Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

iOS SDK

Registration with a third-party mobile app

search

Registration with a third-party mobile app

Registration with third-party mobile application (also known as App2App) is possible using two-step registration.

Prerequisites

A number of properties need to be set up on the backend side, to be sure that it is properly configured. A two-step custom registration IDP with scripts for both init and complete steps needs to be set up. The third-party app needs to be installed on the device, and ready to receive and emit iOS Universal Links.

Flow overview

Flow overview of registration with a third-party mobile app

  1. App initiates custom registration with init request (with empty data)
  2. Init responses with JSON: sessionId and app link (the example of the response is shown in step 2 below)
  3. App opens the third-party app using app link.
  4. Third-party app authenticates the user and navigates back to the app using the app link.
  5. App extracts artefactId from the app link and sends it to the backend along with the sessionId.
  6. Registration finishes and the app receives an access or refresh token.
  7. Proceed with PIN creation flow.

Example of the flow

Your app needs to be able to receive Universal Links from the third-party app. Be sure to register the correct URL scheme.

Step 1

// identity provider is two-step IDP configured on the backend
userClient.registerUserWith(identityProvider: identityProvider, scopes: ["read"], delegate: self)

func userClient(_ userClient: UserClient, didReceiveCustomRegistrationInitChallenge challenge: 
                CustomRegistrationChallenge) {
    // custom registration with init request (with empty data)
    challenge.sender.respond(with: nil, to: challenge)
}

Step 2

func userClient(_ userClient: UserClient, didReceiveCustomRegistrationFinishChallenge challenge:    
                CustomRegistrationChallenge) {
     // parse challenge of Init response JSON (example of Init response is shown below)
  ...
     // do not respond for the challenge yet
     // open third party app using app link taken from the response
  ...
}
Example of Init response:
{
            "sessionID": "Njg3NTM0NTYzQzk4M0FGOTRGMDQyRjhGRjlDMDgxN0F8OGVhOTgzYWYtNzEzNC00ZTQwLT
            "digidRequest": "https://app-preprod1.digid.nl/digid-app?app-app=eyAiSWNvbiI6Imh0dHB
}

Step 3

The app opens the third-party app using the app link.

Step 4

The third-party app authenticates the user and navigates back to the app using the app link.

Step 5

The app extracts data: artefactId from the app link and sends it to the backend along with the sessionId.

// data with with artefactId and sessionId
customRegistrationFinishChallenge.sender.respond(with: data, to: customRegistrationFinishChallenge)

Step 6

Registration finishes and the app receives an access or refresh token.

On this page