Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

iOS SDK

Implicit user authentication

search

Implicit user authentication

The iOS SDK allows you to authenticate users implicitly (without user interaction) using the device credentials. You can use it only for regular authentication, mobile authentication is not supported. Before you start using the implicit authentication, you have to manually enable it in the client configuration in the IDAAS-core.

Limitation

Only one user can be implicitly authenticated at a time. The implicit user session is separated from the regular user session. This way one user might be authenticated with PIN and at the same time another user (or the same one) might be authenticated implicitly. A user must be registered before they can be authenticated implicitly.

Implicitly authenticating another user will cause the current implicitly authenticated user to be logged out.

Implement implicit user authentication

Implicit user authentication is accomplished using the SharedUserClient.instance.implicitlyAuthenticate method. It requires the following arguments:

  • userProfile is the profile you want to authenticate implicitly.
  • string is the list of scopes that you want to request. It should be a subset of the scopes already granted to the UserProfile during registration, or null, if you want to request all the scopes granted during user registration.
  • completion is a block that will be called at implicit authentication completion. The completion block will be executed with success or with an error from the ONGGenericErrorDomain domain.

When the user is authenticated implicitly, they will be able to fetch resources implicitly. Fetching a resource is done using the UserClient fetchImplicitResource:completion: method. You can find the documentation on how to use this method in accessing secure resources

Example: implicitly log in registered user

    SharedUserClient.instance.implicitlyAuthenticate(user: profile, with: scopes) { error in
        if error == nil {
            // Update UI, fetch implicit resource
            ...
    } else {
        // Handle errors from ONGGenericErrorDomain error domain
        if (error.code == ONGGenericErrorUserDeregistered) {
        // Handle user deregister error
        ...
        } else if (error.code == ONGGenericErrorDeviceDeregistered) {
        // Handle device deregisterd error
        ...
        }
        ...
    }
    }

    [[ONGUserClient sharedInstance] implicitlyAuthenticateUser:userProfile
                                                        scopes:scopes
                                                    completion:^(BOOL success, NSError *_Nullable error) {
            if (success)
            // Update UI, fetch implicit resource
            ...
            } else {
            // Handle errors from ONGGenericErrorDomain error domain
            if (error.code == ONGGenericErrorUserDeregistered) {
                // Handle user deregister error
                ...
            } else if (error.code == ONGGenericErrorDeviceDeregistered) {
                // Handle device deregisterd error
                ...
            }
            ...
            }
        ];

On this page