Deregistration

Deregistration removes the FIDO UAF credentials from both the mobile and the server. After deregistration, the authenticator cannot be used to authenticate again until registered again.

tip

Before being able to deregister, configure and initialize the SDK to obtain a MobileAuthenticationClient _{java, swift, objc, flutter, react native}.

For more information, see Deregistration.

To deregister an authenticator, provide the name of the user whose authenticator is to be deregistered and the AAID identifying the authenticator.

note

Providing AAID is not mandatory. If no AAID is provided that deregistration removes all authenticators belonging to the respective user.

Nevis Authentication Cloud

• An AuthorizationProvider currently does not have to be provided on Authentication Cloud backends.
• Nevis recommends using the JwsAuthorizationProvider, see authorization providers chapter below for more information.
• Future versions of the Authentication Cloud will enforce the usage of the JwsAuthorizationProvider.

In case the deregistration is called with a non-registered user, then the operation won't produce any error and completed successfully. Which implies that the onSuccess method is invoked in such cases.

Android/Kotlin

Deregistration

Android/Java

Deregistration

iOS/Swift

Deregistration

iOS/Objective-C

Deregistration

Flutter/Dart

Deregistration

React Native/TypeScript

Deregistration

Authorization providers

If authorization is required by your backend to deregister, provide an AuthorizationProvider _{java, swift, objc, flutter, react native}.

Several different AuthorizationProviders are available in the SDK, selecting the correct one depends on the backend as well as the integration scenario.

CookieAuthorizationProvider

• For Identity Suite backends using Cookie-based authorization.
• Applicable for the registration and deregistration operations.
• For deregistration, the CookieAuthorizationProvider uses the UAF Deregistration HTTP API.
• To create a cookie authorization provider, you must provide a cookie as described in section 4.1.1 of the RFC 6265.

JwtAuthorizationProvider

• For Identity Suite and Authentication Cloud backends using JWT-based authorization.
• Applicable for the registration and deregistration operations.
• For deregistration, the JwtAuthorizationProvider uses the UAF Deregistration HTTP API.
• To create this authorization provider, you must provide a JWT token.

JwsAuthorizationProvider

• For Identity Suite (using nevisFIDO 7.2402.x or newer) and Authentication Cloud backends using JWT-based authentication.
• Currently only the dergistration operation supports this AuthorizationProvider.
• The JwsAuthorizationProvider uses the Device Service HTTP API.
• This authorization provider can be used to deregister authenticators without asking the user to authenticate.

Nevis recommendation

Using the JWS Authorization Provider is the recommended way to perform the deregistration() operation as it does not require the end-user to authenticate.

EmptyAuthorizationProvider

• For Authentication Cloud and Identity Suite backends requiring no authorization.
• Android only.