App transaction
Use case
You are looking for a secure way for your end-users to access or update information in your mobile app. You want to achieve this whilst still offering a positive and seamless user experience for your end-users.
How it works
Meet Jane, one of your active end-users who has activated MobileID in your mobile app. Jane has forgotten her credit card PIN and is about to use your mobile app to view her PIN.
- To do this, Jane opens and logs in to your mobile app.
- Jane navigates to the place where she can view her credit card PIN in your mobile app.
- Jane clicks on a button to view her credit card PIN.
- Jane authenticates herself using biometrics.
Jane has now securely authenticated herself with two-factor authentication and your app displays her credit card PIN.
What it looks like
The following diagram illustrates what an app transaction could look like with MobileID, from the perspective of your end-user.
Diagram showing end-user flow for app transaction
Implementation
This flow assumes that you are using MobileID and that the end-user has an active MobileID user and device.
The following flow is a suggestion on how to implement MobileID for app transactions for viewing a PIN:
- The end-user navigates in your mobile app and clicks on view PIN.
- The mobile app triggers a request to your backend for viewing their PIN.
- Your server looks up the end-users PIN.
- Your server triggers a MobileID authentication for the end-user; setting the PIN as the post-operation context.
- The end-user authenticates using biometrics or a PIN.
- MobileID verifies the authentication and sends a response to your server and app; confirming the authentication. The response to your app contains the post-operation context with the PIN.
- Your mobile app receives the PIN and displays it to the end-user.
Using MobileID for app login is a straightforward and effective way to provide your end-users with a secure and seamless login experience.
Sequence diagram
Sequence diagram showing app transaction