AuthCloudApiRegistration
public protocol AuthCloudApiRegistration : HttpOperation
The object that can be used to trigger a registration operation from the response of the Cloud HTTP API to the enroll (https://$instance.mauth.nevis.cloud/api/v1/users/enroll) endpoint.
Usage example:
class AuthenticatorSelectorImpl: AuthenticatorSelector {
func selectAuthenticator(context: AuthenticatorSelectionContext, handler: AuthenticatorSelectionHandler) {
handler.aaid(aaid)
}
}
class BiometricUserVerifierImpl: BiometricUserVerifier {
func verifyBiometric(context: BiometricUserVerificationContext, handler: BiometricUserVerificationHandler) {
handler.verify()
}
}
class DevicePasscodeUserVerifierImpl: DevicePasscodeUserVerifier {
func verifyDevicePasscode(context: DevicePasscodeUserVerificationContext, handler: DevicePasscodeUserVerificationHandler) {
handler.verify()
}
}
class PinEnrollerImpl: PinEnroller {
func enrollPin(context: PinEnrollmentContext, handler: PinEnrollmentHandler) {
handler.pin(pin)
}
}
class PasswordEnrollerImpl: PasswordEnroller {
func enrollPassword(context: PasswordEnrollmentContext, handler: PasswordEnrollmentHandler) {
handler.password(password)
}
}
let deviceInformation = DeviceInformation(name: "<Device name>", fcmRegistrationToken: "<FCM token>")
client.operations.authCloudApiRegistration
.deviceInformation(deviceInformation)
.enrollResponse(enrollResponse)
.authenticatorSelector(AuthenticatorSelectorImpl(...))
.biometricUserVerifier(BiometricUserVerifierImpl(...))
.devicePasscodeUserVerifier(DevicePasscodeUserVerifierImpl(...))
.pinEnroller(PinEnrollerImpl(...))
.passwordEnroller(PasswordEnrollerImpl(...))
.onError { error in
...
}
.onSuccess { authorizationProvider in
...
}
.execute()
The biometric and device Passcode authenticators are enrolled at the OS level.
That is why, if one of them must be registered, the user must authenticate through BiometricUserVerifier
or DevicePasscodeUserVerifier
.
In the case of the PIN and password, the credentials are enrolled during registration, so no verification is needed.
-
Specifies the response of the Cloud HTTP API to the enroll (https://$instance.mauth.nevis.cloud/api/v1/users/enroll) endpoint. The JSON has the following format:
{ "userId": "<userID>", "username": "<username>", "status": "new", "createdAt": "<timestamp>", "updatedAt": "<timestamp>", "authenticators": [], "enrollment": { "transactionId": "<transactionID>", "statusToken": "<statusToken>", "qrCode": { "type": "<image mime type>", "size": <size>, "dataUri": "data:<image mime type>;base64,<image>" }, "appLinkUri": "https://{instance}.mauth.nevis.cloud/open?dispatchTokenResponse=<dispatchTokenResponse>" } }
Important
You must provide either the whole response through this method, or the URL with theappLinkUri(_:)
method. Only one of them can be provided.Declaration
Swift
@discardableResult func enrollResponse(_ response: String) -> AuthCloudApiRegistration
Parameters
response
the JSON response of the enroll endpoint.
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the value of the
appLinkUri
attribute in the enroll response sent by the server. The URL has the following formathttps://{instance}-app.mauth.nevis.cloud/open?dispatchTokenResponse=<dispatchTokenResponse>
.Important
You must provide either theAuthCloudApiRegistration/appLinkUri(_:)
through the method, or the whole response with theenrollResponse(_:)
method. Only one of them can be provided.Declaration
Swift
@discardableResult func appLinkUri(_ appLinkUri: String) -> AuthCloudApiRegistration
Parameters
appLinkUri
the URL contained in the
appLinkUri
attribute value.Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the device information to be used. The
DeviceInformation
is required only if there is not aDeviceInformation
already defined (that is, if this is the first registration). If aDeviceInformation
was already provided in an existing registration, the provided value will be ignored.Declaration
Swift
@discardableResult func deviceInformation(_ deviceInformation: DeviceInformation) -> AuthCloudApiRegistration
Parameters
deviceInformation
the device information.
