Contents

Integrating LaunchKey with iOS

Integrating LaunchKey with iOS ¶

This document walks you through integrating LaunchKey with iOS apps.

Requirements ¶

iOS Version ¶

The minimum iOS version supported for Authenticator SDK v4.6.0 and up is iOS 9.

The minimum iOS version supported for Authenticator SDK v3.0.0 is iOS 8.

Setting Up the LaunchKey Service ¶

Before integrating the LaunchKey Authenticator SDK with your app, an administrator must complete the following steps:

From an iOS device, launch the Apple App store.
Search for the LaunchKey Authenticator app, then download and install it.
Run the LaunchKey Authenticator app and tap Get Started.
Complete the Link page. This includes:
- A username and device name. You will use this username to log into the LaunchKey Admin Center. The device name will appear when you review linked devices.
- Choose which communication channel you want to use to complete account creation and device registration. You can choose Email and/or SMS. Accept the terms and agreements, then tap Done.
Based on the linking method(s) you chose, you will receive an email and/or text message with a link that you must follow to complete account creation and link your device to the LaunchKey Admin Center.
Now that the device is configured, you must associate it with a service in the LaunchKey Admin Center. From a browser, open the LaunchKey Admin Center at https://admin.launchkey.com/login.
To log in, enter the username that you entered into the LaunchKey Authenticator app when you linked the device.
On the device, authorize the login. If any security factors have been enabled, you will be prompted to complete them before you can complete authorization.
Now that you are in the LaunchKey Admin Center, click the left navigation button and select Organizations. The All Organizations page appears.
Click the New Organization button. The Create New Organization screen appears.
Enter a name for the organization, provide your name and email address (or name and email address of an admin user). Complete the Create New Organization Screen.
The user whose email you entered will receive a confirmation email. Click the confirmation email to complete creation of the organization.
Back in the LaunchKey Admin Center, open the organization you created. Expand the menu button on the left of the screen and select Organizations, then click the organization.
From within the organization, select the Directories tab.
Click the New Directory button to create a new directory. Enter a name for the directory and click the Submit button.
Directory details appear. From here, on the General tab, you can see a Authenticator SDK Keys list. Capture the Authenticator SDK Key. You will need it later when integrating the LaunchKey SDK into your app.
Also on the General tab, under Services, click the NEW SERVICE button. The Create New Service screen appears.
Enter a name and description for the service. Optionally choose an avatar file, read and accept the Terms of Service and click the Create Service button.

You are now ready to integrate the LaunchKey SDK into your mobile apps.

Integrating the iOS SDK into Your App ¶

Follow these steps to integrate the LaunchKey SDK for iOS into your app. This includes examples and instructions for Objective-C and swift.

Download the SDK from https://github.com/iovation/launchkey-ios-authenticator-sdk/releases
In Xcode, add Authenticator.bundle and Authenticator.framework to your project. Make sure that they are visible under Copy Bundle Resources in your target’s Build phase. Also ensure that Authenticator.framework appears under Link Binary With Libraries.
Add the following .plist permissions to your project and provide description values for each:
- NSLocationWhenInUseUsageDescription
- NSBluetoothPeripheralUsageDescription
- NSCameraUsageDescription
If you would like to support Face ID on iPhone X devices and you are using v4.1.0+ of the Auth SDK, please also include the following .plist permission in your project and provide a description value:
- NSFaceIDUsageDescription
Import Authenticator.framework to your app delegate or, for Swift projects, your Bridging-Header.h file:
```
#import <Authenticator/AuthenticatorManager.h>
```

As of Authenticator SDK v4.6.0 and up, you should initialize the SDK via building a new AuthenticatorConfig object and setting the Authenticator SDK Key, along with the other builder properties you desire for the app, which is explained in AuthenticatorConfig Builder Properties section below. For example:

Objective-C:

AuthenticatorConfig *config = [AuthenticatorConfig makeWithAuthenticatorConfigBuilder:^(AuthenticatorConfigBuilder *builder) {
    builder.sdkKey = @"<Authenticator_SDK_Key>";
}];

[[AuthenticatorManager sharedClient] initialize:config];

Swift:

    let config = AuthenticatorConfig.make {builder in
        builder?.sdkKey = "<Authenticator_SDK_Key>"
    }

    AuthenticatorManager.sharedClient().initialize(config)

    If you are using a version of the Authenticator SDK below v4.6.0, you should initialize the AuthenticatorManager shared client with your Authenticator SDK Key as follows::

// Initialize the SDK Manager
[[AuthenticatorManager sharedClient] initSDK:@"<Authenticator_SDK_Key>"];

To enable users to link their devices, specify a linking mechanism. You can enable either QR code scanning by passing a YES or the ability to manually enter their linking code by passing NO.

Objective-C:

[[AuthenticatorManager sharedClient] showLinkingView:self.navigationController withCamera:YES withLinked:^{
    // Success block
    // End-user has been successfully linked
} withFailure:^(NSString *errorMessage, NSString *errorCode) {
    // Failure block
    // Check error
}];

Swift:

AuthenticatorManager.sharedClient().showLinkingView(self.navigationController, withCamera: true, withLinked: {() in
    // Success block
    // End-user has been successfully linked
}, withFailure:{(errorMessage, errorCode) in
    // Failure block
    // Check error
})

To check for and present a pending Auth Request, as of Authenticator SDK v4.2.0+, import the AuthRequestManager.h file:

#import <Authenticator/AuthRequestManager.h>

Then call the following method and if there is an Auth Request, the Auth Request View will be pushed on to the navigation stack:

Objective-C:

// Check For Pending Auth Request
[[AuthRequestManager sharedManager] checkForPendingAuthRequest:self.navigationController withCompletion:^(NSString *message, NSError *error)
{
    if(error != nil)
    {
        // Check error
    }
    else
    {
        // Check message to see if response to auth request was successful or if there are no pending auth requests
        NSLog(@"Message: %@", message);
    }
}];

Swift:

// Check For Pending Auth Request
AuthRequestManager.shared().check(forPendingAuthRequest: self.navigationController, withCompletion: { (message,error) in
    if((error) != nil)
    {
        // Check error
    }
    else
    {
        // Check message to see if response to auth request was successful or if there are no pending auth requests
        print("\(message)")
    }
})

Please note the following class and methods have been deprecated in v4.2.0 of the Authenticator SDK and will be removeed in a future major release. For Authenticator SDK v4.1.1 and below, to create a view where users can view auth requests, first import the AuthRequestViewController.h file:

#import <Authenticator/AuthRequestViewController.h>

Then, initialize AuthRequestViewController and define a Container view where you can embed the auth request view.

