Package ch.nevis.mobile.sdk.api.operation

Interface Registration

All Superinterfaces:
HttpOperation<Registration>, Operation
public interface Registration extends HttpOperation<Registration>
The object that can be used to trigger a registration operation.

Usage example: 

  private void register(Operations operations,
      String username,
      AuthorizationProvider authorizationProvider,
      DeviceInformation deviceInformation) {
      operations.registration()
          .username(username)
          .authorizationProvider(authorizationProvider)
          .deviceInformation(deviceInformation)
          .authenticatorSelector((ctx, consumer) -> {
              // select authenticator
          })
          .pinEnroller((ctx, consumer) -> {
              // handle PIN enrollment
          })
          .pinUserVerifier(pinUserVerifier)
          .onError(error -> {
              // handle error
          })
          .onSuccess(result -> {
              // handle success
          })
          .execute();
  }

The fingerprint, biometric and device passcode authenticators are enrolled at the OS level. That is why, if one of them must be registered, the user must authenticate through either the provided FingerprintUserVerifier, BiometricUserVerifier or DevicePasscodeUserVerifier. In the case of the PIN and password, the credentials is enrolled during registration, so no authentication is needed.

See Also:

  • Method Details

    • username

      Registration username(String username)
      Specifies the username that must be used to register.

      Providing the username is required.

      Parameters:
      username - the username
      Returns:
      a Registration

    • serverUrl

      Registration serverUrl(URI serverUrl)
      Specifies the base URL of the server where the registration should be made. If no server base URL is provided, then the base URL defined in Configuration.baseUrl() will be used.

      It is assumed that all the servers have the same endpoints, thus only the scheme, hostname and port of the URL of the provided URI will be taken into account.

      Examples:

      Base URL Resolution in Registration
      Configuration base URLProvided server URL in RegistrationResulting Server URL
      https://server/pathhttps://other.serverhttps://other.server/path
      https://server:443/pathhttps://other.server/pathhttps://other.server/path
      https://server/pathhttp://other.server:80/otherpathhttp://other.server:80/path
      Parameters:
      serverUrl - the URL of the server where the registration should be made.
      Returns:
      a Registration

    • authorizationProvider

      Registration authorizationProvider(AuthorizationProvider authorizationProvider)
      Specifies the authorization provider that must be used to register. If no AuthorizationProvider is given, then an AuthorizationProvider.EmptyAuthorizationProvider will be used.
      Parameters:
      authorizationProvider - the AuthorizationProvider
      Returns:
      a Registration

    • deviceInformation

      Registration deviceInformation(DeviceInformation deviceInformation)
      Specifies the device information to be used. The DeviceInformation is required only if there is not a DeviceInformation already defined (that is, if this is the first registration). If a DeviceInformation was already provided in an existing registration, the provided value will be ignored.
      Parameters:
      deviceInformation - the device information
      Returns:
      a Registration

    • allowClass2Sensors

      Registration allowClass2Sensors(boolean allowClass2Sensors)
      Specifies whether Class 2 (formerly weak) biometric sensors are allowed if the biometric authenticator is selected. By default, the SDK will only allow to use Class 3 (formerly strong) sensors. Using Class 2 sensors is less secure and discouraged. When a Class 2 sensor is used, the FIDO UAF keys are not protected by the operating system by requiring user authentication, nor they can be invalidated when biometrics change (see invalidateOnNewOsBiometrics(boolean)).

      If the SDK detects that only Class 3 (strong) biometric sensors are available in the mobile device, even if Class 2 sensors are allowed, the FIDO UAF credentials will be protected by the operating system by requiring user authentication.

      However, in some cases it may be acceptable for the sake of end-user convenience. Allowing Class 2 sensors will enable for instance the use of face recognition in some Samsung devices.

      Parameters:
      allowClass2Sensors - whether using Class 2 biometric sensors is allowed if the biometric authenticator is selected
      Returns:
      a Registration
      See Also:

    • allowDevicePasscodeAsFallback

      Registration allowDevicePasscodeAsFallback(boolean allowDevicePasscodeAsFallback)
      Specifies whether the OS device passcode (PIN, password, gesture) can be used as fallback during biometric authentication. If not specified, the device passcode cannot be used as fallback.

      This setting will be ignored on devices running Android API 29 or lower.

      This setting and invalidateOnNewOsBiometrics(boolean) cannot be enabled together.

