Skip to main content
Skip table of contents

Mobile Authentication

When the phone acts as both the Authenticator and the Exploiter device for an authentication the Push Authentication flow can be streamlined.

Whenever the business logic requires a step-up authentication using VeridiumID, the 3rd party server can request an authentication for the user (see Push Authentication). The sessionID received from the VeridiumID server can be used on the mobile app to start an authentication using the MobileSDK. After a successful authentication, an IdentityToken is generated asserting the identity of the user, authentication conditions and other useful information. The token is in JWT format so it can be validated offline if the signing public key was provisioned on the 3rd Party Server. The signing keystore is configured on the VeridiumID server by accessing Admin Dashboard → Configuration → config.json → certStore → signingKeystore.

iOS

CODE
class RequestResource : VIDAuthenticationDelegate {
    func resource() {
        Server.getResource() { (response) in
          if response.stepup {
            VIDMobileSDK.shared().authenticateWith(profile: profiles[0], session.vidSessionId)
          }
        }
    }

    // Somewhere handle delegates.NOTE: make sure you subscribe this class instance as delegate handler
    // MARK: VIDAuthenticationDelegate
    func didFinishAuthentication(response: VIDAuthResponse) {

        switch response.status {
        case .AUTHENTICATED:
            print("Success")
            let identityToken = response.identityToken
        case .ON_GOING_AUTHENTICATION:
            print("Continue on another device")
        case .CANCELED:
             .FAILED:
             .TIMEOUT:
             .NONE:
            print("Failed")
        }         
    }
     
    func didCancelAuthentication() { }
     
    func didFailAuthentication(error: VIDError) {
        if error.requiresBiometryRevalidation() && profile != nil {
            VIDMobileSDK.shared().reenrollBiometricAuthenticators(for: profile!)
        }
        else {
            let nsError = error as NSError
            print(nsError.localizedReason)
        }
     }
}

Android

CODE
public class ResourceAccessHandler extends Activity {

    public void getResource(Profile profile) {
        server.getResource(response -> {
            if (response.stepup) {
                VeridiumMobileSDK.getInstance().authenticate(profile, response.vidSessionId);
            }
        });
    }

    @Override
   protected void onActivityResult(int requestCode, int resultCode, @Nullable Intent data) {
        if(data.containsExtra(VeridiumMobileSDK.VERIDIUMID_KEY_ERROR_EXTRA)){
            // Handle authentication error
            return;
        }
        VeridiumIdAuthenticationResponse response = data.getParcelableExtra(VeridiumMobileSDK.VERIDIUMID_KEY_RESPONSE_EXTRA);
        String identityToken = response.getIdentityToken();
        // Validate the identity token and allow/deny access to resource
    }
}

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.