login(withRequest)

Breaking changes for 8.0.0, please read.

Breaking changes for iOS 8.0.0

There are several updates with the iOS 8.0.0 release which are considered breaking. Read the following for an overview of the changes.

mfaStart(WithStepUp) is now an enum

  • You must specify the type (AuthTokenFlow or LoginFlow).

  • The AuthToken parameter in AuthTokenFlow is now mandatory.

LoginFlow response for loginWithPassword and login(withRequest)

You should be able to handle both AchievedLogin (success) and OngoingStepUp (step-up required).

When the response is OngoingStepUp, you must call mfaStart(Registering credential) and mfaVerify(Credential) to complete the step-up flow.

Implications for integration

  • Update Your Code: Adjust your function calls and ensure your app logic handles the new LoginFlow enum response.

  • Prepare for MFA: Implement any necessary handlers for OngoingStepUp to manage the step-up authentication flows.

  • Review AuthToken Handling: Since AuthToken is now mandatory for certain flows, ensure your code retrieves and manages it appropriately.

AppDelegate.reachfive().login(
    withRequest,
    usingModalAuthorizationFor,
    display
)

Description

Logs the user in using credentials stored in the keychain. The system displays all available credentials in a modal sheet. Credentials can be any combination of passwords, passkeys, or Sign in with Apple.

In the case where step-up authentication is required, loginWithRequest returns an OngoingStepUp response.

Usage

Start this request in response to a user interaction. Setting the parameter display to .Always works best.

Alternatively, start the request automatically early in a view lifecycle (e.g., in viewDidAppear) or during the application launch. Prefer setting display to .IfImmediatelyAvailableCredentials for this use case.

Examples

AppDelegate
    .reachfive()
    .login(withRequest: NativeLoginRequest(anchor: window), usingModalAuthorizationFor: [.Passkey, .Password, .SignInWithApple], display: .IfImmediatelyAvailableCredentials)

    // get auth token on success
    .onSuccess { authToken in
    }
    .onFailure { error in
        switch error {
        case .AuthCanceled: return // No credentials are available. If called at app launch, do nothing. If called in `viewDidAppear`, presents other options for the user to login.
        default: return // Real failure.
        }
    }

Parameters

Parameter Description

withRequest NativeLoginRequest

Object containing parameters to send along with the request.

Object parameters:

  • anchor: The view to which the credential provider attaches its UI if it requires user interaction.

  • originWebAuthn: The origin of the webauthn call.

  • scopes: The scopes granted to the profile.

  • origin: The origin of the call. This helps categorize inbound traffic.

usingModalAuthorizationFor

An array of types of credential to unlock. Any combination of .Password, .Passkey and SignInWithApple.

display

Choice of behaviour when there are no credentials available.

options

  • Always: Depending on the type of credential:

    • .Passkey: the system presents a QR code to allow signing in with a passkey from a nearby device.

    • .SignInWithApple: a signup sheet appears.

    • .Password: no UI appears.

  • IfImmediatelyAvailableCredentials: No UI appears and the call ends in ReachFiveError.AuthCanceled which you can intercept and react to (e.g., display other login options).

Response

Type: Future<LoginFlow.AchievedLogin | OngoingStepUp, ReachFiveError>

If the credentials are valid, the promise returns the profile’s authentication token or continues the step-up process depending on the flow. Otherwise it is rejected and returns a ReachFiveError.

AchievedLogin

Returns the authentication token.

idToken

The ID token JSON Web Token (JWT) that contains the profile’s information. This is only available when the openid scope is requested.

accessToken

The authorization credential JSON Web Token (JWT) used to access the ReachFive API.

refreshToken

The refresh token JSON Web Token (JWT) used to obtain new access tokens once they expire. This is only available when the offline_access scope is requested.

tokenType

The type of token. Always equal to Bearer.

expiresIn

The lifetime in seconds of the access token.

If expiresIn is less than or equal to 0, the AuthToken is expired.

user OpenIDUser

The user’s information contained in the ID token.

id string

The identifier of the user.

name string

The full name of the user in displayable form including all name parts, possibly including titles and suffixes, ordered according to the user’s locale and preferences.

preferredUsername string

The shorthand name by which the user wishes to be referred to.

givenName string

The given name or first name of the user.

familyName string

The surname or last name of the user.

middleName string

The middle name of the user.

nickname string

The casual name of the user that may or may not be the same as the givenName

picture string

The URL of the user’s profile picture.

website string

The URL of the user’s web page or blog.

email string

The user’s preferred e-mail address.

emailVerified boolean

True if the user’s e-mail address has been verified; otherwise false.

gender string

The user’s gender.

zoneinfo string

The string from zoneinfo time zone database representing the user’s time zone.

locale string

The user’s language code in lowercase and country code in uppercase, separated by a dash.

phoneNumber string

The user’s preferred telephone number.

phoneNumberVerified boolean

true if the user’s phone number has been verified; otherwise false.

address string

The user’s preferred postal address.

OngoingStepUp

Field Description

token string

The token obtained after initiating the step-up flow.

availableMfaCredentialItemTypes [MfaCredentialItemType]

The MFA credential type such as email or sms.

ReachFiveError

Based on the problem, the ReachFiveError will be:

  • AuthCanceled: The user cancelled the request or no credential was available in the keychain.

  • RequestError(apiError: ApiError) for a Bad Request (status 400) error.

  • AuthFailure(reason: String, apiError: ApiError?) mainly for Unauthorized (status 401) error.

  • TechnicalError(reason: String, apiError: ApiError?) if it’s an Internal Server Error (status 500) or other internal errors.

ApiError

error string

The main error message.

errorId string

The identifier of the error.

errorUserMsg string

The user-friendly error message.

This property is translated according to the user’s OS and app settings. Currently supported languages:
Currently supported languages

  • ar - العربية Arabic

  • de - Deutsch German

  • en - English

  • es - Español Spanish

  • fr - Français French

  • hu - Magyar Hungarian

  • it - Italiano Italian

  • jp - 日本 Japanese

  • ko - 한국인 Korean

  • nl - Nederlands Dutch

  • pt - Portuguese

  • ru - Ру́сский Russian

  • sk - Slovenský Slovak

  • zh-CN - People’s Republic of China Simplified Chinese

  • zh-Hans - Simplified Chinese

  • zh-Hant - Traditional Chinese

  • zh-HK - Hong Kong Traditional Chinese

  • zh-MO - Macao Traditional Chinese

  • zh-SG - Singapore Simplified Chinese

  • zh-TW - Taiwan Traditional Chinese

errorMessageKey string

The error message key.

errorDescription string

The technical error message.

errorDetails FieldError[]

field string

The field concerned by the error.

message string

The message error returned for the field.

code string

The code error returned for the field.