In-app verification

Check out our end-to-end guide on how to implement in-app verification.

Adding a credential

Adding an in-app credential generates a private/public key pair, where the private key is secured on the user’s mobile device and the public key is held by Authsignal. This operation must be authorized with a short-lived token, which can be obtained by tracking an action from your backend in an authenticated context.

await authsignal.inapp.addCredential(token: "eyJhbGciOiJ...")

Parameters

token

string

A short-lived token obtained by tracking an action.

Response

response

AuthsignalResponse<AppCredential>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

errorCode

string

A formatted error code which may additionally be present if the SDK call encountered an error. Possible values are: token_not_set, expired_token or network_error.

data

AppCredential | null

Show properties

credentialId

string

required

The ID of the app credential.

createdAt

string

required

The date and time the app credential was created.

userId

string

required

The user ID of the user that the app credential belongs to.

Getting a credential

Get information about the in-app credential stored on the device, if one exists.

let response = await authsignal.inapp.getCredential()

Response

response

AuthsignalResponse<AppCredential>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error.

errorCode

string

A formatted error code which may additionally be present if the SDK call encountered an error. Possible values are: invalid_credential when the credential exists on the device but has been removed from the server.

data

AppCredential

Show properties

credentialId

string

required

The ID of the app credential.

createdAt

string

required

The date and time the app credential was created.

lastAuthenticatedAt

string

The date and time the app credential was last used for authentication. Will be null if the credential has never been used.

userId

string

required

The user ID of the user that the app credential belongs to.

Removing a credential

await authsignal.inapp.removeCredential()

Response

response

AuthsignalResponse<boolean>

Show properties

error

string

An unstructured error description present if the SDK call encountered an error. This could occur if the credential on the device is no longer valid because the corresponding user authenticator has been deleted in the Authsignal Portal.

data

boolean

True if the app credential was successfully removed.

Verifying an action

Verify an action in your app using the credential stored securely on the device.

let response = await authsignal.inapp.verify()

let token = response.data?.token

Response

response

AuthsignalResponse<VerifyDeviceResponse>

Show properties

error

string

data

VerifyDeviceResponse

Show properties

token

string

required

A token which can be used for server-side validation.

userId

string

required

The user ID of the user that the device credential belongs to.

userAuthenticatorId

string

required

The user authenticator ID that the device credential belongs to.

username

string

The username of the user that the device credential belongs to.

Server

Client

Adding a credential

Parameters

Response

Getting a credential

Response

Removing a credential

Response

Verifying an action

Response

Server

Client

​Adding a credential

​Parameters

​Response

​Getting a credential

​Response

​Removing a credential

​Response

​Verifying an action

​Response

Adding a credential

Parameters

Response

Getting a credential

Response

Removing a credential

Response

Verifying an action

Response