Objective-C:

AuthRequestViewController *requestChildView = [[AuthRequestViewController alloc] initWithParentView:self];
[self addChildViewController:requestChildView];
[self.containerView addSubview:requestChildView.view];
[requestChildView didMoveToParentViewController:self];

// Check For Pending Auth Request
[authRequestChildView checkForPendingAuthRequest:self.navigationController withCompletion:^(NSString *message, NSError *error)
{
    if(error != nil)
    {
        // Check error
    }
    else
    {
        // Check message to see if response to auth request was successful or if there are no pending auth requests
        NSLog(@"Message: %@", message);
    }
}];

Swift:

var authRequestView:AuthRequestViewController!
authRequestView = AuthRequestViewController.init(parentView: self)
self.addChildViewController(authRequestView)
containerView.addSubview(authRequestView.view)
authRequestView.didMove(toParentViewController: self)

// Check For Pending Auth Request
authRequestView.check(forPendingAuthRequest: self.navigationController, withCompletion: { (message,error) in
    if((error) != nil)
    {
        // Check error
    }
    else
    {
        // Check message to see if response to auth request was successful or if there are no pending auth requests
        print("\(message)")
    }
})

End-users can choose their own security factors. Services can be set to require users to set a minimum number of factors. Implement the following to enable users to use the Security Factors view and choose their security factors.

Objective-C:

[[AuthenticatorManager sharedClient] showSecurityViewWithNavController:self.navigationController withUnLinked:^{
}];

Swift:

AuthenticatorManager.sharedClient().showSecurityView(withNavController: self.navigationController, withUnLinked: {() in
})

Implement the IOADevice object to unlink either the current device or a remote device.

Objective-C:

[[AuthenticatorManager sharedClient] unlinkDevice:nil withCompletion:^(NSError *error){
    if(error != nil)
    {
        // Check error
    }
    else
    {
        // Device has been successfully unlinked
    }
}];

Swift:

AuthenticatorManager.sharedClient().unlinkDevice(nil, withCompletion: { (error) in
if((error) != nil)
    {
        // Check error
    }
    else
    {
        // Device has been successfully unlinked
    }
})

This completes the core integration. Continue on to the next section for advanced integration options.

Advanced Integration Options ¶

Now that the LaunchKey SDK for iOS is integrated and the basics are working, let’s move on to more advanced integration options. We’ll start by reviewing the technical components that make up advanced LaunchKey integration.

AuthenticatorConfig Builder Properties ¶

As of Authenticator SDK v4.6.0 and up, you can build an AuthenticatorConfig object, which is the updated way to set some of the following advanced integration options, as well as some color configurations. Essentially, the AuthenticatorConfig object replaces the deprecated AuthenticatorConfigurator class and all it’s available methods. The following are code snippets to display all the builder options available via the AuthenticatorConfig object:

Objective-C:

AuthenticatorConfig *config = [AuthenticatorConfig makeWithAuthenticatorConfigBuilder:^(AuthenticatorConfigBuilder *builder) {
    builder.SSLPinningEnabled = YES;
    builder.customFont = @"System";
    builder.keyPairSize = keypair_maximum;
    builder.activationDelayWearable = 86400;
    builder.activationDelayGeofence = 86400;
    builder.enableInfoButtons = YES;
    builder.enableHeaderViews = YES;
    builder.enableNotificationPrompt = YES;
    builder.enableSecurityChangesWhenUnlinked = NO;
    builder.controlsBackgroundColor = [UIColor clearColor];
    builder.geofenceCircleColor = [UIColor blueColor];
    builder.tableViewHeaderBackgroundColor = [UIColor clearColor];
    builder.tableViewHeaderTextColor = [UIColor blueColor];
    builder.securityViewsTextColor = [UIColor blackColor];
    builder.securityFactorImageTintColor = [UIColor blackColor];
    builder.enablePINCode = YES;
    builder.enableCircleCode = YES;
    builder.enableGeofencing = YES;
    builder.enableWearable = YES;
    builder.enableFingerprint = YES;
    builder.enableFace = YES;
    builder.authContentViewBackgroundColor = [UIColor whiteColor];
    builder.authTextColor = [UIColor purpleColor];
    builder.authResponseAuthorizedColor = [UIColor greenColor];
    builder.authResponseDeniedColor = [UIColor redColor];
    builder.authResponseFailedColor = [UIColor orangeColor];
    builder.authResponseDenialReasonSelectedColor = [UIColor blueColor];
    builder.authResponseDenialReasonUnselectedColor = [UIColor brownColor];
}];

Swift:

let config = AuthenticatorConfig.make {builder in
        builder?.sslPinningEnabled = true
        builder?.customFont = "System"
        builder?.keyPairSize = keypair_maximum
        builder?.activationDelayGeofence = 86400
        builder?.activationDelayWearable = 86400
        builder?.enableInfoButtons = true
        builder?.enableHeaderViews = true
        builder?.enableNotificationPrompt = true
        builder?.enableSecurityChangesWhenUnlinked = false
        builder?.controlsBackgroundColor = UIColor.clear
        builder?.enableSecurityFactorImages = true
        builder?.geofenceCircleColor = UIColor.blue
        builder?.tableViewHeaderBackgroundColor = UIColor.clear
        builder?.tableViewHeaderTextColor = UIColor.blue
        builder?.securityViewsTextColor = UIColor.black
        builder?.securityFactorImageTintColor = UIColor.black
        builder?.enablePINCode = true
        builder?.enableCircleCode = true
        builder?.enableGeofencing = true
        builder?.enableWearable = true
        builder?.enableFingerprint = true
        builder?.enableFace = true
        builder?.authContentViewBackgroundColor = UIColor.white
        builder?.authTextColor = UIColor.purple
        builder?.authResponseAuthorizedColor = UIColor.green
        builder?.authResponseDeniedColor = UIColor.red
        builder?.authResponseFailedColor = UIColor.orange
        builder?.authResponseDenialReasonSelectedColor = UIColor.blue;
        builder?.authResponseDenialReasonUnselectedColor = UIColor.brown
    }

