Implicit user authentication
Implicit user authentication is a way to authenticate the user without any user interaction. Device credentials are used to authenticate. It's more convenient since it does not require from user any authentication like PIN or biometric. Because there is no explicit authentication done by the user, it is also less secure.
Limitations
Only one user can be authenticated implicitly at the same time. The implicit user session is separated from the regular user session. This way one use might be authenticated with PIN and at the same time another user (or the same one) might be authenticated implicitly. A user must be registered before he/she can be authenticated implicitly.
Implementation
Implicit user authentication is done using the -[ONGUserClient implicitlyAuthenticateUser:scopes:completion:]
method. It
requires the following arguments:
- userProfile - the profile you want to authenticate implicitly
- scopes - array of scopes
- completion - block that will be called at implicit authentication completion. The completion block will be executed with
success or with an error from the
ONGGenericErrorDomain
domain.
Example implementation:
[[ONGUserClient sharedInstance] implicitlyAuthenticateUser:userProfile
scopes:scopes
completion:^(BOOL success, NSError *_Nullable error) {
if (success)
// Update UI, fetch implicit resource
...
} else {
// Handle errors from ONGGenericErrorDomain error domain
if (error.code == ONGGenericErrorUserDeregistered) {
// Handle user deregister error
...
} else if (error.code == ONGGenericErrorDeviceDeregistered) {
// Handle device deregisterd error
...
}
...
}
}];
Once the user is authenticated implicitly he will be able to fetch resource implicitly. Fetching a resource is done using the `-[ONGUserClient fetchImplicitResource:completion:] method. You can find the documentation on how to use this method in the Secure resource access guide.