Offline authentication
About offline authentication
Our offline authentication feature allows you to authenticate the end-user, even if the mobile device is offline.
How does offline authentication work?
From a mobile client perspective, the flow to perform an offline authentication could be as follows:
Flow part 1: Mobile app
- Activate the desired offline authentication method using our
addOrUpdateoperation. - Authenticate with online authentication method.
- Activate offline authentication method.
Flow part 2: Service provider
- Start an offline authentication session.
- Present the verification data (containing a challenge and context) to the end-user. For example, in a QR code on a website.
Flow part 3: Mobile app
- Scan the QR code and call
startOfflineAuthentication(verificationData).EncapController.shared.startOfflineAuthentication(verificationData: "VerificationData/String from QR code") { startResult in
switch startResult {
case .success(let startOfflineAuthResult):
// Success
case .failure(let error):
// Error
}
} - Retrieve the
contextandauthMethodfromStartOfflineAuthenticationResult. - Display the
contextand callfinishOfflineAuthenticationto let the end-user authenticate, using theauthMethodfromstartResult. - If
finishOfflineAuthenticationis successful, then display the one-time password fromFinishOfflineAuthenticationResultand let the end-user enter it in the website.EncapController.shared.finishOfflineAuthentication(withAuthMethod: .offlineDevice) { finishResult in
switch finishResult {
case .success(let finishOfflineAuthResult):
// Success
case .failure(let errorResult):
// Error
}
}
Additional information
- It is possible to select a different PIN for
AuthMethod.offlinePinandAuthMethod.pin. - It is only possible to add offline
authMethodsone at a time with theaddOrUpdateoperation, not during the initial activation.
Supported Offline auth parameters
AuthMethod.offlineDeviceAuthMethod.offlinePin(value: String)AuthMethod.offlineStrongTouchID(prompt: String?)AuthMethod.offlineFaceID