Activation Delay (v3.0.4 and up)¶

The Authenticator SDK allows you to set an activation delay for passive security factors, such as geo-fences or Bluetooth proximity devices. This is the time it takes for the SDK to add or remove a passive factor. The delay also applies when an end-user toggles the verification setting for a security factor, which changes how the factor is verified during auth requests, for example only when required, or always.

You can set the delay for a range of time between 0 seconds to 24 hours. Provide the value in seconds, for example set it to 864000 to for a delay of 24 hours.

As of Authenticator SDK v4.6.0 and up, please reference the code examples in the AuthenticatorConfig Builder Properties section above. If using a version of the SDK below v4.6.0, please use the following examples for reference.

Objective-C:

[[AuthenticatorConfigurator sharedConfig] setActivationDelayProximity:86400];

[[AuthenticatorConfigurator sharedConfig] setActivationDelayGeofence:86400];

Swift:

AuthenticatorConfigurator.sharedConfig().setActivationDelayProximity(86400)

AuthenticatorConfigurator.sharedConfig().setActivationDelayGeofence(86400)

Warning

Setting the activation delay to 0 can potentially allow anyone to bypass passive security factors. They can do this by adding new, unintended passive factors and setting the verification toggle to only verify when required. If the user then immediately attempts to authenticate, the new passive factor will not be verified. For this reason, we strongly suggest setting the value to a minimum of ten minutes / 600 seconds.

SSL Pinning (Extra Security)¶

The Authenticator SDK uses SSL for network communication to the LaunchKey Platform API to ensure secure data transmission. However, to protect against eavesdropping and ensure that man-in-the-middle attacks cannot occur over this connection, you should enable SSL pinning which will verify the hostname and SSL certificate returned from the Platform API handshake exactly matches those that are bundled in your Mobile App. If the certificate cannot be verified, all connections to the Platform API are terminated.

Note

SSL pinning is turned OFF by default.

Warning

SSL pinning should only be enabled if you fully understand the consequences of enabling this feature as connectivity to the LaunchKey Platform API can be interrupted if SSL pinning is not properly configured.

Objective-C:

// Turn OFF
[[AuthenticatorConfigurator sharedConfig] turnOffSSLPinning];

// Turn ON
[[AuthenticatorConfigurator sharedConfig] turnOnSSLPinning];

Swift:

// Turn OFF
AuthenticatorConfigurator.sharedConfig().turnOffSSLPinning()

// Turn ON
AuthenticatorConfigurator.sharedConfig().turnOnSSLPinning()

Customizing Device Linking ¶

You can customize your implementation of device linking. To do this, pass a valid linking code to the following call. Include a device name if necessary, or pass nil as the device name and the SDK will populate the device name based on the current OS device name. If you want to enable the end-user to override the device name, set deviceNameOverride to YES.

Objective-C:

NSString *qrCode = @"ABCD123";
BOOL deviceNameOverride = YES;


[[AuthenticatorManager sharedClient] linkUser:qrCode withDeviceName:deviceName deviceNameOverride:deviceNameOverride withCompletion:^(NSError *error)
{
    if(error!=nil)
    {
        // Check error
    }
    else
    {
        // End-user has successfully linked
    }
}];

Swift:

let qrCode = "ABCD123"


AuthenticatorManager.sharedClient().linkUser(qrCode, withDeviceName:nil, deviceNameOverride:true, withCompletion: { (error) in
    if((error) != nil)
    {
        // Check error
    }
    else
    {
        // End-user has successfully linked
    }
})

Then to determine whether an end-user has been successfully linked, call isAccountActive.

Objective-C:

if([[AuthenticatorManager sharedClient] isAccountActive])
{
    // End-user's device is linked
}

Swift:

if(AuthenticatorManager.sharedClient().isAccountActive())
{
    // End-user's device is linked
}

Verifying Current Security Factors ¶

Use getSecurityInfo, available in the AuthenticatorManager, to return an NSArray to list out the factors, types, and whether they are active.

Objective-C:

NSArray *securityFactorArray = [[AuthenticatorManager sharedClient] getSecurityInfo];

Swift:

let securityFactorArray = AuthenticatorManager.sharedClient().getSecurityInfo()

Displaying Linked Devices ¶

Use DevicesViewController to manage device actions. The Authenticator SDK provides a default view to display linked devices and provides methods that you can use to implement a custom view.

First, import DevicesViewController.h and IOADevice.h:

#import <Authenticator/DevicesViewController.h>
#import <Authenticator/IOADevice.h>

Then, initialize DevicesViewController and display the default view in a container view.

Objective-C:

DevicesViewController *devicesChildView = [[DevicesViewController alloc] initWithParentView:self];

[self addChildViewController:devicesChildView];
[self.containerView addSubview:devicesChildView.view];
[devicesChildView didMoveToParentViewController:self];

Swift:

var devicesChildView:DevicesViewController!
devicesChildView = DevicesViewController.init(parentView: self)

self.addChildViewController(devicesChildView)
containerView.addSubview(devicesChildView.view)
devicesChildView.didMove(toParentViewController: self)

Use the following methods to perform device-related tasks.

