Class AuthCloudApiRegistrationAbstract

The object that can be used to trigger a registration operation from the response to the Authentication Cloud API enroll request.

Usage example:

  class AuthenticatorSelectorImpl extends AuthenticatorSelector {
      async selectAuthenticator(
          context: AuthenticatorSelectionContext,
          handler: AuthenticatorSelectionHandler
      ): Promise<void> {
          await handler.aaid(aaid).catch(console.error);
      }
  }

  class BiometricUserVerifierImpl extends BiometricUserVerifier {
      async verifyBiometric(
          context: BiometricUserVerificationContext,
          handler: BiometricUserVerificationHandler
      ): Promise<void> {
          await handler
              .listenForOsCredentials(
                  BiometricPromptOptions.create(
                      'Biometric authentication required',
                      'Cancel',
                      'Please identify yourself.'
                  )
              )
              .catch(console.error);
      }
  }

  async register(
      client: MobileAuthenticationClient,
      enrollResponse: string,
      deviceInformation: DeviceInformation
   ): Promise<void> {
      await client.operations.authCloudApiRegistration
          .enrollResponse(enrollResponse)
          .deviceInformation(deviceInformation)
          .authenticatorSelector(new AuthenticatorSelectorImpl())
          .biometricUserVerifier(new BiometricUserVerifierImpl())
          .onSuccess(() => {
              // handle success
          })
          .onError((_error) => {
              // handle error
          })
          .execute();
   }

The biometric, device passcode and fingerprint authenticators are enrolled at the OS level. That is why, if one of them must be registered, the user must authenticate through BiometricUserVerifier, DevicePasscodeUserVerifier or FingerprintUserVerifier. In the case of the PIN and password, the credentials are enrolled during, so no authentication is needed.

See

Operations.authCloudApiRegistration

Hierarchy

Methods

enrollResponse appLinkUri deviceInformation allowClass2AndroidSensors allowDevicePasscodeAsFallback invalidateOnNewOsBiometrics authenticatorSelector pinEnroller passwordEnroller biometricUserVerifier devicePasscodeUserVerifier fingerprintUserVerifier onSuccess onError requestHeaders execute

Methods

Abstract enrollResponse

Abstract appLinkUri

  • Specifies the value of the appLinkUri attribute in the enroll response sent by the server.

    The URL has the following format https://{instance}-app.mauth.nevis.cloud/open?dispatchTokenResponse=<dispatchTokenResponse>.

    IMPORTANT
    You must provide either the appLinkUri through this method, or the whole response with the enrollResponse method. Only one of them can be provided.

    Parameters

    • appLinkUri: string

      the URL contained in the appLinkUri attribute value.

    Returns AuthCloudApiRegistration

    an AuthCloudApiRegistration object.

Abstract deviceInformation

Abstract allowClass2AndroidSensors

  • Specifies whether Class 2 (formerly weak) biometric sensors are allowed if the biometric authenticator is selected.

    IMPORTANT
    This method is Android specific and will be ignored on iOS platform.

    By default, the SDK will only allow to use Class 3 (formerly strong) sensors. Using Class 2 sensors is less secure and discouraged. When a Class 2 sensor is used, the FIDO UAF keys are not protected by the operating system by requiring user authentication.

    If the SDK detects that only Class 3 (strong) biometric sensors are available in the mobile device, even if Class 2 sensors are allowed, the FIDO UAF credentials will be protected by the operating system by requiring user authentication.

    However, in some cases it may be acceptable for the sake of end-user convenience. Allowing Class 2 sensors will enable for instance the use of face recognition in some Samsung devices.

    Parameters

    • allowClass2AndroidSensors: boolean

      specifies whether Class 2 biometric sensors are allowed if the biometric authenticator is selected.

    Returns AuthCloudApiRegistration

    an AuthCloudApiRegistration object.

Abstract allowDevicePasscodeAsFallback

  • Specifies whether the OS device passcode can be used as fallback during biometric authentication.

    If not specified, the device passcode cannot be used as fallback.

    Parameters

    • allowDevicePasscodeAsFallback: boolean

      indicates whether the device passcode can be used as fallback.

    Returns AuthCloudApiRegistration

    an AuthCloudApiRegistration object.

Abstract invalidateOnNewOsBiometrics

  • Specifies whether the authenticator must be invalidated if the user adds new biometric credentials in the OS settings. If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCodeType.KeyDisappearedPermanently will be returned by the authentication operation.

    This setting only applies to biometric Aaid.BIOMETRIC and fingerprint Aaid.FINGERPRINT authenticators. By setting this parameter to true, you increase the security but there is a loss of convenience: adding a new OS biometric credential does not imply necessarily that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

    If not specified, the authenticator will be invalidated when the user adds a new biometric credential in the OS settings.

    Parameters

    • invalidateOnNewOsBiometrics: boolean

      indicates whether an addition of biometric credentials in the OS should invalidate this authenticator.

    Returns AuthCloudApiRegistration

    an AuthCloudApiRegistration object.

Abstract authenticatorSelector

Abstract pinEnroller

Abstract passwordEnroller

Abstract biometricUserVerifier

Abstract devicePasscodeUserVerifier

Abstract fingerprintUserVerifier

Abstract onSuccess

  • Specifies the object that will be invoked if the registration completed successfully.

    IMPORTANT
    Providing the onSuccess is required.

    Parameters

    • onSuccess: (() => void)

      the callback which is invoked on successful registration.

        • (): void

        • Returns void

    Returns AuthCloudApiRegistration

    an AuthCloudApiRegistration object.

Abstract onError

Abstract requestHeaders

Abstract execute

  • Executes the operation asynchronously.

    Returns Promise<void>

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc