Secure resource access
There are three types of authentication tokens your app can use to securely access resources like account information, transactions, and so on from a back-end or resource server. A user or device needs to be authenticated before a resource can be fetched with the corresponding authentication token. Different resources might require using different methods for authentication. The following authentication token types can be used:
- User authentication (default): Requires the user to be authenticated, meaning to be authenticated with an authenticator (PIN or fingerprint for example).
- Implicit authentication: Requires the user to be implicitly authenticated, meaning the user has registered with the device before, this does not require interaction with an authenticator like PIN or fingerprint.
- Anonymous authentication: Requires the device to be registered and authenticated with the IDAAS-core, but no user has to be authenticated in any way.
The React Native SDK exposes the resourceRequest functions to perform these types of resource calls. The plugin ensures the confidentiality and authenticity of the payload. The application itself is responsible for the structure or processing of the payload.
For all resource requests, a full URL to the resource has to be specified. The IDAAS-core has a base URL configured that is also stored in the IDAAS-core configuration file. You can retrieve this URL using getResourceBaseUrl and all resource requests will have to be made on this URL with the path to the resource.
Using resourceRequest with user authentication
To successfully request a resource for a specific user, the client credentials must be valid and the user must have a valid access token. In other words, the user must be logged in before a resource call can be made on their behalf. This type of resource request should be used to fetch sensitive data that requires user authentication, like account details and transaction history.
After user authentication, a resource can be fetched as follows:
const baseUrl = await OnewelcomeSdk.getResourceBaseUrl();
const details = {
path: baseUrl + 'user-id-decorated',
method: ResourceMethod.GET
}
OneWelcomeSdk.resourceRequest('User', details)
.then((data) => {
console.log('Resources request succeed! ', data)
})
.catch(error => {
console.log('Resources request failed!: ', error.message)
})
Using resourceRequest with implicit authentication
Before fetching an implicit resource, the user must be implicitly authenticated.
const baseUrl = await OnewelcomeSdk.getResourceBaseUrl();
const details = {
path: baseUrl + 'user-id-decorated',
method: ResourceMethod.GET
}
OneWelcomeSdk.resourceRequest('Implicit', details)
.then((data) => {
console.log('Resources request succeed! ', data)
})
.catch(error => {
console.log('Resources request failed!: ', error.message)
})
Using resourceRequest with anonymous authentication
A device can use its OAuth credentials to authenticate itself with the IDAAS-core and obtain an access token. An anonymous resource call can be used in cases where a user does not need to be logged in or even registered in order to use certain functionality, or access some resource.
const baseUrl = await OnewelcomeSdk.getResourceBaseUrl();
const details = {
path: baseUrl + 'user-id-decorated',
method: ResourceMethod.GET
}
OneWelcomeSdk.resourceRequest('Anonymous', details)
.then((data) => {
console.log('Resources request succeed! ', data)
})
.catch(error => {
console.log('Resources request failed!: ', error.message)
})