Objective-C:

    DevicesViewController *devicesView;
NSArray *devicesArray;


devicesView = [[DevicesViewController alloc] initWithParentView:self];


// Get the current IOADevice object
IOADevice *currentDevice = [devicesView currentDevice];
NSLog(@"current device name = %@", currentDevice.name);


// Call getDevices to get a NSArray of IOADevice objects
[devicesView getDevices:^(NSArray* array, NSError *error)
{
    if(error)
    {
        // Check error
        NSLog(@"error: %@", error);
    }
    else
    {
        devicesArray = array;
        for(IOADevice *deviceObject in devicesArray)
        {
            NSLog(@"device name: %@", deviceObject.name);
            NSLog(@"device status: %lu", (unsigned long)deviceObject.status);
            NSLog(@"device uuid: %@", deviceObject.UUID);
            NSLog(@"device type: %@", deviceObject.type);
        }
    }
}];

Swift:

var devicesArray = [IOADevice]()
var devicesChildView:DevicesViewController!
devicesChildView = DevicesViewController.init(parentView: self)

// Call getDevices to get a NSArray of IOADevice objects
devicesChildView.getDevices { (array, error) in
    if((error) != nil)
    {
        // Check error
        print("\(error)")
    }
    else
    {
        devicesArray = array!
        for item in devicesArray
        {
            let deviceObject = item
            print("device name: \(deviceObject.name)")
        }
    }
}

Managing Sessions ¶

Use SessionsViewController to manage session-related tasks. The Authenticator SDK provides a default view to display sessions and provides methods that you can use to implement a custom view of Sessions as well.

First, import SessionsViewController.h and IOASession.h:

#import <Authenticator/SessionsViewController.h>
#import <Authenticator/IOASession.h>

Then, initialize SessionsViewController and display the default view in a container view.

Objective-C:

SessionsViewController *sessionsChildView = [[SessionsViewController alloc] initWithParentView:self];

[self addChildViewController:sessionsChildView];
[self.containerView addSubview:sessionsChildView.view];
[sessionsChildView didMoveToParentViewController:self];

Swift:

var sessionsChildView:SessionsViewController!
sessionsChildView = SessionsViewController.init(parentView: self)

self.addChildViewController(sessionsChildView)
containerView.addSubview(sessionsChildView.view)
sessionsChildView.didMove(toParentViewController: self)

You can use the following methods to manage session-related tasks and create a custom Sessions View if needed. Call -getSessions to get a NSArray of all the currently active IOASession objects. Each IOASession object contains four properties so that you can easily create a custom designed view of Sessions: serviceName, serviceID, serviceIcon, and dateCreated.

Objective-C:

SessionsViewController *sessionsView;
NSArray *sessionsArray;
sessionsView = [[SessionsViewController alloc] initWithParentView:self];

// Call getSessions to get a NSArray of all the IOASession objects
[sessionsView getSessions:^(NSArray* array, NSError *error)
{
    if(error)
    {
        NSLog(@"error: %@", error);
    }
    else
    {
        sessionsArray = array;
        for(IOASession *sessionObject in sessionsArray)
        NSLog(@"session name: %@", sessionObject.serviceName);
    }
}];


// End a specific session
IOASession *sessionObject = [sessionsArray objectAtIndex:indexPath.row];
[sessionsView clearSession:sessionObject];


// End all sessions
[sessionsView endAllSessions:^(NSError *error)
{
    if(error != nil)
    {
        // Check error
        NSLog(@"Error: %@", error);
    }
    else
    {
        // All sessions have been successfully cleared
    }
}];

Swift:

var sessionsArray = [IOASession]()
var sessionsView:SessionsViewController!


// Call getSessions to get a NSArray of all the IOASessions objects
sessionsView.getSessions { (array, error) in

    if((error) != nil)
    {
        // Check error
        print("\(error)")
    }
    else
    {
        sessionsArray = array!
        for item in sessionsArray
        {
            let sessionObject = item
            print("session name: \(sessionObject.serviceName)")
        }
    }
}


// End a specific session
sessionsView.clear(sessionsArray[row])

// End All sessions
    sessionsView.endAllSessions{(error) in
    if((error) != nil)
    {
        // Check error
        print("\(error)")
    }
    else
    {
        // All sessions have been successfully cleared
    }
}

Setting Key Pair Size ¶

Linking a device creates a key pair. You can use AuthenticatorConfigurator to set its size. The size can be between 2048-4096 bits; if the value is outside of the range, it is set to the nearest valid value, or it will be invalid. By default, if you do not set a key pair size, it is 4096. There are constants available in AuthenticatorConfigurator for common key pair sizes. NOTE Set the key pair size before initializing the SDK.

Objective-C:

[[AuthenticatorConfigurator sharedConfig] setKeyPairSize:keypair_maximum];

Swift:

AuthenticatorConfigurator.sharedConfig().setKeyPairSize(keypair_maximum)

Listening To Events via NSNotificationCenter ¶

There are specific events that you can add observers to so that you can implement your own UI. Here are a list of observers you can add:

requestReceived: Add an observer for requestReceived to be notified when an auth request has been received. You can call -checkForPendingAuthRequest to bring up the auth request once the notification has been broadcasted.

deviceUnlinked: Add an observer for deviceUnlinked to be notified when the device has been unlinked successfully or when the API returns an error indicating the device is unlinked.

requestApproved: Add an observer for requestApproved to be notified when an auth request has been approved.

requestDenied: Add an observer for requestDenied to be notified when an auth request has been denied.

DeviceKeyPairGenerated: Add an observer for DeviceKeyPairGenerated to be notified once the key pair generation has been completed.

Automatic Linking of a Device ¶

If your mobile app is supported by its own backend system, then the backend can generate a valid linking code, directly interacting with the LaunchKey API, and pass it down to the mobile app. This process can be triggered only when the end user has successfully provided traditional credentials to your system which would allow for the device to be automatically linked on their behalf.

This is a scenario that would require deeper integration which would otherwise have the end user type/scan the code themselves instead.

