Skip to main content

iOS

Initial Setup

The LoginID iOS SDK enables you to add passkey authentication in your native iOS application without having to redirect the user to any pages outside your application.

The SDK leverages the Authentication Services framework for creating and syncing passkeys with iCloud Keychain.

Required settings:

  • Configure apple-app-site-association file
  • Base URL
info

The LoginID iOS Mobile SDK requires iOS 15+ for compatibility.

Configure apple-app-site-association File

In order for passkeys to work with your iOS application, you need to link your application with a website. You do this by creating an apple-app-site-association and hosting it on your domain website. More info here.

You Need an Apple Developer Account

An Apple Developer Account is a requirement as the Associated Domains capability is not available for free. Currently, an Apple Developer Account can be obtained from https://developer.apple.com/support/enrollment.

Obtain Team ID and Bundler ID

  • The team ID can be obtained on your developer account console at https://developer.apple.com/account.
  • The bundler ID can be obtained on your Signing & Capabilities section of your application.

Host apple-app-site-association JSON File on Your Website Directory

To host an apple-app-site-association file, you need to serve it as a static JSON file on your website. Note that the file must be named exactly apple-app-site-association without the .json extension and your server must be configured to serve it as JSON. The file should be located at <WEBSITE_DOMAIN>/.well-known/apple-app-site-association in the root directory of your website.

Here is an example of the minimum required fields in the file:

{
"webcredentials": {
"apps": ["<TEAM_ID>.<BUNDLER_ID>"]
}
}

Use the following example as a template and replace TEAM_ID and BUNDLER_ID with your values.

More information here.

Create an Associated Domains Capability on Your iOS App

To enable this capability

  1. You must have an Apple Developer Account
  2. Go to the Signing & Capabilities section of your application
  3. Add a capability by clicking the + Capability button
  4. Choose Associated Domains
  5. Enter the domain of your hosted website. Make sure to prefix it with webcredentials. Here's an example of what it should look like:
webcredentials:example.com
Customer Dashboard

Create Application

Create a new application to obtain your base URL.

Add SDK to Existing Application

Adding the SDK to your application currently requires a download and manual import via an .xcframework.

Download the SDK

After creating an application, visit the iOS section in the Get Started guide to download the latest SDK. The SDK is provided as an .xcframework file, which will be imported into your application.

Import the Framework

Open your project in Xcode, then drag and drop the .xcframework file into the Xcode Navigator area. Alternatively, go to General -> Frameworks, Libraries, and Embedded Content to manually add it. Ensure it's set to Embed & Sign. The SDK doesn't require any other external dependencies, making it simple to integrate.

Create an SDK Instance

The LoginID API must be called before any other APIs. You should call this API within your AppDelegate's didFinishLaunchingWithOptions method.

import UIKit
import LoginIDSDK

...

@main
class AppDelegate: UIResponder, UIApplicationDelegate {
func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
let baseURL = "<BASE_URL>"

LIDClient.shared.configure(baseURL: baseURL)
// Other setup code...

return true
}
...
...

API Reference

registerWithPasskey

Allows a user to sign up or add a new passkey using their username.

If options.usernameType is set to email (the default setting), the user will have a verified email profile.

Requires one of the following to add a new passkey to an existing user:

public func registerWithPasskey(
activity: ASPresentationAnchor,
username: String,
options: LIDOptions?,
onComplete: @escaping (LIDAuthResponse?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
anchorASPresentationAnchorYesA presentation anchor, typically a window or a view controller, that the registration UI should be presented from.
usernameStringYesThe username for the account being registered.
optionsLIDOptionsNoAdditional options for the sign-up process.
options.displayNameStringNoA human-palatable name for the user account, intended only for display on your passkeys and modals.
options.usernameTypeStringNoSpecify username type validation. Types include email or phone.
options.tokenStringNoThe user's authentication token, which may also be a management token with the scope passkey:write.
onCompleteClosureYesA completion handler that is called when the registration process completes, returning either an LIDAuthResponse or an LIDApiError.

authenticateWithPasskey

Sign in a previously registered user with a passkey.

public func authenticateWithPasskey(
activity: ASPresentationAnchor,
username: String,
options: LIDOptions?,
onComplete: @escaping (LIDAuthResponse?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
anchorASPresentationAnchorYesA presentation anchor, typically a window or a view controller, that the authentication UI should be presented from.
usernameStringYesThe username for the account attempting to authenticate. Passing an empty string will trigger usernameless authentication, where the user can select their passkey profile to sign-in with.
optionsLIDOptions?NoAdditional options for the sign-in process.
options.usernameTypeStringNoSpecify username type validation. Types include email or phone.
onCompleteClosure: (LIDAuthResponse?, LIDApiError?) -> VoidYesA completion handler that is called when the authentication process completes, returning either an LIDAuthResponse or an LIDApiError.

generateCodeWithPasskey

Generates a code by authenticating with a passkey for the specified username and purpose. The response will include an OTP that can be used for other forms of authentication and recovery flows.

Have a look at the recovery flow guide on how to implement this feature.

public func generateCodeWithPasskey(
anchor: ASPresentationAnchor,
username: String,
options: LIDOptions?,
onComplete: @escaping(LIDCodeResponse?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
anchorASPresentationAnchorYesA presentation anchor, typically a window or a view controller, that the authentication UI should be presented from.
usernameStringYesThe username for the account attempting to authenticate. Passing an empty string will trigger usernameless authentication, where the user can select their passkey profile to sign-in with.
optionsLIDOptions?NoAdditional options for the sign-in process.
options.usernameTypeStringNoSpecify username type validation. Types include email or phone.
onCompleteClosure: (LIDCodeResponse?, LIDApiError?) -> VoidYesA completion handler that is called when the authentication process completes, returning either an LIDCodeResponse or an LIDApiError.

sendCode

Sends an authentication code to the specified user via the chosen method. The username must have either an email or phone profile for the method to work.

