PushUriParser

public enum PushUriParser

Utility class for parsing and formatting Push URIs. Supports both pushauth:// and mfauth:// schemes.

This parser handles the standard Push URI format used for credential registration via QR codes and supports additional parameters for enhanced functionality.

URI Format

pushauth://push/issuer:accountName?r=regEndpoint&a=authEndpoint&s=sharedSecret&d=userId
mfauth://push/issuer:accountName?r=regEndpoint&a=authEndpoint&s=sharedSecret&d=userId

Required Parameters

  • r: Registration endpoint (base64-encoded)
  • a: Authentication endpoint (base64-encoded)
  • s: Shared secret for signing (base64url-encoded)

Optional Parameters

  • d: User ID (base64-encoded)
  • pid: Push resource ID (base64-encoded)
  • issuer: Issuer name (base64-encoded if from pushauth, plain if from mfauth)
  • image: Image URL (base64-encoded)
  • b: Background color (hex without #)
  • policies: Authenticator policies (base64-encoded JSON)
  • c: Challenge parameter for registration
  • l: Load balancer cookie for registration
  • m: Message ID for registration

Parsing

  • parse(_:) Asynchronous

    Parse a Push URI string into a PushCredential.

    Throws

    PushError.invalidUri if the URI is malformed.

    Declaration

    Swift

    public static func parse(_ uri: String) async throws -> PushCredential

    Parameters

    uri

    The URI string (pushauth:// or mfauth://).

    Return Value

    A PushCredential instance.

Registration Parameters

  • Extract registration parameters from a Push URI. These parameters are used during the credential registration flow.

    Throws

    PushError.invalidUri if the URI cannot be parsed or required parameters are missing.

    Notes

    • All three parameters (challenge, loadBalancer, messageId) are required
    • Will throw if any parameter is missing (matches Android behavior)
    • The loadBalancer parameter is returned with key “amlbCookie” for consistency with the handler
    • Base64-encoded values are decoded automatically

    Declaration

    Swift

    public static func registrationParameters(_ uri: String) async throws -> [String : String]

    Parameters

    uri

    The URI string (pushauth:// or mfauth://).

    Return Value

    A dictionary containing registration parameters:

    • “challenge”: Challenge value for registration response (key: “c”)
    • “amlbCookie”: Load balancer cookie for proper routing (key: “l”)
    • “messageId”: Message ID for registration response (key: “m”)

URI Formatting

  • format(_:) Asynchronous

    Format a PushCredential into a URI string.

    Throws

    PushError.uriFormatting if formatting fails.

    Example Output

    pushauth://push/ForgeRock:user@example.com?r=...&a=...&s=...&issuer=ForgeRock

    Declaration

    Swift

    public static func format(_ credential: PushCredential) async throws -> String

    Parameters

    credential

    The PushCredential to format.

    Return Value

    A pushauth:// URI string.