Customizing the User Interface ¶

Overview ¶

You can customize a number of user interface (UI) elements in the Security and Auth Request views by setting colors using the UIAppearance proxy settings. The Authenticator has subclassed some UI elements so that they can be modified via the UIAppearance proxy as well. Please see this Apple document for further explanation on how to use the UIAppearance proxy. Any UI element that is not subclassed means it can be customized via the proxy and any property of a subclassed item that is not listed in the table below also means it can be customized through default methods of the proxy.

Import Headers ¶

In order to customize UI elements, import the following subclassed UI elements:

#import <Authenticator/PinCodeButton.h>
#import <Authenticator/CircleCodeImageView.h>
#import <Authenticator/AuthenticatorButton.h>
#import <Authenticator/AuthorizationSliderButton.h>
#import <Authenticator/AuthorizationSlider.h>
#import <Authenticator/SecurityFactorTableViewCell.h>
#import <Authenticator/AuthRequestContainer.h>
#import <Authenticator/IOALabel.h> // Available in v3.0.5 and up
#import <Authenticator/IOATextField.h> // Available in v4.4.0 and up
#import <Authenticator/AuthResponseButton.h> // Available in v4.6.0 and up
#import <Authenticator/AuthResponseNegativeButton.h> // Available in v4.6.0 and up
#import <Authenticator/AuthResponseExpirationTimerView.h> // Available in v4.6.0 and up

