App attestation
This documentation only describes how to configure the SDK for our app attestation feature. If you want to learn about the feature and the full set of implementation requirements, see the main feature documentation:
Supported operations
Attestation can be performed during activation, recovery, or any kind of authentication.
Since a call is made to Apple's servers, the following operations that support app attestation may incur a delay of a few seconds:
FinishActivationFinishAddOrUpdateFinishAuthenticationFinishRecovery
How to configure App Attest
To use our app attestation feature, you need to:
Configure the mobile SDK
No mobile SDK configuration is required.
To use App Attest, you need to configure the application configuration. Once you have done this, the server will start requesting the SDK to attest the application.
Configure the application configuration
The process for configuring the application configuration varies depending on whether you are a MobileID customer or an Encap SCA customer.
You can use the buttons below to learn how to configure the application configuration for the different products.
How to test App Attest
Performing a successful test
- Configure the server with the following settings:
"ATTESTATION_IOS_APP_ATTEST_MODE": "REQUIRED"
"ATTESTATION_IOS_APP_ATTEST_ENVIRONMENT": "DEVELOPMENT" - Launch Xcode, then connect a physical device and run the project on it.
- Upon testing, you should be able to perform activations (registrations/enrolments) and authentications successfully without encountering any errors.
Performing a negative test
- Configure the server with the following settings:
"ATTESTATION_IOS_APP_ATTEST_MODE": "REQUIRED"
"ATTESTATION_IOS_APP_ATTEST_ENVIRONMENT": "DEVELOPMENT" - Launch Xcode, then connect a simulator and run the project on it.
- Upon testing, you will encounter an error when attempting to perform an an activation (registration/enrolment):
Error Code: 282 - AppAttest Attestation failed because device does not support App Attest.
Error codes
The table below illustrates error codes related to App Attest if the attestation mode is set to REQUIRED. If the attestation mode is set to OFF or OPTIONAL, then no new error codes are introduced.
You can find the corresponding error descriptions in our SDK error codes documentation.
Do not activate or authenticate multiple controllers concurrently if not required, as doing this might cause the attest operations to fail.