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies whether the OS device passcode can be used as fallback during biometric authentication. If not specified, the device passcode cannot be used as fallback.
Declaration
Swift
@discardableResult func allowDevicePasscodeAsFallback(_ allowDevicePasscodeAsFallback: Bool) -> AuthCloudApiRegistration
Parameters
allowDevicePasscodeAsFallback
indicates whether the device passcode can be used as fallback.
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies whether the authenticator must be invalidated if the user adds new biometric credentials in the OS settings. If the authenticator has been invalidated, and you try to authenticate with it, an error with code
FidoErrorCode.keyDisappearedPermanently
will be returned by the authentication operation.This setting only applies to faceRecognition (
AuthenticatorAaid.FaceRecognition
) and fingerprint (AuthenticatorAaid.Fingerprint
) authenticators. By setting this parameter totrue
, you increase the security but there is a loss of convenience: adding a new OS biometric credential does not imply necessarily that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered. If not specified, the authenticator will be invalidated when the user adds a new biometric credential in the OS settings.Declaration
Swift
@discardableResult func invalidateOnNewOsBiometrics(_ invalidateOnNewOsBiometrics: Bool) -> AuthCloudApiRegistration
Parameters
invalidateOnNewOsBiometrics
indicates whether an addition of biometric credentials in the OS should invalidate this authenticator (if the authenticator is Face ID or Touch ID)
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the object that will take care of the selection of the authenticator to be used.
Important
Providing the authenticator selector is required.Declaration
Swift
@discardableResult func authenticatorSelector(_ authenticatorSelector: AuthenticatorSelector) -> Self
Parameters
authenticatorSelector
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the object that will take care of the biometric user verification. It must be provided only if a biometric authenticator must be registered.
Important
Providing at least one of theBiometricUserVerifier
,DevicePasscodeUserVerifier
,PinEnroller
orPasswordEnroller
is required.Declaration
Swift
@discardableResult func biometricUserVerifier(_ biometricUserVerifier: BiometricUserVerifier) -> Self
Parameters
biometricUserVerifier
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the object that will take care of the device passcode user verification.
Important
Providing at least one of theBiometricUserVerifier
,DevicePasscodeUserVerifier
,PinEnroller
orPasswordEnroller
is required.Declaration
Swift
@discardableResult func devicePasscodeUserVerifier(_ devicePasscodeUserVerifier: DevicePasscodeUserVerifier) -> Self
Parameters
devicePasscodeUserVerifier
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the object that will take care of enrolling the PIN of the authenticator. It must be provided only if a PIN authenticator must be registered.
Important
Providing at least one of theBiometricUserVerifier
,DevicePasscodeUserVerifier
,PinEnroller
orPasswordEnroller
is required.Declaration
Swift
@discardableResult func pinEnroller(_ pinEnroller: PinEnroller) -> AuthCloudApiRegistration
Parameters
pinEnroller
the
PinEnroller
.Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the object that will take care of enrolling the password of the authenticator. It must be provided only if a password authenticator must be registered.
Important
Providing at least one of theBiometricUserVerifier
,DevicePasscodeUserVerifier
,PinEnroller
orPasswordEnroller
is required.Declaration
Swift
@discardableResult func passwordEnroller(_ passwordEnroller: PasswordEnroller) -> AuthCloudApiRegistration
Parameters
passwordEnroller
the
PasswordEnroller
.Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the block to execute if the registration was successful. This object will be invoked in the
DispatchQueue.main
thread.Important
Providing theonSuccess
block is required.Declaration
Swift
@discardableResult func onSuccess(_ onSuccess: @escaping () -> ()) -> AuthCloudApiRegistration
Parameters
onSuccess
the block to execute on successful registration.
Return Value
the
AuthCloudApiRegistration
builder. -
Specifies the block to execute if the registration failed. This object will be invoked in the
DispatchQueue.main
thread.Important
Providing theonError
block is required.Declaration
Swift
@discardableResult func onError(_ onError: @escaping (AuthCloudApiError) -> ()) -> AuthCloudApiRegistration
Parameters
onError
the block to execute on failed registration, receives an
AuthCloudApiError
.Return Value
the
AuthCloudApiRegistration
builder.