UI Customization Definitions ¶

Subclassed Item Name	UI Element Type	Property/Method	Description	Objective-C / Swift Examples
PinCodeButton	UIButton	highlightedStateColor	UIColor displayed when a PIN Code button is pressed	`[PinCodeButton appearance].highlightedStateColor = [UIColor whiteColor];` `PinCodeButton.appearance().highlightedStateColor = UIColor.white`
		lettersColor	UIColor set for letters in the PIN Code button (available in v3.0.5 and up)	`[PinCodeButton appearance].lettersColor = [UIColor blackColor];` `PinCodeButton.appearance().lettersColor = UIColor.black`
		bulletColor	UIColor set for bullets in the PIN Code view when verifying and removing a PIN Code (available in v4.1.0 and up)	`[PinCodeButton appearance].bulletColor = accentColor;` `PinCodeButton.appearance().bulletColor = accentColor`
		-setPinCodeButtonAsCircle:(BOOL)asCircle	Method to set the PIN Code Button shape as either a circle (pass YES/true) or square (pass NO/false)	`[[PinCodeButton appearance] setPinCodeButtonAsCircle:YES];` `PinCodeButton.appearance().setPinCodeButtonAsCircle(true)`
		-setBorderColor:(UIColor*)borderColor	UIColor set for PIN Code button border (available in v4.1.0 and up)	`[[PinCodeButton appearance] setBorderColor:accentColor];` `PinCodeButton.appearance().setBorderColor(accentColor)`
		-setBorderWidth:(CGFloat)borderWidth	CGFloat set for PIN Code button width (available in v4.1.0 and up)	`[[PinCodeButton appearance] setBorderWidth:1.0f];` `PinCodeButton.appearance().setBorderWidth(1.0)`
CircleCodeImageView	UIImageView	defaultColor	Default UIColor set for the Circle Code center and hashmarks	`[CircleCodeImageView appearance].defaultColor = [UIColor darkGrayColor];` `CircleCodeImageView.appearance().defaultColor = UIColor.gray`
CircleCodeImageView	UIImageView	highlightColor	UIColor set for the Circle Code center and sectors when pressed on	`[CircleCodeImageView appearance].highlightColor = redColor;` `CircleCodeImageView.appearance().highlightColor = UIColor.darkGray`
AuthenticatorButton	UIButton	negativeActionTextColor	UIColor set for the text color of the UIButtons that are representative of negative actions (available in v4.0.0 and up)	`AuthenticatorButton appearance].negativeActionTextColor = [UIColor whiteColor];` `AuthenticatorButton.appearance().negativeActionTextColor = UIColor.white`
AuthenticatorButton	UIButton	negativeActionBackgroundColor	UIColor set for the background color of the UIButtons that are representative of negative actions (available in v4.0.0 and up)	`AuthenticatorButton appearance].negativeActionBackgroundColor = redColor;` `AuthenticatorButton.appearance().negativeActionBackgroundColor = redColor`
AuthorizationSlider *deprecated in v4.6.0	UIImageView	topColor	UIColor representative of the top track of the Authorization Slider	`[AuthorizationSlider appearance].topColor = [UIColor whiteColor];` `AuthorizationSlider.appearance().topColor = UIColor.white`
AuthorizationSlider *deprecated in v4.6.0	UIImageView	bottomColor	UIColor representative of the bottom track of the Authorization Slider, exposed when the button is dragged upwards	`[AuthorizationSlider appearance].bottomColor = [UIColor darkGrayColor];` `AuthorizationSlider.appearance().bottomColor = UIColor.darkGray`
AuthorizationSliderButton *deprecated in v4.6.0	UIButton	highlightedStateColor	UIColor displayed when the button of the AuthorizationSlider is pressed	`[AuthorizationSliderButton appearance].highlihgtedStateColor = [UIColor lightGrayColor];` `AuthorizationSliderButton.appearance().highlightedStateColor = UIColor.lightGray`
SecurityFactorTableViewCell	UITableViewCell	imagePINCodeFactor	UIImage displayed in the Table of Security Factors for Pin Code	`[SecurityFactorTableViewCell appearance].imagePINCodeFactor = [UIImage imageNamed:@"Image1"];` `SecurityFactorTableViewCell.appearance().imagePINCodeFactor = UIImage(named:"Image1")`
		imageCircleCodeFactor	UIImage displayed in the Table of Security Factors for Circle Code	`[SecurityFactorTableViewCell appearance].imageCircleCodeFactor = [UIImage imageNamed:@"Image2"];` `SecurityFactorTableViewCell.appearance().imageCircleCodeFactor = UIImage(named:"Image2")`
		imageBluetoothFactor	UIImage displayed in the Table of Security Factors for Bluetooth Proximity	`[SecurityFactorTableViewCell appearance].imageBluetoothFactor = [UIImage imageNamed:@"Image3"];` `SecurityFactorTableViewCell.appearance().imageBluetoothFactor = UIImage(named:"Image3")`
		imageGeofencingFactor	UIImage displayed in the Table of Security Factors for Geofencing	`[SecurityFactorTableViewCell appearance].imageGeofencingFactor = [UIImage imageNamed:@"Image4"];` `SecurityFactorTableViewCell.appearance().imageGeofencingFactor = UIImage(named:"Image4")`
		imageFingerprintFactor	UIImage displayed in the Table of Security Factors for Fingerprint/Face Scan	`[SecurityFactorTableViewCell appearance].imageFingerprintFactor = [UIImage imageNamed:@"Image5"];` `SecurityFactorTableViewCell.appearance().imageFingerprintFactor = UIImage(named:"Image5")`
AuthRequestContainer	UIView	imageAuthRequestGeofence	UIImage displayed during an Auth Request for Geofencing	`[AuthRequestContainer appearance].imageAuthRequestGeofence = [UIImage imageNamed:@"Image1"];` `AuthRequestContainer.appearance().imageAuthRequestGeofence = UIImage(named:"Image1")`
AuthRequestContainer	UIView	imageAuthRequestBluetooth	UIImage displayed during an Auth Request for Bluetooth Proximity	`[AuthRequestContainer appearance].imageAuthRequestBluetooth = [UIImage imageNamed:@"Image2"];` `AuthRequestContainer.appearance().imageAuthRequestBluetooth = UIImage(named:"Image2")`
IOLabel	UILabel	textColor	UIColor set for the text color of labels in Security View and Add Bluetooth Proximity View (available in v3.0.5 and up)	`[IOALabel appearance].textColor = [UIColor whiteColor];` `IOALabel.appearance().textColor = UIColor.white`
IOTextField	UITextField	placeholderTextColor	UIColor set for the placeholder text of the IOATextField, in the manual linking view (available in v4.4.0 and up)	`[IOATextField appearance].placeholderTextColor = [UIColor lightGrayColor];` `IOATextField.appearance().placeholderTextColor = UIColor.lightGray`
AuthenticatorConfigurator *This class and all it’s methods are now deprecated. Please build an AuthenticatorConfig object and initalize the SDK with the AuthenticatorManager instead.	NSObject	-setFont:(NSString*)customFont	Method used to set a custom font throughout the SDK views	`[[AuthenticatorConfigurator sharedConfig] setFont:@"Roboto"];` `AuthenticatorConfigurator.sharedConfig().setFont("Roboto")`
		-enableInfo:(BOOL)enable	Method to enable/disable Info buttons in the Security views	`[[AuthenticatorConfigurator sharedConfig] enableInfo:YES];` `AuthenticatorConfigurator.sharedConfig().enableInfo(false)`
		-enableHeaderViews:(BOOL)enable	Method to enable/disable TableView Headers	`[[AuthenticatorConfigurator sharedConfig] enableHeaderViews:YES];` `AuthenticatorConfigurator.sharedConfig().enableHeaderViews(true)`
		-enableSecurityFactorImages:(BOOL)enable	Method to enable/disable Security Factor Images in the TableView of the Security view	`[[AuthenticatorConfigurator sharedConfig] enableSecurityFactorImages:YES];` `AuthenticatorConfigurator.sharedConfig().enableSecurityFactorImages(true)`
		-setControlsBackgroundColor:(UIColor*)color	Method to set the background color of controls UIView	`[[AuthenticatorConfigurator sharedConfig] setControlsBackgroundColor:[UIColor clearColor]];` `AuthenticatorConfigurator.sharedConfig().setControlsBackgroundColor(UIColor.clear)`
		-enableViewControllerTransitionAnimation:(BOOL)enable	Method to enable/disable view controller animation when transitioning (available in v3.0.5 and up)	`[[AuthenticatorConfigurator sharedConfig] enableViewControllerTransitionAnimation:NO];` `AuthenticatorConfigurator.sharedConfig().enableViewControllerTransitionAnimation(false)`
		-enableBackBarButtonItem:(BOOL)enable	Method to enable/disable back bar button item from being shown (available in v3.0.5 and up)	`[[AuthenticatorConfigurator sharedConfig] enableBackBarButtonItem:NO];` `AuthenticatorConfigurator.sharedConfig().enableBackBarButtonItem(false)`
		-setTableViewHeaderBackgroundColor:(UIColor*)color	UIColor set for the TableView Header background (available in v4.4.0 and up)	`[[AuthenticatorConfigurator sharedConfig] setTableViewHeaderBackgroundColor:[UIColor clearColor]];` `AuthenticatorConfigurator.sharedConfig().setTableViewHeaderBackgroundColor(UIColor.clear)`
		-setTableViewHeaderTextColor:(UIColor*)color	UIColor set for the TableView Header text (available in v4.4.0 and up)	`[AuthenticatorConfigurator sharedConfig] setTableViewHeaderTextColor:accentColor];` `AuthenticatorConfigurator.sharedConfig().setTableViewHeaderTextColor(accentColor)`
		-setSecurityViewsTextColor:(UIColor*)color	UIColor set for the text throughout the Security views (available in v4.4.0 and up)	`[AuthenticatorConfigurator sharedConfig] setSecurityViewsTextColor:[UIColor blackColor]];` `AuthenticatorConfigurator.sharedConfig().setSecurityViewsTextColor(UIColor.black)`
		-setGeofenceCircleColor:(UIColor*)color	UIColor set for the geofence circle (available in v4.4.0 and up)	`[[AuthenticatorConfigurator sharedConfig] setGeofenceCircleColor:accentColor];` `AuthenticatorConfigurator.sharedConfig().setGeofenceCircleColor(accentColor)`
		-setSecurityFactorImageTintColor:(UIColor*)color	UIColor set for the factor images in the TableView of the Security view (available in v4.4.0 and up)	`[[AuthenticatorConfigurator sharedConfig] setSecurityFactorImageTintColor:[UIColor blackColor]];` `AuthenticatorConfigurator.sharedConfig().setSecurityFactorImageTintColor(UIColor.black)`

Set Custom Font ¶

If you want to set custom fonts, determine whether the fonts are supported by Xcode, then:

If they are supported, pass the font names as NSString values to the customFont property of the AuthenticatorConfig builder.
If not, import the font files to your project, include them in the targets, and add them to the .plist under a new row called Fonts provided by application. In this row, include all of the font names in an array.

