Authentication

Class to manage application authentication.

Application authentication enables a user to set an application password or PIN during setup which is then required to subsequently login to the application. Requiring an application password further protects access to the runtime’s Secure Storage and helps control authorized access when the device is off-line. This class provides functions to set, change and submit a password.

Biometrics may optionally be used as a means of authentication in order to improve the user experience. An application password must be created first so that in the case biometrics fails the user can fall back to enter their password. This class provides an easy to use interface to setup and prompt the user for their biometrics. An interface is also provided to confirm if the device supports biometrics.

The following diagrams illustrate how an application could utilize these functions.

Setup

Steps to initialize runtime when application is setup for the first time or after the user has forgotten their password.

Sign In may be prompted prior to the user setting an application password, however the IDP token should be provided to the runtime whilst in the ‘Registration’ Initialization state.

Login

Steps required for a user to login.

As secure storage is only accessible after the user has entered a valid password, a developer could optionally store a key or tokens to facilitate access to a server without needing to first prompt the user to enter their full login credentials.

Change Password

A user may change their existing password or PIN. See changePassword(from:to:)

Forgot Password

If the user forgets their application password it is necessary to call deactivate() to deactivate the runtime and perform the setup flow again. Consequentiality any data stored in Secure Storage would need to be repopulated from the server.

See more

@objc
public class AppAuthentication : NSObject