You can also use our SDK to help determine when to display a passkey creation prompt based on whether or not the user has an existing passkey available on their device.
Copy
Ask AI
let showPrompt = await authsignal.passkey.shouldPromptToCreatePasskey()if showPrompt { let response = await authsignal.passkey.signUp( token: "eyJhbGciOiJIUzI....", username: "jane@authsignal.com", ignorePasskeyAlreadyExistsError: true, )}
A formatted error code which may additionally be present if the SDK call encountered an error.
Possible values are: token_not_set, expired_token, network_error or user_canceled.
Calling signIn will present the passkey sign-in prompt if a credential is available on the device.
If the user successfully authenticates with their passkey, send the result token to your server to validate the challenge.
Copy
Ask AI
let response = await authsignal.passkey.signIn(action: "signInWithPasskey")if let token = response.data?.token { // Send token to your backend for validation}
Because some users may not have a passkey available, you can conditionally present a fallback authentication method by handling error codes returned by the SDK.
A string which determines how the action associated with the passkey sign-in attempt will be named
in the Authsignal Portal. Values are validated with the following
regex: ^[a-zA-Z0-9_-]{(1, 64)}$.
If set to true, the passkey prompt will not be shown when no credentials are available on the
device and an error code will be
returned.
Defaults to true. Set this to false if you want to support signing in with credentials on another
device via QR code.
A formatted error code which may additionally be present if the SDK call encountered an error.
Possible values are: user_canceled or no_credential (Android only). These values can be
used to handle if a passkey is not available on the
device.
Passkeys are supported from iOS 15 and Android API level 28 or higher.You can detect whether or not the current device supports passkeys by using the isSupported helper method.
This feature requires rendering a text field with the textContentType property.
Copy
Ask AI
userTextField.textContentType = .username
Then when the screen loads, you should initialize the text field for passkey autofill by running the following code.
Copy
Ask AI
let result = await authsignal.passkey.signIn( action: "signInWithPasskeyAutofill", autofill: true)if let token = result.data?.token { // The user has focused your text input and authenticated with an existing passkey // Send the response token to your server to validate the result of the challenge}
The mobile SDK’s device credential authentication methods can be used to respond to authentication requests using public key cryptography. For more details of the different use cases, see the Device credential authentication method documentation.
Adding a device credential generates a private/public key pair, where the private key is secured on the user’s mobile device and the public key is held by Authsignal.This operation must be authorized with a short-lived token, which can be obtained by tracking an action from your backend in an authenticated context.
A formatted error code which may additionally be present if the SDK call encountered an error.
Possible values are: token_not_set, expired_token or network_error.
A formatted error code which may additionally be present if the SDK call encountered an error.
Possible values are: invalid_credential when the credential exists on the device but has
been removed from the server.
An unstructured error description present if the SDK call encountered an error. This could
occur if the credential on the device is no longer valid because the corresponding user
authenticator has been deleted in the Authsignal Portal.
let response = await authsignal.device.getChallenge()if let error = result.error { // The credential stored on the device is invalid} else if let challenge = result.data { // A pending challenge request is available // Present the user with a prompt to approve or deny the request let challengeId = challenge.challengeId} else { // No pending challenge request}
An unstructured error description present if the SDK call encountered an error. This could
occur if the credential on the device is no longer valid because the corresponding user
authenticator has been deleted in the Authsignal Portal.
When the user scans the QR code, you should call claimChallenge to set the user attempting to complete the challenge. This will return some context about the desktop or kiosk device initiating the challenge such as ip address, location, user agent and custom data. This data can be shown to the user to help them decide if they want to approve or decline the challenge.
An unstructured error description present if the SDK call encountered an error. This could
occur if the credential on the device is no longer valid because the corresponding user
authenticator has been deleted in the Authsignal Portal.
An unstructured error description present if the SDK call encountered an error. This could
occur if the credential on the device is no longer valid because the corresponding user
authenticator has been deleted in the Authsignal Portal.
An unstructured error description present if the SDK call encountered an error. This could
occur if the credential on the device is no longer valid because the corresponding user
authenticator has been deleted in the Authsignal Portal.
When adding a device credential, it is possible to require that the user authenticate via their OS biometrics or PIN whenever they access the credential (e.g. when approving or rejecting a device challenge).
The timeout param determines the time (in seconds) that the credential can be accessed after authenticating - or 0 if authentication must occur for every credential use.
The authorizationType param determines if authentication is required via biometrics and/or device credential (e.g. pin).If user authentication is required for a credential, you must call updateChallenge in a biometric prompt authentication callback.
Initialize a signature before displaying the biometric prompt
Copy
Ask AI
val signature = authsignal.device.startSigning()val cryptoObject = CryptoObject(signature)// Initialize biometric prompt and prompt infoval biometricPrompt = ...val promptInfo = ...biometricPrompt.authenticate(promptInfo, cryptoObject);
Retrieve the signature from the crypto object in your prompt’s authentication callback
Copy
Ask AI
override fun onAuthenticationSucceeded(result: AuthenticationResult) { super.onAuthenticationSucceeded(result) val cryptoObject = result.cryptoObject val signer = cryptoObject.signature authsignal.device.updateChallenge( challengeId = challengeId, approved = true, signer = signer )}
Start enrollment for a new email OTP authenticator by sending the user an email containing an OTP code.This method is typically used when you’ve not yet verified the user’s email address.
If you’ve already verified a user’s email address independently of Authsignal, you can
alternatively use a Server SDK to enroll the user
programmatically.
Start enrollment for a new SMS OTP authenticator by sending the user an SMS containing an OTP code.This method is typically used when you’ve not yet verified the user’s phone number.
If you’ve already verified a user’s phone number independently of Authsignal, you can
alternatively use a Server SDK to enroll the user
programmatically.
Start enrollment for a new TOTP authenticator by generating a QR code to display to the user.
Copy
Ask AI
let response await authsignal.totp.enroll()if let data = response.data { let uri = data.uri // Convert to QR code let secret = data.secret // Can be entered manually}
When using mobile SDK methods for email OTP, SMS OTP, WhatsApp OTP or authenticator app (TOTP) you must first track an action using a Server SDK or the Server API to generate a time-limited token (valid for 10 minutes by default).
For enrollment flows, you must also specify the scope add:authenticators when tracking the
action if the user already has an existing authenticator. For more detail refer to our guide on
how to ensure a strong binding when adding
authenticators.
Then you can use the SDK’s setToken method.
You must use the same token for the initial enroll/challenge call and the subsequent verify call.
Copy
Ask AI
authsignal.setToken("eyJhbGciOiJ...")// Send the user a WhatsApp OTP code// You can call this multiple times via a 'resend' buttonawait authsignal.whatsapp.challenge()// Verify the inputted code matches the original codelet response = await authsignal.whatsapp.verify(code: "123456")
A code which identifies a specific error state. This value can be used to drive application logic
such as handling when a passkey is not available on the
device.
Indicates that the user dismissed the passkey sign-in prompt. On iOS this may also indicate that
the user has no passkey credential available on the device.
Indicates that an error occurred when creating a passkey because Authsignal has a record of an
existing passkey credential and the platform has determined that it is available on the user’s
device. This error will be ignored if ignorePasskeyAlreadyExistsError is set to true when
creating a passkey.
