iOS - Signicat Documentation

Signicat offers a mobile SDK to easily connect iOS devices to the Signicat Identity Broker. The following page will describe how to integrate the iOS SDK in your application.
Requirements
The requirements for the iOS SDK are:
minimum iOS version: 11
The target phone's default browser must support cookies, otherwise a browser that supports cookies must be set as default
Quick start
To start using the iOS SDK:
include the "ios-sdk-${version}" library in your project
set up universal links by following the next section
Universal links
The iOS SDK uses universal links as a mechanism for connecting to the broker. For this reason, an universal link configuration needs to be set up on your tenant. This can be easily configured from the UI by filling in the iOS App Id under your service provider configuration.
Once the configuration is done, you can view the result at:
https://YOUR_TENANT_DOMAIN/apple-app-site-association
This will take care of the web server configuration. Now in order for your app to work you will need to configure it to handle these URLs. 
First step is to add the tenant domain to your associated domains. Afterwards you will need to configure your app delegate to handle URLs and to call 
ConnectisSDK.continueLogin(userActivity: userActivity)
Some URL filtering is recommended to make sure that the SDK will receive only the desired URLs, otherwise it will fail.
Please keep in mind that due to the internal working of iOS redirecting from the browser inside the same domain does not work, so for the Web Login flow a subdomain or different domain is required to host the return universal link as it can be seen in the demo application.
API
The iOS SDK offers 3 basic methods that can be called from the base class: "ConnectisSDK".
Login
func logIn(sdkConfiguration: ConnectisSDKConfiguration, 
           caller: UIViewController, 
           delegate: AuthenticationResponseDelegate, 
           allowDeviceAuthentication: Bool = false,
           errorResponseDelegate: ErrorResponseDelegate? = nil
)
Where ConnectisSDKConfiguration is a basic data class:
public struct ConnectisSDKConfiguration {
    public var issuer: String
    public var clientID: String
    public var redirectURI: String
    public var scopes: String?
    public var brokerAppAcs: String?
    public var brokerDigidAppAcs: String?
    public var loginFlow: LoginFlow
    
    public init(issuer: String, clientID: String, redirectURI: String, 
    scopes: String?, brokerAppAcs: String? = nil, 
    brokerDigidAppAcs: String? = nil ,loginFlow: LoginFlow = LoginFlow.WEB) {
        self.issuer = issuer
        self.clientID = clientID
        self.redirectURI = redirectURI
        self.scopes = scopes
        self.brokerAppAcs = brokerAppAcs
        self.brokerDigidAppAcs = brokerDigidAppAcs
        self.loginFlow = loginFlow
    }
​
}
and AuthenticationResponseDelegate is a protocol where you can handle the response:
public protocol AuthenticationResponseDelegate: class {
    func handleResponse(authenticationResponse: AuthenticationResponse)
    func onCancel()
}
the AuthenticationResponse is the class you will receive after a login was made in the CIB.
public struct AuthenticationResponse {
    public var isSuccess: Bool
    public var error: Error?
    public var nameIdentifier: String?
    public var attributes: [Attribute]?
}
Properties definition:
issuer - the endpoint of the CIB that you want to connect to. Given by Connectis Technical Support.
clientId - the client-id that you provided to Connectis Technical Support.
redirectUri - must be set to the universal link value
scopes - can be set if you want to do idp scoping (bypass the idp selection screen or for app2app)
brokerAppAcs - must be set for app2app openid: broker endpoint for processing app2app openid flows
brokerDigidAppAcs - must be set for app2app DigID: broker endpoint for processing app2app DigID flow
loginFlow - can be set to either WEB or APP_TO_APP, default is WEB
caller - The activity context where you call the ConnectisSDK from
delegate - your implementation of the AuthenticationResponseDelegate interface 
errorResponseDelegate - optional implementation for handling errors (if none is provided, exceptions will be logged)
allowDeviceAuthentication - true if you wish to enable device authentication in your application, false otherwise
OpenId Access Token
The API provides access to a valid OpenId access token
func useAccessToken(caller: UIViewController,
                    delegate: AccessTokenDelegate
                    )
where AccessTokenDelegate is a protocol:
public protocol AccessTokenDelegate: class {
    func handleAccessToken(accessToken: Token)
    func onError(errorMessage: String)
}
Note: for security reasons, the OpenId Access Token should be treated as a secret in the software. 
Device Authentication
The iOS SDK offers the possibility to authenticate the users, once the user logged in at least once, using the mobile phone device authentication supported methods(face unlock, fingerprint, pin code)
To enable the device authentication flow call the following method after the user logged in using the CIB:
func enableDeviceAuthentication(delegate: DeviceAuthenticationResponseDelegate) 
If you wish to disable the device authentication you can call the following function:
func disableDeviceAuthentication() 

Android

Next - Signicat Adapters

Web SDK

Last modified 9d ago

Copy link

Outline