DefaultDeviceAuthenticator

open class DefaultDeviceAuthenticator : DeviceAuthenticator

A base class for device authenticators, providing default implementations for the DeviceAuthenticator protocol. Subclasses should override methods to provide specific authentication logic.

  • The optional Journey object providing context for the authentication flow.

    Declaration

    Swift

    public var journey: Journey?

  • An optional Prompt object containing information to display to the user during authentication.

    Declaration

    Swift

    public var prompt: Prompt?

  • Returns the specific type of device binding authentication this authenticator handles. Default implementation returns .none. Subclasses should override this.

    Declaration

    Swift

    open func type() -> DeviceBindingAuthenticationType
  • register() Asynchronous

    Generates a new public and private key pair for the authenticator. Default implementation throws DeviceBindingStatus.unsupported, requiring subclasses to provide concrete implementation.

    Throws

    DeviceBindingStatus.unsupported if not overridden by a subclass.

    Declaration

    Swift

    open func register() async throws -> KeyPair

    Return Value

    A KeyPair containing the newly generated public and private keys.

  • authenticate(keyTag:) Asynchronous

    Declaration

    Swift

    open func authenticate(keyTag: String) async -> Result<SecKey, Error>

    Return Value

    A Result containing the SecKey on success, or an Error on failure.

  • Checks if the authenticator is supported on the current device. Default implementation returns false. Subclasses should override this.

    Declaration

    Swift

    open func isSupported(attestation: Attestation) -> Bool

    Parameters

    attestation

    The attestation type to consider for support.

    Return Value

    true if the authenticator is supported, false otherwise.

  • Provides the access control settings for the authenticator’s keys. Default implementation returns nil. Subclasses should override this to provide specific access control.

    Declaration

    Swift

    open func accessControl() -> SecAccessControl?

    Return Value

    A SecAccessControl object defining key access policies, or nil if not applicable.

  • deleteKeys() Asynchronous

    Deletes all keys associated with this authenticator. Default implementation does nothing. Subclasses should override this to provide specific key deletion logic.

    Throws

    KeyDeletionError if key deletion fails.

    Declaration

    Swift

    open func deleteKeys() async throws

  • Default implementation for a signing method that generates a JWS. This constructs the JWT payload with standard claims and signs it using the provided key pair.

    Throws

    JwtError if JWT signing fails or SecKeyToJWKError if JWK conversion fails.

    Declaration

    Swift

    open func sign(params: SigningParameters, journey: Journey?) throws -> String

    Parameters

    params

    The SigningParameters containing data like challenge, expiration, user ID, and key pair.
    journey

    An optional Journey object to provide context for the issuer claim.

    Return Value

    The compact serialized JWS string.

  • Signs the given parameters with an existing user key to generate a JWS. This constructs the JWT payload with standard and custom claims and signs it using the provided keys.

    Throws

    JwtError if JWT signing fails or SecKeyToJWKError if JWK conversion fails.

    Declaration

    Swift

    open func sign(params: UserKeySigningParameters, journey: Journey?) throws -> String

    Parameters

    params

    The UserKeySigningParameters containing data like challenge, expiration, user key, and private/public keys.
    journey

    An optional Journey object to provide context for the issuer claim.

    Return Value

    The compact serialized JWS string.

  • Sets the prompt information to be displayed to the user during authentication.

    Declaration

    Swift

    open func setPrompt(_ prompt: Prompt)

    Parameters

    prompt

    A Prompt struct containing title, subtitle, and description.

  • Initializes the authenticator with a user ID and prompt. Calls setPrompt and then initialize(userId:).

    Declaration

    Swift

    open func initialize(userId: String, prompt: Prompt)

    Parameters

    userId

    The ID of the user associated with the authenticator.
    prompt

    The prompt to display to the user.

  • Initializes the authenticator with a user ID. Default implementation does nothing. Subclasses can override this for specific initialization logic.

    Declaration

    Swift

    open func initialize(userId: String)

    Parameters

    userId

    The ID of the user associated with the authenticator.

  • Returns the issue time for a token, typically the current date.

    Declaration

    Swift

    open func issueTime() -> Date

    Return Value

    A Date object representing the issue time.

  • Returns the not-before time for a token, typically the current date.

    Declaration

    Swift

    open func notBeforeTime() -> Date

    Return Value

    A Date object representing the not-before time.

  • Validates custom claims against a list of reserved JWT claim names. This prevents custom claims from overwriting standard JWT claims.

    Throws

    DeviceBindingError.invalidClaim if any custom claim is a reserved JWT claim.

    Declaration

    Swift

    open func validateCustomClaims(_ customClaims: [String : Any]) -> Bool

    Parameters

    customClaims

    A dictionary of custom claims to be validated.

    Return Value

    true if no custom claims conflict with reserved names, false otherwise.