Nevis Mobile Authentication SDK React Native plugin
    Preparing search index...

    Class OutOfBandRegistrationAbstract

    The operation handling an out-of-band registration. This is the object returned by the SDK, when an OutOfBandPayload was processed and the OutOfBandPayload corresponds to a registration operation.

    Usage example:

      class AuthenticatorSelectorImpl extends AuthenticatorSelector {
          async selectAuthenticator(
              context: AuthenticatorSelectionContext,
              handler: AuthenticatorSelectionHandler
          ): Promise<void> {
              await handler.aaid(aaid).catch(console.error);
          }
      }

      class BiometricUserVerifierImpl extends BiometricUserVerifier {
          async verifyBiometric(
              context: BiometricUserVerificationContext,
              handler: BiometricUserVerificationHandler
          ): Promise<void> {
              await handler
                  .listenForOsCredentials(
                      BiometricPromptOptions.create(
                          'Biometric authentication required',
                          'Cancel',
                          'Please identify yourself.'
                      )
                  )
                  .catch(console.error);
          }
      }

      async registerWithOutOfBand(
          client: MobileAuthenticationClient,
          payload: OutOfBandPayload,
          deviceInformation: DeviceInformation
      ): Promise<void> {
           await client.operations.outOfBandOperation
               .payload(payload)
               .onRegistration((registration) => {
                   registration
                       .deviceInformation(deviceInformation)
                       .authenticatorSelector(new AuthenticatorSelectorImpl())
                       .biometricUserVerifier(new BiometricUserVerifierImpl())
                       .onSuccess(() => {
                           // handle success
                       })
                       .onError((_error) => {
                           // handle error
                       })
                       .execute();
               })
               .onAuthentication((authentication) => {
                   // handle authentication
               })
               .onError((_error) => {
                   // handle out-of-band error
               })
               .execute();
      }

    The biometric, device passcode and fingerprint authenticators are enrolled at the OS level. That is why, if one of them must be registered, the user must authenticate through BiometricUserVerifier, DevicePasscodeUserVerifier or FingerprintUserVerifier. In the case of the PIN and password, the credentials are enrolled during registration, so no authentication is needed.

    OutOfBandOperation.onRegistration

    Hierarchy (View Summary)

    Index

    Methods

    requestHeaders execute deviceInformation allowClass2AndroidSensors allowStrongBox allowDevicePasscodeAsFallback invalidateOnNewOsBiometrics authenticatorSelector pinEnroller passwordEnroller biometricUserVerifier devicePasscodeUserVerifier fingerprintUserVerifier onSuccess onError

    Methods

    • Executes the operation asynchronously.

      Returns Promise<void>

    • Specifies whether Class 2 (formerly weak) biometric sensors are allowed if the biometric authenticator is selected.

      IMPORTANT
      This method is Android specific and will be ignored on iOS platform.

      By default, the SDK will only allow to use Class 3 (formerly strong) sensors. Using Class 2 sensors is less secure and discouraged. When a Class 2 sensor is used, the FIDO UAF keys are not protected by the operating system by requiring user authentication, nor can they be invalidated when biometrics change (see invalidateOnNewOsBiometrics).

      If the SDK detects that only Class 3 (strong) biometric sensors are available in the mobile device, even if Class 2 sensors are allowed, the FIDO UAF credentials will be protected by the operating system by requiring user authentication.

      However, in some cases it may be acceptable for the sake of end-user convenience. Allowing Class 2 sensors will enable for instance the use of face recognition in some Samsung devices.

      Parameters

      • allowClass2AndroidSensors: boolean

        specifies whether Class 2 biometric sensors are allowed if the biometric authenticator is selected.

      Returns OutOfBandRegistration

      an OutOfBandRegistration object.

    • Specifies whether the SDK should try to store the FIDO UAF keys in StrongBox.

      IMPORTANT
      This method is Android specific and will be ignored on iOS platform.

      We recommend to use StrongBox, but we have seen incompatibility with some devices during registration. So, if you want to maximize the number of devices that are compatible with your application, you may consider opting out of using StrongBox by providing false to this method. See here for details.

      Note also that with some devices creating a key in StrongBox can take more than 10 seconds, so registration is usually slower when StrongBox is used.

      If not specified, the SDK will try to store FIDO UAF credentials in StrongBox if available.

      Parameters

      • allowStrongBox: boolean

        specifies whether the SDK should try to store the FIDO UAF keys in StrongBox.

      Returns OutOfBandRegistration

      an OutOfBandRegistration object.

    • Specifies whether the OS device passcode can be used as fallback during biometric authentication.

      If not specified, the device passcode cannot be used as fallback.

      This setting and invalidateOnNewOsBiometrics cannot be enabled together.

      Parameters

      • allowDevicePasscodeAsFallback: boolean

        indicates whether the device passcode can be used as fallback when using the biometric authenticator.

      Returns OutOfBandRegistration

      an OutOfBandRegistration object.

    • Specifies whether the authenticator must be invalidated if the user changes biometric credentials in the OS settings.

      If the authenticator has been invalidated, and you try to authenticate with it, an error with code FidoErrorCodeType.KeyDisappearedPermanently will be returned by the authentication operation.

      This setting only applies to biometric Aaid.BIOMETRIC and fingerprint Aaid.FINGERPRINT authenticators.

      By setting this parameter to true, you increase the security but there is a loss of convenience: changing biometric credentials in the OS settings does not necessarily imply that there is a security risk, but if the end-user does it, a new registration will be required, because an invalidated authenticator cannot be recovered.

      Note that on Android if the device supports Class 2 sensors, and if Class 2 sensors are allowed (see allowClass2AndroidSensors), the value set in this method will be ignored and the authenticator will not be invalidated if the user changes biometric credentials in the OS settings.

      If not specified, the authenticator will be invalidated when the user changes biometric credentials in the OS settings.

      This setting and allowDevicePasscodeAsFallback cannot be enabled together.

      IMPORTANT
      On Android removing biometric credentials does not invalidate other existing credentials as opposed to iOS where removal also leads to invalidation.

      Parameters

      • invalidateOnNewOsBiometrics: boolean

        indicates whether changing biometric credentials in the OS should invalidate this authenticator.

      Returns OutOfBandRegistration

      an OutOfBandRegistration object.

    Settings

    Member Visibility

    On This Page

    Methods