Class

HIDApproveTransaction

Encapsulates a transaction instance.

D Client Signing (DCS) O Tokens C the CIBA Feedback Mode Instance Properties V description: String Instance Methods F getAction() throws -> String F getDate() throws -> Date F getExpiryDate() throws -> Date F getIdToken() throws -> String F getRequestId() throws -> String F getSigningKey() throws -> HIDApproveKey F setStatus(status: String, signPassword: String?, sessionPassword: String?) throws -> Bool

Declaration

final class HIDApproveTransaction

Overview

The HID Authentication Service supports the Direct Client Signing (DCS) feature allowing to generate authentication requests for signature directly within the HID Approve SDK.

The symmetric workflow provides seamless integration for authentication for business applications and is a suitable and a more secure alternative for symmetric key-based OTPs. Depending on the use case, it could also eliminate the need for complex asynchronous integrations that use traditional pending transactions for authentication.

After the generation of a direct transaction, it can be signed the same way as standard pending transactions.

Optionally, the HID Approve SDK provides two verification methods of the authentication depending on the integration:

For immediate client-side verification in the integrating application, the OIDC ID Token can be used to perform additional verification. The ID token provides identity and authentication details with a digital signature to ensure authenticity and protect the integrity of the provided data. For further information, see HID Authentication Service documentation on OpenID Tokens.
For Client Initiated Backchannel Authentication (CIBA) integrations that might require additional verification of the authentication request signature, the newly created authentication request identifier will be returned after performing the cryptographic signature. For further information about CIBA feedback event polling, see Configuring the CIBA Feedback Mode.

Example Code:

    do {
    let container = self.getContainer()!
    let filter = HIDApproveKeyFilter(keyUsage:HIDApproveKeyUsageType.Sign)
    let keys = try container.findKeys(filter: [filter])
    
    if !keys.isEmpty {
        let transaction = try container.generateAuthenticationRequest(message: "my message", key: keys.first!)
        
        // we assume the key is not password protected
        try transaction.setStatus(status: "my status", signPassword: nil, sessionPassword: nil)
        let reqid = try transaction.getRequestId()
        let tokenid = try transaction.getIdToken()
    }
}
catch let error as NSError {
    self.handleFailure(error)
}

  

Topics

Instance Properties

var description: String

Returns the transaction text to be displayed to the user.

Instance Methods

func getAction() throws -> String

Returns the nature of the action.

func getDate() throws -> Date

Gets status change date for the transaction.

func getExpiryDate() throws -> Date

Returns Retrieves the expiration date associated with requested action.

func getIdToken() throws -> String

Gets the signed OIDC ID Token associated with the signed transaction.

func getRequestId() throws -> String

Gets the CIBA authentication request id associated with the signed transaction.

func getSigningKey() throws -> HIDApproveKey

Gets the Signing Key object associated with that transaction.

func setStatus(status: String, signPassword: String?, sessionPassword: String?) throws -> Bool

Communicates the status and context information of this transaction along with cryptographic signature.