View on GitHub
IDPClient Protocol Reference
IDPClient
public protocol IDPClientIdentity Provider protocol that should be implemented according to ‘gemSpec_IDP_Dienst’.
-
Load the DiscoveryDocument for the IDPClient
Declaration
Swift
func loadDiscoveryDocument() -> AnyPublisher<DiscoveryDocument, IDPError>Return Value
a stream that emits once either a DiscoveryDocument or IDPError.
-
Request a challenge from the IDP for a specific scope
Note
for more info check out ‘gemSpec_IDP_Dienst#3.7’
Declaration
Swift
func requestChallenge( // swiftlint:disable:this function_parameter_count codeChallenge: String, method: IDPCodeChallengeMode, state: String, nonce: String, using document: DiscoveryDocument, redirect: String? ) -> AnyPublisher<IDPChallenge, IDPError>Parameters
codeChallengeSHA256 hashed verifier code, see
exchange(token:).methodcodeChallenge hashing method. Must be S256 to indicate SHA256 hashed value.
stateOAuth parameter state of high entropy.
nonceOpenID parameter nonce of high entropy.
documentuse this DiscoveryDocument to resolve the actual endpoint and verify the response(s) [when applicable]
redirectOverwrite the common redirect. Used for ExtAuth where the redirect differs from normal IDP usage.
Return Value
response with user content statement and signing challenge
-
Verify a given challenge with the IDP
Declaration
Swift
func verify( _ signedChallenge: JWE, using document: DiscoveryDocument ) -> AnyPublisher<IDPExchangeToken, IDPError>Parameters
signedChallengeEncrypted challenge that has been signed with the egk
documentUse this DiscoveryDocument to resolve the actual endpoints
Return Value
exchange token upon success
-
Refreshes the authentication with a given SSO token. The SSO token must be retrieved by a prior
verifyandexchange.Declaration
Swift
func refresh(with unsignedChallenge: IDPChallenge, ssoToken: String, using document: DiscoveryDocument, for redirect: String) -> AnyPublisher<IDPExchangeToken, IDPError>Parameters
unsignedThe unsigned IDP-Challenge. Generate a new challenge for each sso refresh by using
requestChallenge.ssoThe SSO token from a prior successful login via
verifyandexchange.documentThe discovery document to use.
redirectThe redirect that the refresh is requested for. Must match the initial SSO token redirect.
-
Exchange a token for an actual token
Declaration
Swift
func exchange(token: IDPExchangeToken, verifier: String, redirectURI: String?, encryptedKeyVerifier: JWE, using document: DiscoveryDocument) -> AnyPublisher<TokenPayload, IDPError>Parameters
tokenexchange token
verifierinitial verifier generated upon requesting the challenge. Must be at least 43 * 128-bit unreserved characters long. See https://tools.ietf.org/html/rfc7636#section-4.2
redirectURIredirect_uri to use for the backend call.
encryptedKeyVerifierencrypted symmetric key together with the
verifierdocumentuse this DiscoveryDocument to resolve the actual endpoint
Return Value
the authenticated token
-
Register a new biometric key for alternative authentication.
Declaration
Swift
func registerDevice(_ jwe: JWE, token: IDPToken, using document: DiscoveryDocument) -> AnyPublisher<PairingEntry, IDPError>Parameters
jweJWE encrypting the
PairingRegistrationof the key to register.tokenAccess token for authentication and authorization for the new key.
documentuse this DiscoveryDocument to resolve the actual endpoint
Return Value
AnyPublisher with a
PairingEntrycontaining registration information upon success. -
Unregisters a key of the device with the given identifier.
Declaration
Swift
func unregisterDevice(_ keyIdentifier: String, token: IDPToken, using document: DiscoveryDocument) -> AnyPublisher<Bool, IDPError>Parameters
keyIdentifierIdentifier of the key to remove.
tokenAuthentication token to authenticate the removal.
documentuse this DiscoveryDocument to resolve the actual endpoint
Return Value
AnyPublisher with a
Boolcontainingtrueupon success,falseotherwise. -
List all registered devices.
Declaration
Swift
func listDevices(token: IDPToken, using document: DiscoveryDocument) -> AnyPublisher<PairingEntries, IDPError>Parameters
tokenAuthentication token to authenticate the removal.
documentuse this DiscoveryDocument to resolve the actual endpoint
Return Value
AnyPublisher with a
PairingEntriescontaining all registered devices. -
Verify a given challenge with the IDP using alternative authentication, a.k.a. biometric secured key.
Declaration
Swift
func altVerify(_ encryptedSignedChallenge: JWE, using document: DiscoveryDocument) -> AnyPublisher<IDPExchangeToken, IDPError>Parameters
encryptedSignedChallengeJWE encrypting a
SignedAuthenticationChallenge.documentUse this DiscoveryDocument to resolve the actual endpoints and
Return Value
exchange token upon success
-
Load available Insurance companies that are capable of External Authentication (gID).
Declaration
Swift
func loadDirectoryKKApps(using document: DiscoveryDocument) -> AnyPublisher<IDPDirectoryKKApps, IDPError>Parameters
documentThe DiscoveryDocument to resolve the actual endpoint.
-
Initial step for external authentication with insurance company app.
Declaration
Swift
func startExtAuth(_ app: IDPExtAuth, using document: DiscoveryDocument) -> AnyPublisher<URL, IDPError>Parameters
appThe reference to an insurance company app to user for the authentication.
documentThe DiscoveryDocument to resolve the actual endpoint.
-
Follow up step whenever an insurance company app authorizes a user login.
Declaration
Swift
func extAuthVerify(_ verify: IDPExtAuthVerify, using document: DiscoveryDocument) -> AnyPublisher<IDPExchangeToken, IDPError>Parameters
verifyData used to authenticate and authorize the user.
documentThe DiscoveryDocument to resolve the actual endpoint.