Signicat offers a mobile SDK to easily connect iOS devices to the Signicat Identity Broker. The following page will describe how to integrate the iOS SDK in your application.


The requirements for the iOS SDK are:
  • minimum iOS version: 11
  • The target phone's default browser must support cookies, otherwise a browser that supports cookies must be set as default

Quick start

To start using the iOS SDK:
  • include the "ios-sdk-${version}" library in your project
  • set up universal links by following the next section
The iOS SDK uses universal links as a mechanism for connecting to the broker. For this reason, an universal link configuration needs to be set up on your tenant. This can be easily configured from the UI by filling in the iOS App Id under your service provider configuration.
Once the configuration is done, you can view the result at:
This will take care of the web server configuration. Now in order for your app to work you will need to configure it to handle these URLs.
First step is to add the tenant domain to your associated domains. Afterwards you will need to configure your app delegate to handle URLs and to call
ConnectisSDK.continueLogin(userActivity: userActivity)
Some URL filtering is recommended to make sure that the SDK will receive only the desired URLs, otherwise it will fail.
Please keep in mind that due to the internal working of iOS redirecting from the browser inside the same domain does not work, so for the Web Login flow a subdomain or different domain is required to host the return universal link as it can be seen in the demo application.


The iOS SDK offers 3 basic methods that can be called from the base class: "ConnectisSDK".


func logIn(sdkConfiguration: ConnectisSDKConfiguration,
caller: UIViewController,
delegate: AuthenticationResponseDelegate,
allowDeviceAuthentication: Bool = false,
errorResponseDelegate: ErrorResponseDelegate? = nil
Where ConnectisSDKConfiguration is a basic data class:
public struct ConnectisSDKConfiguration {
public var issuer: String
public var clientID: String
public var redirectURI: String
public var scopes: String?
public var brokerAppAcs: String?
public var brokerDigidAppAcs: String?
public var loginFlow: LoginFlow
public init(issuer: String, clientID: String, redirectURI: String,
scopes: String?, brokerAppAcs: String? = nil,
brokerDigidAppAcs: String? = nil ,loginFlow: LoginFlow = LoginFlow.WEB) {
self.issuer = issuer
self.clientID = clientID
self.redirectURI = redirectURI
self.scopes = scopes
self.brokerAppAcs = brokerAppAcs
self.brokerDigidAppAcs = brokerDigidAppAcs
self.loginFlow = loginFlow
and AuthenticationResponseDelegate is a protocol where you can handle the response:
public protocol AuthenticationResponseDelegate: class {
func handleResponse(authenticationResponse: AuthenticationResponse)
func onCancel()
the AuthenticationResponse is the class you will receive after a login was made in the CIB.
public struct AuthenticationResponse {
public var isSuccess: Bool
public var error: Error?
public var nameIdentifier: String?
public var attributes: [Attribute]?
Properties definition:
  • issuer - the endpoint of the CIB that you want to connect to. Given by Connectis Technical Support.
  • clientId - the client-id that you provided to Connectis Technical Support.
  • redirectUri - must be set to the universal link value
  • scopes - can be set if you want to do idp scoping (bypass the idp selection screen or for app2app)
  • brokerAppAcs - must be set for app2app openid: broker endpoint for processing app2app openid flows
  • brokerDigidAppAcs - must be set for app2app DigID: broker endpoint for processing app2app DigID flow
  • loginFlow - can be set to either WEB or APP_TO_APP, default is WEB
  • caller - The activity context where you call the ConnectisSDK from
  • delegate - your implementation of the AuthenticationResponseDelegate interface
  • errorResponseDelegate - optional implementation for handling errors (if none is provided, exceptions will be logged)
  • allowDeviceAuthentication - true if you wish to enable device authentication in your application, false otherwise

OpenId Access Token

The API provides access to a valid OpenId access token
func useAccessToken(caller: UIViewController,
delegate: AccessTokenDelegate
where AccessTokenDelegate is a protocol:
public protocol AccessTokenDelegate: class {
func handleAccessToken(accessToken: Token)
func onError(errorMessage: String)
Note: for security reasons, the OpenId Access Token should be treated as a secret in the software.

Device Authentication

The iOS SDK offers the possibility to authenticate the users, once the user logged in at least once, using the mobile phone device authentication supported methods(face unlock, fingerprint, pin code)
To enable the device authentication flow call the following method after the user logged in using the CIB:
func enableDeviceAuthentication(delegate: DeviceAuthenticationResponseDelegate)
If you wish to disable the device authentication you can call the following function:
func disableDeviceAuthentication()