- 06 Nov 2024
- 3 Minutes to read
- DarkLight
Version 5.0.0
- Updated on 06 Nov 2024
- 3 Minutes to read
- DarkLight
The OneSpan Mobile FIDO UAF Client SDK version 5.0.0 is a new product generation with a major update of its features and has been certified by the FIDO Alliance. The aim with this update is to provide customers and users an improved user experience and greater stability.
Essential features
The essential features of the Mobile FIDO UAF Client SDK are:
Support for multiple authenticators
Determining available authenticators on a device
Removal of local registrations for supported authenticators
Standard FIDO UAF operations
Process FIDO UAF requests received from the server and generate FIDO UAF responses
Communicate standard FIDO errors to the integrators of the SDK
The SDK has been developed in Kotlin with support for Java for Android integrations, and in Swift with support for Objective-C for iOS integrations. The product package includes the following:
Metadata for different authenticators
Android:
API documentation in Kotlin
Sample app in Kotlin and Java, with sudoCODE for those parts that require communication with a server
Binary delivered in aar format
iOS:
API documentation and tutorials in Swift
Sample app in Swift and Objective-C, with sudoCODE for those parts that require communication with a server
Binary delivered in XCFramework format
Supported authenticators
The SDK supports the biometric and PIN authenticators.
Limitations
The Mobile FIDO UAF Client SDKdoes not include the following:
Communication layer to make API calls to a FIDOserver
Any type of user interface or graphical user interface
Any human readable/customer facing messages such as error messages
Customization of system dialogs or menus
Triggering a request to FIDO servers. This is the responsibility of the user agent, i.e., the app
The SDK will not expose any FIDO keys and secrets. All FIDO keys will remain on the device and cannot be shared or transferred to another device. The SDK will also not expose any ID that binds the device to a FIDO user.
Differences between versions 4.x and 5.0.0
There are a number of differences between the FIDO UAF SDK 4.x and the Mobile FIDO UAF Client SDK 5.0.0. The following elements have been removed and are no longer available in the Mobile FIDO UAF Client SDK 5.0.0:
APIs:
API to remove authenticators.
The SDK will not trigger any FIDO operation, this is the responsibility of the user agen (the app).
API to get a device ID.
The SDK will not expose any ID that can bind a device to a user.
User interface/graphical user interface
Instead of providing any type of user interface, the SDK asks for information via API callbacks and listeners.
Message customizations and languages
As the SDK does not provide any type of user interface, there is no possibility to display these elements. The customers are free to create their own interface and map the error cases or error codes to a suitable human-readable text in the languages they support. This can then be displayed to the end users.
Error codes
The SDK does not provide error codes regarding communications with a server because the SDK does not provide the communication layer. It is the integrator's responsibility to make requests to the FIDO server of their choice and send the responses back to the server.
Migration from other solutions to the OneSpan Mobile FIDO UAF Client SDK
There will be no migration in place between our solution and solutions from other companies because the OneSpan Mobile FIDO UAF Client SDK has no visibility on other SDKs and products used in the customer's app. Also, the transfer of keys from other products to the SDK is not possible.
To use the OneSpan Mobile FIDO UAF Client SDK, end users must de-register their old authenticators and register new authenticators with the OneSpan solution once. After completing this step, all other uses are seamless.
Supported platforms
For information on the supported operating systems and platforms supported by Mobile Security Suite and the affiliated SDKs, see Supported platforms.
Known issues
For information on issues that have not yet been resolved in this release of Mobile Security Suite, see Known issues.
Third party licenses
For information on third party dependencies associated with Mobile Security Suite and the affiliated SDKs in this release, see Third party licenses.