Classes

Callback that accepts user input often need to validate that input either on the client side, the server side or both. Such callback should extend this base class.

See more

open class AbstractValidatedCallback : AbstractCallback, ObservableObject, @unchecked Sendable

FailedPolicy that describes reason, and additional information for user input validation failure

See more

public class FailedPolicy

Base implementation of a callback for collection of a single identity object attribute from a user.

See more

public class AttributeInputCallback : AbstractValidatedCallback, @unchecked Sendable

A callback that collects a single boolean user attribute with validation against given policies.

See more

public class BooleanAttributeInputCallback : AttributeInputCallback, @unchecked Sendable

A callback that collects single user input from available choices, with predefined default choice.

See more

public class ChoiceCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that asks user for YES/NO, OK/CANCEL, YES/NO/CANCEL or other similar confirmations.

See more

public class ConfirmationCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that collects consent mapping information from a user.

See more

public class ConsentMappingCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that handles hidden values in the authentication flow.

See more

public class HiddenValueCallback : AbstractCallback, ValueCallbackProtocol, ObservableObject, @unchecked Sendable

A callback that is responsible to define and create Knowledge Based Authentication question and answer for a user.

See more

public class KbaCreateCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback for providing metadata that can transform into specialized callbacks based on content.

See more

public class MetadataCallback : AbstractCallback, MetadataCallbackProtocol, ObservableObject, @unchecked Sendable, ContinueNodeAware, JourneyAware

See more

public class NameCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that collects a double value user attribute with validation against given policies.

See more

public class NumberAttributeInputCallback : AttributeInputCallback, @unchecked Sendable

A callback that collects a password input from the user.

See more

public class PasswordCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that instructs an application to wait for the given period and resubmit the request.

See more

public class PollingWaitCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that collects a single string user attribute with validation against given policies.

See more

public class StringAttributeInputCallback : AttributeInputCallback, @unchecked Sendable

A callback that notifies user that the authentication flow is suspended and can be resumed with Resume URI sent to user’s email.

public class SuspendedTextOutputCallback : TextOutputCallback, @unchecked Sendable

A callback that collects a user’s acceptance of the configured Terms & Conditions.

See more

public class TermsAndConditionsCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that collects a text input from the user.

See more

public class TextInputCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that provides a message to be displayed to a user with given message type.

See more

public class TextOutputCallback : AbstractCallback, ObservableObject, @unchecked Sendable

A callback that collects a password with validation against given policies.

See more

public class ValidatedPasswordCallback : AbstractValidatedCallback, @unchecked Sendable

A callback that collects a username with validation against given policies.

See more

public class ValidatedUsernameCallback : AbstractValidatedCallback, @unchecked Sendable

Configuration for Journey workflows.

Conforms to WorkflowConfig and Sendable, and holds parameters required to communicate with the Journey backend.

See more

public class JourneyConfig : WorkflowConfig, @unchecked Sendable

A ContinueNode specialized for Journey flows.

Builds the JSON payload from contained callbacks and constructs the HTTP request targeting the Journey authenticate endpoint.

See more

public final class JourneyContinueNode : ContinueNode, @unchecked Sendable

A module that integrates OIDC capabilities into the Journey workflow.

See more

public class OidcModule

A module that manages the session configuration and lifecycle within a Journey workflow.

See more

public class SessionModule

A configuration class for managing session-related settings and SSO token storage.

SessionConfig provides a centralized way to configure how SSO tokens are stored and persisted across app launches. By default, it uses secure Keychain storage with encryption, but can be customized to use different storage backends or account identifiers for multi-user scenarios.

Default Behavior

When initialized without parameters, SessionConfig uses:

• Storage: Keychain-based storage
• Account: Default identifier (com.pingidentity.journey.SessionConfig)
• Encryption: Secured key encryption when available, falling back to no encryption

Custom Storage Configuration

For apps supporting multiple users or requiring isolated storage:

let journey = Journey.createJourney { config in
    // ... other configuration ...
    config.serverUrl = "https://example.com/am"
    config.realm = "alpha"

    // Configure storage during initialization
    config.module(SessionModule.config) { sessionConfig in
        sessionConfig.storage = KeychainStorage<SSOTokenImpl>(
            account: "user_a_sessions",
            encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
        )
    }

}

// Configure custom session storage after journey initialization
try await journey.initialize()
if let sessionConfig = journey.sharedContext.get(key: SharedContext.Keys.sessionConfigKey) as? SessionConfig {
    sessionConfig.storage = KeychainStorage<SSOTokenImpl>(
        account: "user_specific_account",
        encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
    )
}

Multi-User Scenarios

When your app needs to support multiple concurrent users with isolated sessions, create separate Journey instances with unique account identifiers:

// User A's journey with isolated storage
let userAJourney = Journey.createJourney { config in
    // configuration...
}
try await userAJourney.initialize()
if let sessionConfig = userAJourney.sharedContext.get(key: SharedContext.Keys.sessionConfigKey) as? SessionConfig {
    sessionConfig.storage = KeychainStorage<SSOTokenImpl>(account: "user_a_sessions", encryptor: SecuredKeyEncryptor() ?? NoEncryptor())
}

// User B's journey with separate isolated storage
let userBJourney = Journey.createJourney { config in
    // configuration...
}
try await userBJourney.initialize()
if let sessionConfig = userBJourney.sharedContext.get(key: SharedContext.Keys.sessionConfigKey) as? SessionConfig {
    sessionConfig.storage = KeychainStorage<SSOTokenImpl>(account: "user_b_sessions", encryptor: SecuredKeyEncryptor() ?? NoEncryptor())
}

See more

public class SessionConfig : @unchecked Sendable

Define the module that transforms the response from Journey to a Node.

See more

public class NodeTransformModule : @unchecked Sendable

A concrete implementation of SSOToken used for session storage and management.

SSOTokenImpl provides the standard implementation of an SSO token within the Journey framework. It encapsulates all necessary information about an authenticated session, including the session value, success URL, and authentication realm.

Storage and Persistence

This class is designed to work seamlessly with the storage layer:

• Conforms to Codable for JSON serialization to Keychain or other storage
• Marked as Sendable for safe concurrent access across actor boundaries
• Immutable properties ensure thread-safe usage

Usage in Journey Framework

SSOTokenImpl instances are typically created internally by the Journey framework during authentication flows. However, you can also create instances manually for testing or custom authentication scenarios:

let token = SSOTokenImpl(
    value: "session_token_abc123",
    successUrl: "https://example.com/success",
    realm: "alpha"
)

// Store the token
let storage = KeychainStorage<SSOTokenImpl>(
    account: "my_sessions",
    encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
)
try await storage.save(item: token)

// Retrieve the token later
let retrievedToken = try await storage.get()
print(retrievedToken?.value) // "session_token_abc123"

Integration with SessionConfig

SSOTokenImpl is the type parameter for SessionConfig‘s storage property:

let sessionConfig = SessionConfig()
// sessionConfig.storage is of type Storage<SSOTokenImpl>

// Custom storage for a specific user
sessionConfig.storage = KeychainStorage<SSOTokenImpl>(
    account: "user_sessions",
    encryptor: SecuredKeyEncryptor() ?? NoEncryptor()
)

See more

public final class SSOTokenImpl : SSOToken, Sendable, Codable