mfaStart(WithStepUp)

Breaking changes for 8.0.0, please read.

Breaking changes for iOS 8.0.0

There are several updates with the iOS 8.0.0 release which are considered breaking. Read the following for an overview of the changes.

mfaStart(WithStepUp) is now an enum

  • You must specify the type (AuthTokenFlow or LoginFlow).

  • The AuthToken parameter in AuthTokenFlow is now mandatory.

LoginFlow response for loginWithPassword and login(withRequest)

You should be able to handle both AchievedLogin (success) and OngoingStepUp (step-up required).

When the response is OngoingStepUp, you must call mfaStart(Registering credential) and mfaVerify(Credential) to complete the step-up flow.

Implications for integration

  • Update Your Code: Adjust your function calls and ensure your app logic handles the new LoginFlow enum response.

  • Prepare for MFA: Implement any necessary handlers for OngoingStepUp to manage the step-up authentication flows.

  • Review AuthToken Handling: Since AuthToken is now mandatory for certain flows, ensure your code retrieves and manages it appropriately.

AppDelegate.reachfive().mfaStart(
    stepUp: StartStepUp.<AuthTokenFlow | LoginFlow> (1)
)
1 Depending on your requirements, this will either be AuthTokenFlow or LoginFlow.

About this command

Starts the step-up process for the MFA flow. This method handles two cases:

  • AuthTokenFlow: for the traditional step-up flow which requires an auth token.

  • LoginFlow: for initiating the step-up flow using loginWithPassword.

The presence of an active session cookie is required. It is automatically retrieved by the function.

Examples

  • AuthTokenFlow

  • LoginFlow

import Reach5

let scope = ["openid", "email", "profile", "phone", "full_write", "offline_access"]

AppDelegate.reachfive()
  .mfaStart(stepUp: StartStepUp.AuthTokenFlow(
        authType: "email",
        scope: scope,
        authToken: profileAuthToken))
  .onSuccess { _ in
      // Do something
  }
  .onFailure { error in
      // Return a ReachFive error
  }
import Reach5

let scope = ["openid", "email", "profile", "phone", "full_write", "offline_access"]

AppDelegate.reachfive()
  .mfaStart(stepUp: StartStepUp.LoginFlow(
        authType: "email",
        stepUpToken: "stepUpToken123",
        origin: "ios-app",
        redirectUri: "https://example.com/callback",))
  .onSuccess { _ in
      // Do something
  }
  .onFailure { error in
      // Return a ReachFive error
  }

Parameters

stepUp

Contains the necessary fields to begin the step up process.

  • AuthTokenFlow

  • LoginFlow

  • authType: The authorization type. This is email or sms. required

  • authToken: The authorization token. required

  • scope: The defined scope such as openid, email, or phone_number.

  • redirectUri: The URL to which the user is redirected. This URL must be whitelisted in the Allowed Callback URLs field of your ReachFive client settings.

  • origin: The domain of the origin. It must be a valid URL.

AppDelegate.reachfive()
    .mfaStart(stepUp: StartStepUp.AuthTokenFlow(
        authType: "email",
        scope: scope,
        redirectUri: "https://example.com/callback",
        authToken: profileAuthToken
    ))

  • authType: The authorization type. This is email or sms. required

  • stepUpToken: A new token generated during the login process. required

  • redirectUri: The URL to which the user is redirected. This URL must be whitelisted in the Allowed Callback URLs field of your ReachFive client settings.

  • origin: The domain of the origin. It must be a valid URL.

AppDelegate.reachfive()
    .mfaStart(stepUp: StartStepUp.LoginFlow(
        authType: "email",
        stepUpToken: "stepUpToken123",
        redirectUri: "https://example.com/callback",
        origin: "ios-app"
    ))

Response

Future<ContinueStepUp, ReachFiveError>

Error response

ReachFiveError

Based on the problem, the ReachFiveError will be:

  • AuthCanceled: The user cancelled the request or no credential was available in the keychain.

  • RequestError(apiError: ApiError) for a Bad Request (status 400) error.

  • AuthFailure(reason: String, apiError: ApiError?) mainly for Unauthorized (status 401) error.

  • TechnicalError(reason: String, apiError: ApiError?) if it’s an Internal Server Error (status 500) or other internal errors.

ApiError

error string

The main error message.

errorId string

The identifier of the error.

errorUserMsg string

The user-friendly error message.

This property is translated according to the user’s OS and app settings. Currently supported languages:
Currently supported languages

  • ar - العربية Arabic

  • de - Deutsch German

  • en - English

  • es - Español Spanish

  • fr - Français French

  • hu - Magyar Hungarian

  • it - Italiano Italian

  • jp - 日本 Japanese

  • ko - 한국인 Korean

  • nl - Nederlands Dutch

  • pt - Portuguese

  • ru - Ру́сский Russian

  • sk - Slovenský Slovak

  • zh-CN - People’s Republic of China Simplified Chinese

  • zh-Hans - Simplified Chinese

  • zh-Hant - Traditional Chinese

  • zh-HK - Hong Kong Traditional Chinese

  • zh-MO - Macao Traditional Chinese

  • zh-SG - Singapore Simplified Chinese

  • zh-TW - Taiwan Traditional Chinese

errorMessageKey string

The error message key.

errorDescription string

The technical error message.

errorDetails FieldError[]

field string

The field concerned by the error.

message string

The message error returned for the field.

code string

The code error returned for the field.