Integration of the FIDO UAF Client SDK
- 19 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Integration of the FIDO UAF Client SDK
- Updated on 19 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The integration of the OneSpan FIDO Authentication Solution involves the configuration of the FIDO Server and the integration of the FIDO authenticators on Android and iOS.
Before you start the integration of the FIDO UAF Client SDK in your solution, note the following:
By using the http GET method, the SDK’s FIDO Client attempts to directly access the AppID URI which the FIDO Server includes in the FIDO request message. It does not access the URI via a Relying Party application!
If you integrate the FIDO UAF Client SDK with OneSpan Cloud Authentication and its FIDO Server, you must define the AppID of the FIDO Server and take into account any access restrictions via allowlist.
For more information about integrating the FIDO UAF Client SDK with OneSpan Cloud Authentication, see FIDO UAF Onboarding in the Sandbox and Production Environments.The Facet ID verification of FacetList defined in the SDK complies with the FIDO Alliance UAF specifications. For further information, consult the following FIDO Alliance documents:
Configuration of the FIDO Server
To enable the integration of the FIDO UAF Client, the following tasks must be completed to properly configure the FIDO Server:
Upload the Facet ID.
iOS: ios:bundle-id:<app_bundle_id_lowercased>
Android: android:apk-key-hash:<base64_encoded_sha1_hash-of-apk-signing-cert>Upload the Metadata provided in the product package. For more information on the included metadata, see Metadata for the Biometric Authenticators and Metadata for the Application PIN Authenticator.
Integration on Android
To integrate the FIDO Client SDK in an Android application
We strongly recommend using the dependencies from the same Mobile Security Suite package because they were tested together for compatibility.
Add the following dependencies from the Mobile Security Suite package to your application project:
FidoUafClient.aar
Implement the communication module between the application and the FIDO Server utilizing your preferred processes for communication, such as Kotlin Coroutines, Retrofit, etc. The FIDO Client SDK does not include the layer to communicate with the FIDO Server.
You are now ready to use the FIDO Client to process UAF messages and generate the appropriate UAF responses to be sent to your FIDO Server.
For more information about how to integrate the SDK, refer to the technical documentation included in the product package.
Integration on iOS
To integrate the FIDO Client SDK in an iOS application
Link the following dependencies from the Mobile Security Suite package to your Xcode project and set to Embed & Sign:
MSSFidoUafClient.xcframework
MSSFidoUafClient.xcframework must be set to Embed & Sign in your Xcode project or there is a risk of your application terminating unexpectedly.
Implement the communication module between the application and the FIDO Server utilizing your preferred processes for communication. The FIDO Client SDK does not include the layer to communicate with the FIDO Server.
If you do not intend to share the registrations between different applications, we recommend using the application's private AccessGroup for the initialization of the authenticator.
Instantiate the authenticators you want to use and initialize the FIDO Client with those authenticators.
You are now ready to use the FIDO Client to process UAF messages and generate the appropriate UAF responses to be sent to your FIDO Server.
For more information about how to integrate the SDK, refer to the technical documentation included in the product package.
Was this article helpful?