Developer Pages

# iOS

Signicat offers a mobile SDK to easily connect iOS devices to the Signicat Identity Broker. The following page will describe how to integrate the iOS SDK in your application.

# Requirements

The requirements for the iOS SDK are:

  • minimum iOS version: 11
  • The target phone's default browser must support cookies, otherwise a browser that supports cookies must be set as default

# Quick Start

To start using the iOS SDK:

  • include the "ios-sdk-${version}" library in your project
  • set up universal links by following the next section

The iOS SDK uses universal links as a mechanism for connecting to the broker. For this reason, a universal link configuration needs to be set up on your tenant. This can be easily configured from the UI by filling in the iOS App ID under your service provider configuration.

Once the configuration is done, you can view the result at:

https://<YOUR_TENANT_DOMAIN>/apple-app-site-association

This will take care of the web server configuration. Now in order for your app to work you will need to configure it to handle these URLs.

First step is to add the tenant domain to your associated domains. Afterwards you will need to configure your app delegate to handle URLs and to call

ConnectisSDK.continueLogin(userActivity: userActivity)

Some URL filtering is recommended to make sure that the SDK will receive only the desired URLs, otherwise it will fail.

Please keep in mind that due to the internal working of iOS redirecting from the browser inside the same domain does not work, so for the Web Login flow a subdomain or different domain is required to host the return universal link as it can be seen in the demo application.

# API

The iOS SDK offers 3 basic methods that can be called from the base class: "ConnectisSDK".

# Login

func logIn(sdkConfiguration: ConnectisSDKConfiguration, 
           caller: UIViewController, 
           delegate: AuthenticationResponseDelegate, 
           allowDeviceAuthentication: Bool = false,
           errorResponseDelegate: ErrorResponseDelegate? = nil
)

Where ConnectisSDKConfiguration is a basic data class:

public struct ConnectisSDKConfiguration {
    public var issuer: String
    public var clientID: String
    public var redirectURI: String
    public var scopes: String?
    public var brokerAppAcs: String?
    public var brokerDigidAppAcs: String?
    public var loginFlow: LoginFlow
    
    public init(issuer: String, clientID: String, redirectURI: String, 
    scopes: String?, brokerAppAcs: String? = nil, 
    brokerDigidAppAcs: String? = nil ,loginFlow: LoginFlow = LoginFlow.WEB) {
        self.issuer = issuer
        self.clientID = clientID
        self.redirectURI = redirectURI
        self.scopes = scopes
        self.brokerAppAcs = brokerAppAcs
        self.brokerDigidAppAcs = brokerDigidAppAcs
        self.loginFlow = loginFlow
    }

}

and AuthenticationResponseDelegate is a protocol where you can handle the response:

public protocol AuthenticationResponseDelegate: class {
    func handleResponse(authenticationResponse: AuthenticationResponse)
    func onCancel()
}

the AuthenticationResponse is the class you will receive after a login was made in the CIB.

public struct AuthenticationResponse {
    public var isSuccess: Bool
    public var error: Error?
    public var nameIdentifier: String?
    public var attributes: [Attribute]?
}

Properties definition:

  • issuer - the endpoint of the CIB that you want to connect to. Given by Connectis Technical Support.
  • clientId - the client-id that you provided to Connectis Technical Support.
  • redirectUri - must be set to the universal link value
  • scopes - can be set if you want to do idp scoping (bypass the idp selection screen or for app2app)
  • brokerAppAcs - must be set for app2app openid: broker endpoint for processing app2app openid flows
  • brokerDigidAppAcs - must be set for app2app DigID: broker endpoint for processing app2app DigID flow
  • loginFlow - can be set to either WEB or APP_TO_APP, default is WEB
  • caller - The activity context where you call the ConnectisSDK from
  • delegate - your implementation of the AuthenticationResponseDelegate interface
  • errorResponseDelegate - optional implementation for handling errors (if none is provided, exceptions will be logged)
  • allowDeviceAuthentication - true if you wish to enable device authentication in your application, false otherwise

# OpenId Access Token

The API provides access to a valid OpenId access token

func useAccessToken(caller: UIViewController,
                    delegate: AccessTokenDelegate
                    )

where AccessTokenDelegate is a protocol:

public protocol AccessTokenDelegate: class {
    func handleAccessToken(accessToken: Token)
    func onError(errorMessage: String)
}

Note: for security reasons, the OpenId Access Token should be treated as a secret in the software.

# Device Authentication

The iOS SDK offers the possibility to authenticate the users, once the user logged in at least once, using the mobile phone device authentication supported methods(face unlock, fingerprint, pin code)

To enable the device authentication flow call the following method after the user logged in using the CIB:

func enableDeviceAuthentication(delegate: DeviceAuthenticationResponseDelegate)

If you wish to disable the device authentication you can call the following function:

func disableDeviceAuthentication()
Last updated: 3/1/24, 10:39:52 AM UTC