Using the change PIN operation, you can modify the PIN of a registered PIN authenticator for a given user.
PinChanger is in charge of providing the old and new PINs to the SDK.
PinChanger is called by the SDK to obtain the value of the PIN to be registered.
- The application builds a
PinChangeoperation and invokes
PinChange.executejava, swift, flutter
- The SDK calls the
PinChanger.changePinjava, swift, flutter method.
- The application asks the user to provide the old and the new PIN. For example, the application displays a textbox where the user provides the old PIN and another textbox to define the new one.
- The user provides the PINs.
- The application provides the PINs invoking the
PinChangeHandler.pinsjava, swift, flutter method.
- The SDK validates that the old PIN is valid, and that thew new PIN is compliant with the
PinPolicyjava, swift, flutter.
- If the provided new PIN is not compliant with the PIN policy, the SDK invokes
PinChanger.changePinagain and the
PinChangeContextjava, swift, flutter contains a recoverable error. The same occurs if the provided old PIN is not valid, but the PIN authenticator is not locked yet.
- If the provided old PIN is not valid, and too many failed attempts occurred, then the operation fails and the object managing the error provided in the
onErrormethod when building the operation is invoked. For more information on PIN lockout, see Brute force attack prevention.
- If the provided PINs are valid, and the modification is successful, the object provided in the
onSuccessmethod when building the registration operation is invoked.
Decode out-of-band payload
Out-of-band operations occur when a message is delivered to the application through an alternate channel like a push notification, a QR code, or a deep link. The application is responsible to create an
OutOfBandPayload java, swift, flutter object from the data contained in such a message.
Out-of-band payload from QR code
An example to get an
OutOfBandPayload after scanning a Nevis mobile authentication registration QR code looks something like this:
Out-of-band payload from push notification
In case of push notifications, the
OutOfBandPayload is provided in a platform-specific object:
The code uses a
com.google.gson.Gson object to generate JSON for Android.
Change device information
DeviceInformation java, swift, flutter can be provided. The
DeviceInformation contains the name identifying your device, and also the Firebase Cloud Messaging registration token Android, iOS, Flutter used by the backend to send authentication push notifications to your application.
Handle changes in the Firebase registration token
If the Firebase token changes, the application has to inform the server about that change, otherwise future dispatching does not work.
In case of Android, changes in the Firebase registration token update are identified inside the implementation of the
com.google.firebase.messaging.FirebaseMessagingService class of your application. iOS identifies the changes using
Firebase.MessagingDelegate. Flutter identifies the changes by subscribing to the
Disable push notifications
LocalData.accountsjava, swift, flutter to get the registered accounts.
LocalData.deviceInformationjava, swift, flutter to get the device information.
LocalData.authenticatorsjava, swift, flutter to get the authenticator information.
Remove local data
You may need to delete the authenticator data stored by the SDK, for example, after a potential attack. Deregistration may not possible because deregistration is usually a protected operation that needs user intervention to obtain authorization.