Skip to main content
Check out our end-to-end guide on how to implement app verification with push notifications.

Adding a credential

Adding a push credential generates a private/public key pair, where the private key is secured on the user’s mobile device and the public key is held by Authsignal. This operation must be authorized with a short-lived token, which can be obtained by tracking an action from your backend in an authenticated context. 
await authsignal.push.addCredential(token: "eyJhbGciOiJ...")

Parameters

token
string
A short-lived token obtained by tracking an action.

Response

response
AuthsignalResponse<AppCredential>

Getting a credential

Get information about the push credential stored on the device, if one exists. 
let response = await authsignal.push.getCredential()

Response

response
AuthsignalResponse<AppCredential>

Removing a credential

await authsignal.push.removeCredential()

Response

response
AuthsignalResponse<boolean>

Getting a challenge

let response = await authsignal.push.getChallenge()

if let error = result.error {
    // The credential stored on the device is invalid
} else if let challenge = result.data {
    // A pending challenge request is available
    // Present the user with a prompt to approve or deny the request
    let challengeId = challenge.challengeId
} else {
    // No pending challenge request
}

Response

response
AuthsignalResponse<DeviceChallenge>

Updating a challenge

After presenting the user with a prompt to approve or reject the request, you should update the challenge with their response. 
await authsignal.push.updateChallenge(
    challengeId: challengeId,
    approved: true
)

Response

response
AuthsignalResponse<boolean>

Requiring user authentication

When adding a credential for push verification, it is possible to require that the user authenticate via their OS biometrics or PIN whenever they access the credential (e.g. when approving or rejecting a challenge).

iOS

To require user authentication on iOS, set the userPresenceRequired flag to true when adding the credential. 
await authsignal.push.addCredential(
    token: token,
    userPresenceRequired: true
)
This is all that’s needed - iOS will automatically handle displaying the biometrics or PIN prompt when updating a challenge or verifying a device.

Android

To require user authentication on Android, set the userAuthenticationRequired flag to true when adding the credential. 
authsignal.push.addCredential(
    token = token,
    userAuthenticationRequired = true
)
It’s also possible to specify additional user authentication parameters. 
authsignal.push.addCredential(
    token = token,
    userAuthenticationRequired = true,
    timeout = 60,
    authorizationType = 0
)
The timeout param determines the time (in seconds) that the credential can be accessed after authenticating - or 0 if authentication must occur for every credential use. The authorizationType param determines if authentication is required via biometrics and/or device credential (e.g. pin). If user authentication is required for a credential, you must call updateChallenge in a biometric prompt authentication callback.
  1. Initialize a signature before displaying the biometric prompt
val signature = authsignal.push.startSigning()

val cryptoObject = CryptoObject(signature)

// Initialize biometric prompt and prompt info
val biometricPrompt = ...
val promptInfo = ...

biometricPrompt.authenticate(promptInfo, cryptoObject);
  1. Retrieve the signature from the crypto object in your prompt’s authentication callback
override fun onAuthenticationSucceeded(result: AuthenticationResult) {
    super.onAuthenticationSucceeded(result)

    val cryptoObject = result.cryptoObject
    val signer = cryptoObject.signature

    authsignal.push.updateChallenge(
        challengeId = challengeId,
        approved = true,
        signer = signer
    )
}