      Parameters:
      allowDevicePasscodeAsFallback - whether the device passcode can be used as fallback when using the biometric authenticator, or not
      Returns:
      a Registration

    • invalidateOnNewOsBiometrics

      Registration invalidateOnNewOsBiometrics(boolean invalidateOnNewOsBiometrics)
      Specifies whether the authenticator must be invalidated if the user adds new biometric credentials in the OS settings. If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCode.KEY_DISAPPEARED_PERMANENTLY will be returned by the authentication operation.

      This setting only applies to biometric (Authenticator.BIOMETRIC_AUTHENTICATOR_AAID) and fingerprint (Authenticator.FINGERPRINT_AUTHENTICATOR_AAID) authenticators.

      By setting this parameter to true, you increase the security but there is a loss of convenience: adding a new OS biometric credential does not imply necessarily that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

      If not specified, the authenticator will be invalidated when the user adds a new biometric credential in the OS settings.

      Note that if the device supports Class 2 sensors, and if class 2 sensors are allowed (see allowClass2Sensors(boolean)), the value set in this method will be ignored and the authenticator will not be invalidated if the user adds new biometric credentials in the OS settings.

      There are some known issues associate with this feature when using some Google Pixel devices. See here

      for details.

      This setting will be ignored on devices running Android API 23.

      This setting and allowDevicePasscodeAsFallback(boolean) cannot be enabled together.

      Parameters:
      invalidateOnNewOsBiometrics - whether an addition of biometric credentials in the OS should invalidate this authenticator (if the authenticator is biometric or fingerprint)
      Returns:
      a Registration

    • authenticatorSelector

      Registration authenticatorSelector(AuthenticatorSelector selector)
      Specifies the object that will take care of the selection of the authenticator to be used.

      Providing the authenticator selector is required.

      Parameters:
      selector - the AuthenticatorSelector
      Returns:
      a Registration

    • pinEnroller

      Registration pinEnroller(PinEnroller pinEnroller)
      Specifies the object that will take care of enrolling the PIN of the authenticator. It must be provided only if a PIN authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier, PasswordEnroller or FingerprintUserVerifier is required.

      Parameters:
      pinEnroller - the PinEnroller
      Returns:
      a Registration

    • passwordEnroller

      Registration passwordEnroller(PasswordEnroller passwordEnroller)
      Specifies the object that will take care of enrolling the password of the authenticator. It must be provided only if a password authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier, PasswordEnroller or FingerprintUserVerifier is required.

      Parameters:
      passwordEnroller - the PasswordEnroller
      Returns:
      a Registration

    • fingerprintUserVerifier

      Registration fingerprintUserVerifier(FingerprintUserVerifier userVerifier)
      Specifies the object that will take care of the fingerprint user verification. It must be provided only if a fingerprint authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier, PasswordEnroller or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the FingerprintUserVerifier
      Returns:
      a Registration

    • biometricUserVerifier

      Registration biometricUserVerifier(BiometricUserVerifier userVerifier)
      Specifies the object that will take care of the biometric user verification. It must be provided only if a biometric authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier, PasswordEnroller or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the BiometricUserVerifier
      Returns:
      a Registration

    • devicePasscodeUserVerifier

      Registration devicePasscodeUserVerifier(DevicePasscodeUserVerifier userVerifier)
      Specifies the object that will take care of the device passcode user verification. It must be provided only if a device passcode authenticator must be registered.

      Providing at least one of the BiometricUserVerifier, PinEnroller, DevicePasscodeUserVerifier, PasswordEnroller or FingerprintUserVerifier is required.

      Parameters:
      userVerifier - the DevicePasscodeUserVerifier
      Returns:
      a Registration

    • onSuccess

      Registration onSuccess(Runnable onSuccess)
      Specifies the object that will be invoked if the registration completed successfully. This object will be invoked in the main/UI thread.

      Providing the object handling the success is required.

      Parameters:
      onSuccess - the object invoked on successful registration.
      Returns:
      a Registration

    • onError

      Registration onError(Consumer<OperationError> errorConsumer)
      Specifies the object that will be invoked if the registration failed. The specified object will receive an OperationError. This object will be invoked in the main/UI thread.

      Providing the object handling the error is required.

      Parameters:
      errorConsumer - the consumer of an OperationError
      Returns:
      a Registration