View on GitHub
OathCredential
public struct OathCredential : Codable, Identifiable, Sendable, CustomStringConvertible, CustomReflectableRepresents an OATH (TOTP/HOTP) credential. This model holds all necessary information to generate OTP codes and identify the credential.
Note
The secret key is stored securely and not exposed in the public API.-
Unique identifier for the credential (local ID).
Declaration
Swift
public let id: String -
User identifier on the server.
Declaration
Swift
public let userId: String? -
Server-side device identifier.
Declaration
Swift
public let resourceId: String? -
The name of the issuer for this credential.
Declaration
Swift
public let issuer: String -
The name of the issuer for this credential, editable by the user.
Declaration
Swift
public var displayIssuer: String -
The account name (username) associated with this credential.
Declaration
Swift
public let accountName: String -
The account name (username) associated with this credential, editable by the user.
Declaration
Swift
public var displayAccountName: String -
The type of credential (TOTP or HOTP).
Declaration
Swift
public let oathType: OathType -
The HMAC algorithm used (SHA1, SHA256, SHA512).
Declaration
Swift
public let oathAlgorithm: OathAlgorithm -
The number of digits in the generated codes.
Declaration
Swift
public let digits: Int -
For TOTP, the time period in seconds for which a code is valid.
Declaration
Swift
public let period: Int -
For HOTP, the counter value used to generate the next code.
Declaration
Swift
public var counter: Int -
The timestamp when this credential was created.
Declaration
Swift
public let createdAt: Date -
Optional URL for the issuer’s logo or image.
Declaration
Swift
public let imageURL: String? -
Optional background color for the credential.
Declaration
Swift
public let backgroundColor: String? -
Optional Authenticator Policies in a JSON String format for the credential.
Declaration
Swift
public let policies: String? -
Optional name of the Policy locking the credential.
Declaration
Swift
public var lockingPolicy: String? -
Indicates whether the credential is locked.
Declaration
Swift
public var isLocked: Bool
-
String representation of the OATH type.
Declaration
Swift
public var type: String { get } -
String representation of the OATH algorithm.
Declaration
Swift
public var algorithm: String { get }
-
init(id:userId: resourceId: issuer: displayIssuer: accountName: displayAccountName: oathType: oathAlgorithm: digits: period: counter: createdAt: imageURL: backgroundColor: policies: lockingPolicy: isLocked: secretKey: ) Creates a new OATH credential.
Declaration
Swift
public init( id: String = UUID().uuidString, userId: String? = nil, resourceId: String? = nil, issuer: String, displayIssuer: String? = nil, accountName: String, displayAccountName: String? = nil, oathType: OathType, oathAlgorithm: OathAlgorithm = .sha1, digits: Int = 6, period: Int = 30, counter: Int = 0, createdAt: Date = Date(), imageURL: String? = nil, backgroundColor: String? = nil, policies: String? = nil, lockingPolicy: String? = nil, isLocked: Bool = false, secretKey: String )Parameters
idUnique identifier for the credential. Defaults to a new UUID.
userIdUser identifier on the server.
resourceIdServer-side device identifier.
issuerThe name of the issuer for this credential.
displayIssuerThe display name of the issuer, editable by the user.
accountNameThe account name associated with this credential.
displayAccountNameThe display account name, editable by the user.
oathTypeThe type of credential (TOTP or HOTP).
oathAlgorithmThe HMAC algorithm used.
digitsThe number of digits in generated codes. Defaults to 6.
periodFor TOTP, the time period in seconds. Defaults to 30.
counterFor HOTP, the counter value. Defaults to 0.
createdAtThe creation timestamp. Defaults to current date.
imageURLOptional URL for the issuer’s image.
backgroundColorOptional background color.
policiesOptional policies in JSON format.
lockingPolicyOptional locking policy name.
isLockedWhether the credential is locked. Defaults to false.
secretKeyThe secret key for OTP generation.
-
fromUri(_:Asynchronous) Creates an OATH credential from a URI string.
Throws
OathError.invalidUriif the URI is malformed.Declaration
Swift
public static func fromUri(_ uri: String) async throws -> OathCredentialParameters
uriThe URI string to parse.
Return Value
A new OathCredential instance.
-
toUri()AsynchronousConverts this credential to a URI string.
Throws
OathError.uriFormattingif formatting fails.Declaration
Swift
public func toUri() async throws -> StringReturn Value
A URI string representation of this credential.
-
Lock this credential due to policy violations.
Locked credentials cannot be used for code generation until they are unlocked. This is typically enforced by policy evaluators checking for jailbreak, device compromise, or other security violations.
Declaration
Swift
public mutating func lockCredential(policyName: String)Parameters
policyNameThe name of the policy that caused the lock.
-
Unlock this credential.
This removes any locking policy information and allows the credential to be used for code generation again.
Declaration
Swift
public mutating func unlockCredential()
-
Custom initializer for decoding. The secret key must be provided separately.
Throws
DecodingErrorif decoding fails.Declaration
Swift
public init(from decoder: Decoder) throwsParameters
decoderThe decoder to read data from.
-
Custom encoder implementation that excludes the secret key.
Throws
EncodingErrorif encoding fails.Declaration
Swift
public func encode(to encoder: Encoder) throwsParameters
encoderThe encoder to write data to.
-
A textual description of the credential, excluding the secret key.
Declaration
Swift
public var description: String { get }
-
Custom reflection for the credential, excluding the secret key.
Declaration
Swift
public var customMirror: Mirror { get }