# Authentication methods
Page contents
# Overview
Encap supports several different authentication methods. Not every authentication method can be used on every platform.
Below you will find:
- The supported authentication methods for iOS.
- The names of the parameters that you need in order to activate and authenticate with these methods.
Available authentication methods
The number of authentication methods could be limited by:
- The application configuration on the Encap server, identified by the
applicationId
. - The mobile device's hardware.
- The mobile device's state.
The authentication parameter can be one of the following class types:
EncapDeviceAuthParameter
EncapDevicePinAuthParameter
EncapDeviceStrongTouchIDAuthParameter
EncapDeviceFaceIDAuthParameter
Each authentication parameter represents an authentication method, which is defined in the EncapAuthMethod
enum:
EncapAuthMethodDevice
EncapAuthMethodDevicePIN
EncapAuthMethodDeviceStrongTouchID
EncapAuthMethodDeviceFaceID
Deprecation notice
EncapDeviceTouchIDAuthParameter
is deprecated.EncapAuthMethodDeviceTouchID
is deprecated.- The
TouchID
authentication method is not recommended for use anymore. You should useStrongTouchID
instead, which offers more security.
# Biometric authentication methods
You can find the biometric authentication methods available for iOS below:
Name | Description |
StrongTouchID |
|
FaceID |
|
# Useful information
- These methods will only be visible in the available/allowed list of authentication methods if they are supported and enrolled on the device.
- Touch ID and Face ID authentication are disabled system-wide after five consecutive unsuccessful attempts, even when the attempts span multiple evaluation calls. When this happens, the system requires the end-user to enter the passcode for the device to re-enable biometry.
Learn more
You can read more about this topic in the Apple Developer Documentation (opens new window).
- It is only only possible to have one online biometric authentication method activated for a registration. For example,
StrongTouchID
andTouchID
cannot be activated at the same time. StrongTouchID
andFaceID
are ideal to activate together with aPIN
, so that they can be reactivated using theaddOrUpdate
method described in the Add or update section on the Core operations page if activation data is invalidated.
# Available/allowed authentication methods
When initiating an activation or authentication, the server provides you with a set of available/allowed EncapAuthMethod
values to activate or authenticate with:
EncapStartActivationResult.authMethodsForActivation
EncapStartAddOrUpdateResult.authMethodsToActivate
EncapStartResult.authMethodsForAuthentication
If more than one method is available, then the developer or end-user may choose which method to use.
# Server configured authentication methods
The EncapAPI also returns a raw list of server-configured authentication methods during the initial activation and in AddOrUpdateAuthMethod
results:
EncapStartActivationResult.serverConfiguredAuthMethods
EncapStartAddOrUpdateResult.serverConfiguredAuthMethodsToActivate
The format will be the same as the configuration on Encap Server, for example: DEVICE:PIN
, DEVICE:STRONG_TOUCH_ID
, DEVICE:IOS_FACE_ID
.
It will also contain authentication methods for other platforms, such as Android.