdkUserEnrollment.

The object containing the user enrollment information for an authenticator whose credentials are managed by the operating system (like the FaceID. In this case, there is no notion of Account: either the authenticator is enrolled at the operating system level (for all users) or not.

The object containing the user enrollment information for an authenticator whose credentials are managed by the SDK (like the PIN authenticator).

Provides the authorization elements required to perform operations on protected resources.

Within NEVIS Mobile Authentication, nevisAuth is also involved if authentication is required to initiate a FIDO operation. When registering with FIDO UAF credentials, the HTTPClient must authenticate to obtain some authorization tokens (HTTP cookies, JWT, etc.). So the client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations (like registrations) on behalf of an arbitrary user.)

Some operations can also generate an AuthorizationProvider what the application can use to access protected resources. This is a typical case of authentication. Once the authentication is completed, some authorization tokens might have been granted.

An HTTP cookie based AuthorizationProvider.

A JWT based AuthorizationProvider.

Provides the elements required to run an operation in a session.

When authenticating with FIDO UAF credentials, the HTTPClient must provide some authorization tokens (HTTP cookies, JWT, etc.). These authorization elements might already be available, due to a previous authentication. In these cases, FIDO UAF is not used as first factor authentication, SessionProvider is used to provide the needed authorization elements to HttpClient for a FIDO UAF authentication.

The client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations on behalf of an arbitrary user.)

SessionProvider provides this functionality.

A JWT based SessionProvider

An HTTP cookie based SessionProvider.

This object describes the contents that are sent by nevisFIDO in the out-of-band use case to start an operation (registration, authentication or deregistration).

This object can be obtained from its JSON representation, which is included in a push notification message, in a QR code or in a universal link, depending on the out-of-band mechanism used.

The following example shows how you would obtain the OutOfBandPayload based on a JWE (JSON Web Encryption) payload received via Push Notification from the NEVIS Mobile Authentication backend.

Usage example:

func userNotificationCenter(_: UNUserNotificationCenter, didReceive response: UNNotificationResponse, withCompletionHandler completionHandler: @escaping () -> ()) {
    let pushNotificationHash = response.notification.request.content.userInfo
    // Convert `pushNotificationHash` to JSON string

    client.operations.outOfBandPayloadDecode
        .json(jsonPayload)
        .onSuccess(oobOperation)
        .onError { error in
            ...
        }
        .execute()
}

A RedeemData instance contains information to be redeemed in order to trigger FIDO UAF operations.

The information is extracted from different channels like QR-Code, Push Notification, etc.

Some of the operations of the SDK allow to retry the operation (or part of the operation). This object defines the different types of retry mode that can be used.