This repository contains the example app demonstrating how to use the Nevis Mobile Authentication SDK in an iOS mobile application. The Nevis Mobile Authentication SDK allows you to integrate passwordless authentication to your existing mobile app, backed by the FIDO UAF 1.1 Standard.
Some SDK features demonstrated in this example app are:
- Using the SDK with the Nevis Authentication Cloud
- Registering with QR code & app link URIs
- Simulating in-band authentication after registration
- Deregistering a registered account
- Changing the PIN of the PIN authenticator
- Changing the device information
Please note that the example app only demonstrates a subset of the available SDK features. The main purpose is to demonstrate how the SDK can be used, not to cover all supported scenarios.
Before you start compiling and using the example applications please ensure you have the following ready:
- An Authentication Cloud instance provided by Nevis.
- An access key to use with the Authentication Cloud.
Your development setup has to meet the following prerequisites:
- iOS 12 or later
- Xcode 15.4, including Swift 5.10
Dependencies in this project are provided via Cocoapods. Please install all dependencies by running
pod install
Before being able to use the example app with your Authentication Cloud instance, you'll need to update the configuration file with the right host information.
Edit the ConfigAuthenticationCloud.plist file and replace the host name information with your Authentication Cloud instance.
The example apps are supporting two kinds of configuration: authenticationCloud and identitySuite.
Note
Only build-time configuration change is supported.
To change the configuration open the AppAssembly.swift file which describes the dependency injection related configuration using the Swinject library.
The environment parameter should be changed when injecting the ConfigurationLoaderImpl component to one of the values already mentioned.
The example applications handle deep links which contain a valid dispatchTokenResponse query parameter of an out-of-band operation.
The feature is achieved with Custom URL Schemes.
Note
Further information: Define custom url scheme.
Modify the content of CFBundleURLSchemes array in the Info.plist file with the right scheme information of your environment.
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleURLSchemes</key>
<array>
<string>nevisaccess</string>
</array>
</dict>
</array>
Now you're ready to build and run the example app by choosing Product > Run from Xcode's menu or by clicking the Run button in your project’s toolbar.
Note
Running the app on an iOS device requires codesign setup.
Now that the iOS example app is up and running, it's time to try it out!
Check out our Quickstart Guide.
In this section you can find hints about how the Nevis Mobile Authentication SDK is integrated into the example app.
- All SDK invocation is implemented in a form of a use case.
- All SDK specific user interaction related protocol implementation can be found in the Interaction folder.
The InitClientUseCaseImpl class is responsible for creating and initializing a MobileAuthenticationClient instance which is the entry point to the SDK. Later this instance can be used to start the different operations.
Before being able to authenticate using the Nevis Mobile Authentication SDK, go through the registration process. Depending on the use case, there are two types of registration: in-app registration and out-of-band registration.
If the application is using a backend using the Nevis Authentication Cloud, the AuthCloudApiRegistrationUseCaseImpl class will be used by passing the enrollment response or an appLinkUri.
When the backend used by the application does not use the Nevis Authentication Cloud the name of the user to be registered is passed to the RegistrationUseCaseImpl class.
If authorization is required by the backend to register, provide an AuthorizationProvider. In the example app a CookieAuthorizationProvider is created from the cookies (see UsernamePasswordLoginViewModel) obtained by the LoginUseCase class.
When the registration is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationUseCaseImpl class starts the out-of-band operation.
Using the authentication operation, you can verify the identity of the user using an already registered authenticator. Depending on the use case, there are two types of authentication: in-app authentication and out-of-band authentication.
For the application to trigger the authentication, the name of the user is provided to the InBandAuthenticationUseCaseImpl class.
When the authentication is initiated in another device or application, the information required to process the operation is transmitted through a QR code or a link. After the payload obtained from the QR code or the link is decoded the OutOfBandOperationUseCaseImpl class starts the out-of-band operation.
There are cases when specific information is to be presented to the user during the user verification process, known as transaction confirmation. The AuthenticatorSelectionContext and the AccountSelectionContext contain a byte array with the information. In the example app it is handled in the AccountSelectorImpl class.
The DeregistrationUseCaseImpl class is responsible for deregistering either a user or all of the registered users from the device.
The change PIN operation is implemented in the ChangePinUseCaseImpl class with which you can modify the PIN of a registered PIN authenticator for a given user.
Out-of-band operations occur when a message is delivered to the application through an alternate channel like a push notification, a QR code, or a deep link. With the help of the DecodePayloadUseCaseImpl class the application can create an OutOfBandPayload either from a JSON or a Base64 URL encoded String. The OutOfBandPayload is then used to start an OutOfBandOperation, see chapters Out-of-Band Registration and Out-of-Band Authentication.
During registration, the device information can be provided that contains the name identifying your device, and also the Firebase Cloud Messaging registration token. Updating both the name and the token is implemented in the ChangeDeviceInformationUseCaseImpl class.
The following use cases are responsible for getting information with the help of LocalData:
- The GetAccountsUseCaseImpl class obtains the registered accounts.
- The GetAuthenticatorsUseCaseImpl class obtains the authenticator information.
- The GetDeviceInformationUseCaseImpl class obtains the device information.
© 2023 made with ❤ by Nevis