Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt

Use this file to discover all available pages before exploring further.

Check out our end-to-end guide on how to implement app verification with QR codes.

Adding a credential

Adding a QR code credential generates a private/public key pair, where the private key is secured on the user’s mobile device and the public key is held by Authsignal. This operation must be authorized with a short-lived token, which can be obtained by tracking an action from your backend in an authenticated context. 
await authsignal.qr.addCredential(token: "eyJhbGciOiJ...")

Parameters

token
string
A short-lived token obtained by tracking an action.

Response

response
AuthsignalResponse<AppCredential>

Getting a credential

Get information about the QR code credential stored on the device, if one exists. 
let response = await authsignal.qr.getCredential()

Response

response
AuthsignalResponse<AppCredential>

Removing a credential

await authsignal.qr.removeCredential()

Response

response
AuthsignalResponse<boolean>

Claiming a challenge

When the user scans the QR code, you should call claimChallenge to set the user attempting to complete the challenge. This will return some context about the desktop or kiosk device initiating the challenge such as ip address, location, user agent and custom data. This data can be shown to the user to help them decide if they want to approve or decline the challenge. 
await authsignal.qr.claimChallenge(
    challengeId: challengeId
)

Response

response
AuthsignalResponse<ClaimChallengeResponse>

Updating a challenge

After presenting the user with a prompt to approve or reject the request, you should update the challenge with their response. 
await authsignal.qr.updateChallenge(
    challengeId: challengeId,
    approved: true
)

Response

response
AuthsignalResponse<boolean>

Requiring user authentication

When adding a credential for QR code verification, it is possible to require that the user authenticate via their OS biometrics or PIN whenever they access the credential (e.g. when approving or rejecting a challenge).

iOS

To require user authentication on iOS, set the userPresenceRequired flag to true when adding the credential. 
await authsignal.push.addCredential(
    token: token,
    userPresenceRequired: true
)
This is all that’s needed - iOS will automatically handle displaying the biometrics or PIN prompt when updating a challenge or verifying a device.

Android

To require user authentication on Android, set the userAuthenticationRequired flag to true when adding the credential. 
authsignal.push.addCredential(
    token = token,
    userAuthenticationRequired = true
)
It’s also possible to specify additional user authentication parameters. 
authsignal.push.addCredential(
    token = token,
    userAuthenticationRequired = true,
    timeout = 60,
    authorizationType = 0
)
The timeout param determines the time (in seconds) that the credential can be accessed after authenticating - or 0 if authentication must occur for every credential use. The authorizationType param determines if authentication is required via biometrics and/or device credential (e.g. pin). If user authentication is required for a credential, you must call updateChallenge in a biometric prompt authentication callback.
  1. Initialize a signature before displaying the biometric prompt
val signature = authsignal.push.startSigning()

val cryptoObject = CryptoObject(signature)

// Initialize biometric prompt and prompt info
val biometricPrompt = ...
val promptInfo = ...

biometricPrompt.authenticate(promptInfo, cryptoObject);
  1. Retrieve the signature from the crypto object in your prompt’s authentication callback
override fun onAuthenticationSucceeded(result: AuthenticationResult) {
    super.onAuthenticationSucceeded(result)

    val cryptoObject = result.cryptoObject
    val signer = cryptoObject.signature

    authsignal.push.updateChallenge(
        challengeId = challengeId,
        approved = true,
        signer = signer
    )
}