Skip to main content

Authentication methods

Encap supports several different authentication methods. Not every authentication method can be used on every platform.

Below you will find:

  • The supported authentication methods for iOS.
  • The names of the enum cases that you need in order to activate and authenticate with these methods.
Available authentication methods

The number of authentication methods could be limited by:

  • The application configuration on the Encap server, identified by the applicationId.
  • The mobile device's hardware.
  • The mobile device's state.

The supported authentication method can be one of the following enum cases found in AuthMethod:

  • .device
  • .pin(value: String)
  • .strongTouchID(prompt: String?)
  • .faceID
  • .serverSideFace(faceScanData: FaceScanData?)
    Face scan requires additional configuration

    When using the .serverSideFace(faceScanData: FaceScanData?) method, you need to undertake additional steps to correctly configure and implement face authentication.

    To learn how to do this, see our Face authentication feature documentation.

Biometric authentication methods

You can find the biometric authentication methods available for iOS below:

Useful information

  • These methods will only be visible in the available/allowed list of authentication methods if they are supported and enrolled on the device.
  • Touch ID and Face ID authentication are disabled system-wide after five consecutive unsuccessful attempts, even when the attempts span multiple evaluation calls. When this happens, the system requires the end-user to enter the passcode for the device to re-enable biometry.
    Want to learn more ?

    To learn more, see the Apple Developer Documentation.

  • Touch ID (strongTouchID) and Face ID (faceID) are ideal to activate together with a PIN, so that they can be reactivated using the addOrUpdate method if activation data is invalidated.
    Want to to learn more?

    To learn more, see the Add or update section on the Core operations page.

Available/allowed authentication methods

When initiating an activation or authentication, the server provides you with a set of available/allowed AuthMethod values to activate or authenticate with:

  • StartActivationResult.authMethodsForActivation
  • StartAddOrUpdateResult.authMethodsToActivate
  • StartResult.authMethodsForAuthentication

If more than one method is available, then the developer or end-user may choose which method to use.

Server configured authentication methods

The SDK also returns a raw list of server-configured authentication methods during the initial activation and in addOrUpdate results:

  • StartActivationResult.serverConfiguredAuthMethods
  • StartAddOrUpdateResult.serverConfiguredAuthMethodsToActivate

The format will be the same as the configuration on Encap Server, for example: DEVICE:PIN, DEVICE:STRONG_TOUCH_ID, DEVICE:IOS_FACE_ID.

It will also contain authentication methods for other platforms, such as Android.

On this page