Adding Push Notifications to Your Integration ¶

Overview ¶

iovation recommends adding push notifications to your integrations in order to provide a better experience for end users. We also recommend providing a mechanism to manually review notifications, because push notifications depend on many interrelated systems to work, such as mobile carrier availability and Google performance.

At a high level, the setup steps include:

Register for an Apple Push Notification token.
Register the token with the SDK.
Obtain an Apple Push Notification Certificate.
Set up interception of push notifications.

Registering for an Apple Push Notification Token ¶

To identify a device and to receive push notifications from the LaunchKey platform, you must register for an Apple Push Notification token:

Objective-C:

[[UIApplication sharedApplication] registerUserNotificationSettings:[UIUserNotificationSettings settingsForTypes:(UIUserNotificationTypeSound | UIUserNotificationTypeAlert | UIUserNotificationTypeBadge) categories:nil]];
[[UIApplication sharedApplication] registerForRemoteNotifications];

Swift:

let userNotifications = UIUserNotificationSettings(types: [.alert, .badge, .sound], categories: nil)
UIApplication.shared.registerUserNotificationSettings(userNotifications)
UIApplication.shared.registerForRemoteNotifications()

Registering the Device Token ¶

You must register the device token with the Authenticator SDK using the didRegisterForRemoteNotificationsWithDeviceToken function in the AppDelegate callback.

Objective-C:

[[AuthenticatorManager sharedClient] setNotificationToken:deviceToken];

Swift:

AuthenticatorManager.sharedClient().setNotificationToken(deviceToken)

Obtaining an Apple Push Notification Certification ¶

You must obtain an Apple Push Notification Certification before the LaunchKey platform can send push notifications to your mobile app. These instructions assume that you have already set up push notifications for your app. To do this:

Log in to the Apple Developer Portal at: https://developer.apple.com
Click the Certifications, IDs & Profiles section.
Under Certificates, locate the Production Push Notification certificate that you create for your app (the same certificate that you use in production now for your app). Download the certificate.
Double-click the local certificate file to add it to your keychain’s Certificate section.
Open Keychain Access.
Select Certificates and click the arrow beside the certificate you just downloaded. This displays the associated key. Select both the certificate and key, right-click and choose Export 2 items.
Save the certificate with a .p12 file extension and leave the password field empty.
Log in to LaunchKey Admin Center at https://admin.launchkey.com/login.
Click Organizations and select your organization. Click the White Label tab. Select the White Label Directory for which you want to authorize push notifications.
Select the Push Notifications tab and upload your certificate under the iOS section.

Setting Up Interception of Push Notifications ¶

In order to intercept push notifications, use the didReceiveRemoteNotification callback in the AppDelegate. Pass the userInfo to the following call and add the requestReceived observer.

Objective-C:

[[AuthenticatorManager sharedClient] handleRemoteNotification:userInfo];

Swift:

AuthenticatorManager.sharedClient().handleRemoteNotification(userInfo)

Changes with 4.x ¶

What’s new with v4.2 ¶

Knowledge factors are not mutually exclusive anymore. The behavior changed to support more than one knowledge factor at a time if the End User decides to set more than one up.

Added support for Local Auth Requests where the app is allowed to generate a localized Auth Request limited to that authenticator without relying on the LaunchKey Service. Keep the following in mind when making use of the new LocalAuthManager class:

Supports offline authentication. For example, it can be used to authenticate an End User before displaying sensitive content.
Allows the End User to set up Security factors and authenticate through Local Auth Requests even when unlinked if the new config method -(void)enableSecurityChangesWhenUnlinked:(BOOL)enable is set to true in the AuthenticatorConfigurator object when initializing the SDK.
Titles of Local Auth Requests can be set to a custom title (NSString) through -(void)setTitle:(NSString*)title from the LocalAuthManager class.
Expiration of Local Auth Requests can be set to a custom value (int) but must be within two and five minutes, two minutes being the default value if not specified through -(void)setExpiration:(int)expiration from the LocalAuthManager class.
When generating a Local Auth Request, a LKPolicy object must be passed along to set the requirements for that request and implementors can build it matching what can be possible with the LaunchKey Service through the Service SDKs.
Can only be used when there’s at least one factor set up, otherwise an error will be returned.

For example:

Objective-C:

#import <Authenticator/LocalAuthManager.h>

LKPolicy *policy = [LKPolicy new];

// To build LKPolicy by count
policy = [LKPolicy makeWithCountBuilder:^(LKPolicyByCount *builder){
    builder.countTotal = 2;
}];

// To build LKPolicy by type
policy = [LKPolicy makeWithTypeBuilder:^(LKPolicyByType *builder){
    builder.knowledge = YES;
    builder.inherence = NO;
    builder.possession = YES;
}];

// Set local auth request title
[[LocalAuthManager sharedManager] setTitle:@"Local Auth Request Title"];

// Set local auth request expiration duration
[[LocalAuthManager sharedManager] setExpiration:150];

// Generate and present local auth request
[[LocalAuthManager sharedManager] presentLocalAuth:self.navigationController withPolicy:policy withCompletion:^(BOOL response, NSError *error)
 {
    if(response)
        NSLog(@"Local auth approved.")
    else
        NSLog(@"Local auth denied. Local auth error: %@", error);
}];

Swift:

#import <Authenticator/LocalAuthManager.h>

var policy: LKPolicy!