Use the authenticateWithCode method to verify the code sent to the user.

For further implementation details have a look at the cross device authentication guide.

@objc public func sendCode(
username: String,
method: String = "email",
options: LIDOptions?,
onComplete: @escaping(LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
usernameStringYesThe username for the account to which the code will be sent.
methodStringNoThe method to use for sending the code. Valid values are email (default) and sms.
optionsLIDOptions?NoAdditional options for the request.
options.usernameTypeStringNoSpecify username type validation. Types include email or phone.
onCompleteClosureYesA completion handler that is called when the confirmation authentication process completes, returning an LIDApiError or nil.

authenticateWithCode

Authenticate with one-time authentication for the given username.

Have a look at the recovery flow guide on how to implement this feature.

public func authenticateWithCode(
username: String,
code: String,
options: LIDOptions?,
onComplete: @escaping(LIDAuthResponse?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
usernameStringYesThe username for the account attempting to authenticate.
codeStringYesThe OTP code to authenticate.
optionsLIDOptions?NoAdditional options for the sign-in process.
options.usernameTypeStringNoSpecify username type validation. Types include email or phone.
onCompleteClosure: (LIDAuthResponse?, LIDApiError?) -> VoidYesA completion handler that is called when the authentication process completes, returning either an LIDAuthResponse or an LIDApiError.

confirmTransaction

Enables secure transaction confirmation using a passkey, incorporating transaction validation for actions such as payments or modifications to sensitive account information. This method ensures that the transaction is authorized by the rightful passkey owner. In all, it is similar to authenticateWithPasskey with extra data related to the transaction.

Have a look at the transaction confirmation guide on how to use this.

public func confirmTransaction(
anchor: ASPresentationAnchor,
username: String,
txPayload: String,
options: LIDOptions?,
onComplete: @escaping (LIDAuthResponse?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
anchorASPresentationAnchorYesA presentation anchor, typically a window or a view controller, that the transaction confirmation UI should be presented from.
usernameStringYesThe username for the account attempting to perform transaction confirmation.
txPayloadStringYesThe transaction-specific payload, containing details like transaction amount, recipient, and other necessary metadata.
optionsLIDOptions?NoAdditional options for transaction confirmation, including transaction type and other relevant information.
options.nonceStringNoA unique nonce to ensure the transaction's integrity and prevent replay attacks
options.txTypeStringNoSpecify the type of transaction being confirmed for additional validation.
onCompleteClosure: (LIDAuthResponse?, LIDApiError?) -> VoidYesA completion handler that is called when the confirmation authentication process completes, returning either an LIDAuthResponse or an LIDApiError.

listPasskeys

Retrieve a list of the users' passkeys from the server.

Requires one of the following:

public func listPasskeys(
options: LIDOptions?,
onComplete: @escaping ([LIDPasskeyInfo]?, LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
optionsLIDOptions?NoAdditional options for the list passkeys process.
options.tokenStringNoThe user's authentication token, which may also be a management token with the scope passkey:read.
onCompleteClosure: ([LIDPasskeyInfo]?, LIDApiError?) -> VoidYesA completion handler that is called when the confirmation authentication process completes, returning either an [LIDPasskeyInfo] or an LIDApiError.

renamePasskey

Renames a passkey user credential.

Requires one of the following:

public func renamePasskey(
passkeyId: String,
name: String,
options: LIDOptions?,
onComplete: @escaping (LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
passkeyIdStringYesThe UUID of the passkey attempting to rename.
nameStringYesThe new name for the passkey.
optionsLIDOptions?NoAdditional options for the renaming passkey process.
options.tokenstringNoThe user's authentication token, which may also be a management token with the scope passkey:write.
onCompleteClosure: (LIDApiError?) -> VoidYesA completion handler that is called when the confirmation authentication process completes, returning an LIDApiError or nil.

deletePasskey

Deletes a passkey user credential.

Requires one of the following:

public func deletePasskey(
passkeyId: String,
options: LIDOptions?,
onComplete: @escaping (LIDApiError?) -> Void
)
ParameterTypeRequiredDetails
passkeyIdStringYesThe UUID of the passkey attempting to delete.
optionsLIDOptions?NoAdditional options for the delete passkey process.
options.tokenstringNoThe user's authentication token, which may also be a management token with the scope passkey:write.
onCompleteClosure: (LIDApiError?) -> VoidYesA completion handler that is called when the confirmation authentication process completes, returning an LIDApiError or nil.

isLoggedIn

Check if a given user is currently logged in.

None.

public func isLoggedIn() -> Bool

getUser

Retrieves the authenticated user data.

public func getUser() -> LIDUser

signout

Signs out the authenticated user, if the user is set.

None.

public func signout() -> Void

info

The iOS SDK does not automatically remember if a user is logged in once the app is closed. Functions like isLoggedIn, getUser, and signout work only while the app remains open. Developers, for now, will need to manually manage user sessions to maintain login status across app restarts.

Errors

LIDApiError

Can occur during the authentication process. It is designed to encapsulate detailed information about login-related errors, making it easier to handle and debug issues related to user authentication.

FieldTypeDetails
errorCodestringThe error code associated with the login error.
errorMessagestringThe detailed message or description of the error.