Common objects - Objective-C

The object representing a user account. An NMAAccount is created when a FIDO UAF registration is completed successfully.

The object defining a server. Each NMAAccount is defined in a given NMAServer object.

An object describing an authenticator.

Collects the Authentication Attestation IDs of all supported NMAAuthenticators.

An object containing information about the authenticators and their related registrations.

The object containing the user enrollment information. Depending on the nature of the authenticator, this object will be either an NMAOsUserEnrollment or an NMASdkUserEnrollment.

The object containing the user enrollment information for an authenticator whose credentials are managed by the operating system (like the FaceID. In this case, there is no notion of Account: either the authenticator is enrolled at the operating system level (for all users) or not.

The object containing the user enrollment information for an authenticator whose credentials are managed by the SDK (like the PIN authenticator).

Provides the authorization elements required to perform operations on protected resources.

Within NEVIS Mobile Authentication, nevisAuth is also involved if authentication is required to initiate a FIDO operation. When registering with FIDO UAF credentials, the HTTPClient must authenticate to obtain some authorization tokens (HTTP cookies, JWT, etc.). So the client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations (like registrations) on behalf of an arbitrary user.)

Some operations can also generate an NMAAuthorizationProvider what the application can use to access protected resources. This is a typical case of authentication. Once the authentication is completed, some authorization tokens might have been granted.

A helper class for NSHTTPCookie handling.

An HTTP cookie based NMAAuthorizationProvider.

A JWT based NMAAuthorizationProvider.

A JWS NMAAuthorizationProvider.

Provides the elements required to run an operation in a session.

When authenticating with FIDO UAF credentials, the HTTPClient must provide some authorization tokens (HTTP cookies, JWT, etc.). These authorization elements might already be available, due to a previous authentication. In these cases, FIDO UAF is not used as first factor authentication, NMASessionProvider is used to provide the needed authorization elements to HttpClient for a FIDO UAF authentication.

The client can access the protected resource (f.e.: the FIDO UAF registration endpoints) by providing these authorization elements. (This is to avoid that an attacker could initiate and successfully complete operations on behalf of an arbitrary user.)

NMASessionProvider provides this functionality.

Currently only cookie based session management is supported. See NMACookieSessionProvider

A JWT based NMASessionProvider.

An HTTP cookie based NMASessionProvider.

This object describes the contents that are sent by nevisFIDO in the out-of-band use case to start an operation (registration, authentication or deregistration).

This object can be obtained from its JSON representation, which is included in a push notification message, in a QR code or in a universal link, depending on the out-of-band mechanism used.

The following example shows how you would obtain the NMAOutOfBandPayload based on a JWE (JSON Web Encryption) payload received via Push Notification from the NEVIS Mobile Authentication backend.

Usage example:

- (void)userNotificationCenter:(UNUserNotificationCenter *)center didReceiveNotificationResponse:(UNNotificationResponse *)response withCompletionHandler:(void (^)(void))completionHandler {
    NSDictionary *pushNotificationHash = [[[[response notification] request] content] userInfo];
    // Convert `pushNotificationHash` to JSON string

    id<NMAOutOfBandPayloadDecode> oobPayloadDecode = [[client operations] outOfBandPayloadDecode];
    [oobPayloadDecode json:jsonPushNotification];
    [oobPayloadDecode onSuccess:^(id<NMAOutOfBandPayload> _Nonnull oobPayload) {
        // Payload is returned by the SDK.
    }];
    [oobPayloadDecode onError:^(NMAOutOfBandPayloadError * _Nonnull error) {...}];
    [oobPayloadDecode execute];
}

The list of supported content types for the encoded data.

AnNMARedeemData instance contains information to be redeemed in order to trigger FIDO UAF operations.

The information is extracted from different channels like QR-Code, Push Notification, etc.

Some of the operations of the SDK allow to retry the operation (or part of the operation).

Do not retry: in case of failure the operation will report the error without retrying.

The operation will be retried periodically with a maximum number of tries.

The operation will be retried at exponential intervals. Delay will be incremented by multiplier after each iteration (multiplier = 0.5 means 50% increment).

The NMADeviceInformation is stored a set of generic credentials representing dispatch targets in nevisIDM. For each account there is a generic credential in nevisIDM. This object exposes the value of the Identification attribute of each of the generic credentials for each account.

The object defining a non-redeemed out-of-band operation as defined in the in the Get Device Out-of-Band Operations service.

The object with the non-redeemed out-of-band operations returned by nevisFIDO in the Get Device Out-of-Band Operations service.

If the pending operations in a given server could be found, but they failed for another server: The found operations will be returned by the operations method, and the error will be returned by the errors method.

The different dispatch channels (dispatchers in nevisFIDO terminology) that can be used with to transmit the out-of-band operation: the out-of-band operation reaches the application either through a QR code, a FCM push notification or a link.