// To build LKPolicy by count
policy = LKPolicy.make(countBuilder: { (builder) in
    builder?.countTotal = 2
})

// To build LKPolicy by type
policy = LKPolicy.make(typeBuilder: { (builder) in
    builder?.knowledge = true
    builder?.inherence = false
    builder?.possession = true
})

// Set local auth request title
LocalAuthManager.shared().setTitle("Local Auth Request Title")

// Set local auth request expiration duration
LocalAuthManager.shared().setExpiration(150)

// Generate and present local auth request
LocalAuthManager.shared().presentLocalAuth(self.navigationController, with: policy, withCompletion: { (localAuthResponse, error) in
    if(localAuthResponse)
    {
        print("Local auth approved.")
    }
    else
    {
        print("Local auth denied. Local auth error: \(error)")
    }
})

What’s new with v4.3 ¶

Collection of anonymous metrics to better support the service and understand the behavior of the Authenticator SDK in order to make improvements in newer versions.
Added a public -(void)sendMetricsWithCompletion:(completion)completion method in the AuthenticatorManager to help implementers provide collected metrics to our service whenever necessary.

What’s new with v4.5 ¶

Added support for third-party push notification services by providing a new method in the AuthenticatorManager class, -(void)handlePushPackage:(NSString*)pushPackage, that takes the push package string provided by our LaunchKey API and parses the string to generate the appropriate push notification NSNotification (either requestReceived or deviceUnlinked).

For example:

Objective-C:

[[AuthenticatorManager sharedClient] handlePushPackage:@"push_package_string"];

Swift:

AuthenticatorManager.sharedClient().handlePushPackage("push_package_string")

What’s new with v4.6 ¶

All new Auth Request Flow

The Auth request flow now has tap and holdable Authorize and Deny buttons, a visible expiration timer and request details. These new features allow users to get all the info they need to make the right decision the first time.

Added support for Auth Denial Context

This feature provides Subscribers with context as to why an end user denied a request, thereby enabling the Subscriber to take more appropriate action.

Added the ability for Subscribers to receive a response when a request fails due to an end user unable to verify an auth method.

Ensuring that Subscribers know whenever user authentication fails during a request is important for identifying fraud, assessing future risk, troubleshooting with end users, and distinguishing between the many different response scenarios that LaunchKey supports.
We’ve updated the verification and priority order of the Auth Methods

When an auth request gets sent, we’ve made sure the order in which the methods are verified is the same for both Android and iOS.

The order displayed to the End User for verification is as follows:

Wearable

Geofencing

PIN Code

Circle Code

Face Scan

Fingerprint Scan

The priority of the Auth Methods when the policy is requesting by AMOUNT is as follows:

Fingerprint Scan

Face Scan

PIN Code

Circle Code

Wearable

Geofencing

The priority of the Auth Methods when the policy is requesting them by TYPE is as follows:

KNOWLEDGE

PIN Code

Circle Code

INHERENCE

Fingerprint Scan

Face Scan

Geofencing

POSSESSION

Wearable

Best Practices ¶

Display an active Session after authorizing an Auth Request

There’s no direct correlation between an Auth Request and an active Session. It is up to the Subscriber’s service to handle the response of Auth Requests and then request the LaunchKey API to start a Session if desired. There is a bit of a delay between the End User responding to an Auth Request and your service as an implementer handling the response, so it is recommended to add a short delay of a few seconds to retrieve the list of active Sessions after responding to an Auth Request.
Update device token for Push Notifications

Always make sure to update a new/changed device token meant for Push Notifications in order for the LaunchKey service to keep an updated record and notify the End Users of pending Auth Requests. We recommend always registering the device token with the Authenticator SDK with -(void)setNotificationToken:(NSData *)deviceToken.
Keep the Authenticator SDK up to date

Updates will include improvements, security patches, and/or new features that will enhance the user experience of End Users if the release increases its minor version. Should a major version be released, keep an eye on the docs on how to migrate over to utilize the latest Authenticator SDK.
Keep SSL Pinning enabled

SSL Pinning could prove troublesome if proxies are inherent to an application or service but can enhance the security of a product by preventing Man-in-the-Middle attacks.
Do NOT allow restore from backups

In order to prevent any potential issues that can arise from using a backup of your mobile application, we recommend not allowing your mobile application to be restored from a backup.
Configure Portrait mode only for device orientation

The Authenticator SDK is currently optimized for Portrait mode only. We recommend configuring your mobile application to be in Portrait mode only in order for the UI to stay consistent when interacting with security factors during setup or in the middle of an Auth Request. Support for Landscape device orientation may come in the future but is NOT part of the product roadmap at this point.
Listen for important events

In the main view/home view of your mobile application, ensure that you are listening to important events like receiving an Auth Request or the unlinking of a device, etc. in order to keep the UI, and the End Users, updated.
Always provide ability to manually refresh data

While we rely heavily on Push Notifications to notify the End User of pending Auth Requests in a timely manner, it is important to remember that is still an external service outside the scope of the LaunchKey service, and delays or drops of Push Notifications can happen at times. Allowing the End User to check pending Auth Requests and refresh the list of active Sessions or linked authenticators will come a long way during these few instances.
Issues with an authenticator communicating with your service

Always check the LaunchKey Admin Center and ensure all keys are matching the ones on your end–including the Authenticator SDK key used to initialize the AuthenticatorManager shared client.
Protect sensitive data on-screen

We recommend protecting any sensitive data that is on-screen when a device goes into “App Switcher” mode. Include [[UIApplication sharedApplication] ignoreSnapshotOnNextApplicationLaunch] in the - (void)applicationWillResignActive:(UIApplication *)application method of the App Delegate and add an image view as a subview on top of the current view. You can remove tihs subview in the - (void)applicationDidBecomeActive:(UIApplication *)application method of the App Delegate.
Require security factors at all times

If you’re certain your Service will always require at least one security factor, then it is possible for the implementing app to be aware of how many factors have been set and have its own UI update and guide the user towards the Security view to set one up.

Use getSecurityInfo, available in the AuthenticatorManager, and based on the array returned, update the UI accordingly.

User Contributed