Nevis Mobile Authentication SDK React Native plugin
    Preparing search index...

    Class AuthCloudApiRegistrationAbstract

    The object that can be used to trigger a registration operation from the response to the Authentication Cloud API enroll request.

    Usage example:

      class AuthenticatorSelectorImpl extends AuthenticatorSelector {
          async selectAuthenticator(
              context: AuthenticatorSelectionContext,
              handler: AuthenticatorSelectionHandler
          ): Promise<void> {
              await handler.aaid(aaid).catch(console.error);
          }
      }

      class BiometricUserVerifierImpl extends BiometricUserVerifier {
          async verifyBiometric(
              context: BiometricUserVerificationContext,
              handler: BiometricUserVerificationHandler
          ): Promise<void> {
              await handler
                  .listenForOsCredentials(
                      BiometricPromptOptions.create(
                          'Biometric authentication required',
                          'Cancel',
                          'Please identify yourself.'
                      )
                  )
                  .catch(console.error);
          }
      }

      async register(
          client: MobileAuthenticationClient,
          enrollResponse: string,
          deviceInformation: DeviceInformation
       ): Promise<void> {
          await client.operations.authCloudApiRegistration
              .enrollResponse(enrollResponse)
              .deviceInformation(deviceInformation)
              .authenticatorSelector(new AuthenticatorSelectorImpl())
              .biometricUserVerifier(new BiometricUserVerifierImpl())
              .onSuccess(() => {
                  // handle success
              })
              .onError((_error) => {
                  // handle error
              })
              .execute();
       }

    The biometric, device passcode and fingerprint authenticators are enrolled at the OS level. That is why, if one of them must be registered, the user must authenticate through BiometricUserVerifier, DevicePasscodeUserVerifier or FingerprintUserVerifier. In the case of the PIN and password, the credentials are enrolled during, so no authentication is needed.

    Operations.authCloudApiRegistration

    Hierarchy (View Summary)

    Index

    Methods

    enrollResponse appLinkUri deviceInformation allowClass2AndroidSensors allowStrongBox allowDevicePasscodeAsFallback invalidateOnNewOsBiometrics authenticatorSelector pinEnroller passwordEnroller biometricUserVerifier devicePasscodeUserVerifier fingerprintUserVerifier onSuccess onError requestHeaders execute

    Methods

    • Specifies the value of the appLinkUri attribute in the enroll response sent by the server.

      The URL has the following format https://{instance}-app.mauth.nevis.cloud/open?dispatchTokenResponse=<dispatchTokenResponse>.

      IMPORTANT
      You must provide either the appLinkUri through this method, or the whole response with the enrollResponse method. Only one of them can be provided.

      Parameters

      • appLinkUri: string

        the URL contained in the appLinkUri attribute value.

      Returns AuthCloudApiRegistration

      an AuthCloudApiRegistration object.

    • Specifies whether Class 2 (formerly weak) biometric sensors are allowed if the biometric authenticator is selected.

      IMPORTANT
      This method is Android specific and will be ignored on iOS platform.

      By default, the SDK will only allow to use Class 3 (formerly strong) sensors. Using Class 2 sensors is less secure and discouraged. When a Class 2 sensor is used, the FIDO UAF keys are not protected by the operating system by requiring user authentication, nor can they be invalidated when biometrics change (see invalidateOnNewOsBiometrics).

      If the SDK detects that only Class 3 (strong) biometric sensors are available in the mobile device, even if Class 2 sensors are allowed, the FIDO UAF credentials will be protected by the operating system by requiring user authentication.

      However, in some cases it may be acceptable for the sake of end-user convenience. Allowing Class 2 sensors will enable for instance the use of face recognition in some Samsung devices.

      Parameters

      • allowClass2AndroidSensors: boolean

        specifies whether Class 2 biometric sensors are allowed if the biometric authenticator is selected.

      Returns AuthCloudApiRegistration

      an AuthCloudApiRegistration object.

    • Specifies whether the SDK should try to store the FIDO UAF keys in StrongBox.

      IMPORTANT
      This method is Android specific and will be ignored on iOS platform.

      We recommend to use StrongBox, but we have seen incompatibility with some devices during registration. So, if you want to maximize the number of devices that are compatible with your application, you may consider opting out of using StrongBox by providing false to this method. See here for details.

      Note also that with some devices creating a key in StrongBox can take more than 10 seconds, so registration is usually slower when StrongBox is used.

      If not specified, the SDK will try to store FIDO UAF credentials in StrongBox if available.

      Parameters

      • allowStrongBox: boolean

        specifies whether the SDK should try to store the FIDO UAF keys in StrongBox.

      Returns AuthCloudApiRegistration

      an AuthCloudApiRegistration object.

    • Specifies whether the OS device passcode can be used as fallback during biometric authentication.

      If not specified, the device passcode cannot be used as fallback.

      This setting and invalidateOnNewOsBiometrics cannot be enabled together.

      Parameters

      • allowDevicePasscodeAsFallback: boolean

        indicates whether the device passcode can be used as fallback when using the biometric authenticator.

      Returns AuthCloudApiRegistration

      an AuthCloudApiRegistration object.

    • Specifies whether the authenticator must be invalidated if the user changes biometric credentials in the OS settings.

      If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCodeType.KeyDisappearedPermanently will be returned by the authentication operation.

      This setting only applies to biometric Aaid.BIOMETRIC and fingerprint Aaid.FINGERPRINT authenticators.

      By setting this parameter to true, you increase the security but there is a loss of convenience: changing biometric credentials in the OS settings does not necessarily imply that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

      Note that on Android if the device supports Class 2 sensors, and if Class 2 sensors are allowed (see allowClass2AndroidSensors), the value set in this method will be ignored and the authenticator will not be invalidated if the user changes biometric credentials in the OS settings.

      If not specified, the authenticator will be invalidated when the user changes biometric credentials in the OS settings.

      This setting and allowDevicePasscodeAsFallback cannot be enabled together.

      IMPORTANT
      On Android removing biometric credentials does not invalidate other existing credentials as opposed to iOS where removal also leads to invalidation.

      Parameters

      • invalidateOnNewOsBiometrics: boolean

        indicates whether changing biometric credentials in the OS should invalidate this authenticator.

      Returns AuthCloudApiRegistration

      an AuthCloudApiRegistration object.

    • Executes the operation asynchronously.

      Returns Promise<void>

    Settings

    Member Visibility

    On This Page

    Methods