Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Identity providers

Registration with 3rd party mobile app

search

Registration with 3rd party mobile app

Introduction

Registration with third-party mobile application (also known as App2App) is possible using Two step registration.

Prerequisites

Number of properties needs to be setup on the backend side, to be sure that it is properly configured. A two-step custom registration IDP with scripts for both init and complete steps needs to be set up. Third-party app needs to be installed on the device and be ready to receive and emit iOS Universal Links

Flow overview

Flow overview of registration with a third-party mobile app

  1. App initiates custom registration with init request (with empty data)
  2. Init responses with JSON: sessionId and app link (the example of the response is shown in step 2 below)
  3. App opens the third party app using app link.
  4. Third party app authenticates user and navigates back to the app using app link .
  5. App extracts artefactId from the app link and sends it to the backend along with sessionId.
  6. Registration finishes and app receives access/refresh token.
  7. Proceed with PIN creation flow.

Example of the flow

Your app needs to be able to receive Universal Links from third party app. Be sure to register correct URL scheme

Step 1

__ identity provider is two-step IDP configured on the backend
userClient.registerUserWith(identityProvider: identityProvider, scopes: ["read"], delegate: self)

func userClient(_ userClient: UserClient, didReceiveCustomRegistrationInitChallenge challenge: 
                CustomRegistrationChallenge) {
    __ custom registration with init request (with empty data)
    challenge.sender.respond(with: nil, to: challenge)
}

Step 2

func userClient(_ userClient: UserClient, didReceiveCustomRegistrationFinishChallenge challenge:    
                CustomRegistrationChallenge) {
     __ parse challenge of Init response JSON (example of Init response is shown below)
  ...
     __ do not respond for the challenge yet
     __ open third party app using app link taken from the response
  ...
}

Example of Init response:

{
            "sessionID": "Njg3NTM0NTYzQzk4M0FGOTRGMDQyRjhGRjlDMDgxN0F8OGVhOTgzYWYtNzEzNC00ZTQwLT
            "digidRequest": "https://app-preprod1.digid.nl/digid-app?app-app=eyAiSWNvbiI6Imh0dHB
}

Step 3

App Opens the third party app using app link

Step 4

Third party app authenticates user and navigates back to the app using app link .

Step 5

App extracts data: artefactId from the app link and sends it to the backend along with sessionId.

__ data with with artefactId and sessionId
customRegistrationFinishChallenge.sender.respond(with: data, to: customRegistrationFinishChallenge)

Step 6

Registration finishes and app receives access/refresh token.

On this page