TGFFido2Config
Objective-C
@interface TGFFido2Config : NSObject
Swift
class TGFFido2Config : NSObject
Provides a global configuration point for the FIDO2 SDK.
This class allows applications to customize security features and other behaviors of the SDK. By default, the SDK is configured for maximum security. Use the methods in this class to adjust settings like user verification policies, secure logging, and TLS Certificates.
@since 1.0.0
-
Configures the maximum number of user verification retries before a lockout is triggered.
@discussion This setting helps prevent brute-force attacks on user verification. If the number of failed attempts exceeds this value, the user will be temporarily locked out.
- Default value: 5
- Minimum value: 1
- Maximum value: 5
Values outside the valid range [1, 5] will be ignored, and the default value will be used. This method should only be called once during the application’s lifecycle, ideally at startup.
Declaration
Objective-C
+ (void)setMaximumRetryCount:(NSUInteger)maximumRetryCount;Swift
class func setMaximumRetryCount(_ maximumRetryCount: UInt)Parameters
maximumRetryCountThe maximum number of allowed retries.
-
Configures the base duration for the lockout penalty.
@discussion When a user exceeds the maximum retry count, they are locked out for this initial duration. The lockout duration increases exponentially with each subsequent series of failed attempts.
- Default value: 30 seconds
- Minimum value: 30 seconds
- Maximum value: 1800 seconds (30 minutes)
Values outside the valid range [30, 1800] will be ignored, and the default value will be used. This method should only be called once during the application’s lifecycle, ideally at startup.
Declaration
Objective-C
+ (void)setBaseLockoutDuration:(NSTimeInterval)durationInSeconds;Swift
class func setBaseLockoutDuration(_ durationInSeconds: TimeInterval)Parameters
durationInSecondsThe base lockout duration in seconds.
-
Initializes and enables the secure logging feature.
@discussion Secure logging provides an encrypted and tamper-evident way to record SDK events for diagnostics and auditing. This is an optional feature. If not configured, no secure logs will be generated.
Declaration
Objective-C
+ (id<SecureLog> _Nullable)setupSecureLog:(SecureLogConfig *_Nullable)config;Swift
class func setupSecureLog(_ config: SecureLogConfig?) -> (any SecureLog)?Parameters
configA
SecureLogConfigobject containing the configuration parameters for the logger, such as encryption keys and log rotation policies. Passnilto disable logging.Return Value
An object conforming to the
SecureLogprotocol, which can be used to manage log levels and retrieve log files. Returnsnilif the provided configuration isnilor invalid. -
Sets the public key certificates for TLS pinning.
@discussion This enhances security by ensuring the SDK communicates only with servers that present a valid, known certificate. Provide an array of
NSDataobjects, where each object represents a DER-encoded X.509 certificate. The SDK will then only trust servers whose certificate chain is validated against these provided certificates.@since 3.0.0
Declaration
Objective-C
+ (void)setTlsCertificates:(NSArray<NSData *> *_Nullable)certificates;Swift
class func setTlsCertificates(_ certificates: [Data]?)Parameters
certificatesAn array of
NSDataobjects representing the server’s public key certificates (Root, Intermediate, and Leaf). Passnilor an empty array to disable TLS pinning. -
Configures an App Group for shared data storage.
@discussion Use this method to enable sharing of FIDO2 credentials and other SDK data between a main application and its extensions. This method must be called before initializing
TGFFido2Client.Note
Calling this method only designates the App Group for new data; it does not automatically move existing data. To move existing data to the App Group container, you must call
performDataMigration:. Ensure the App Group identifier is correctly configured in your project’s entitlements.Warning
This configuration should be set only once per application launch. Subsequent calls will be ignored.
@since 4.0.0
Declaration
Objective-C
+ (void)setAppGroup:(nonnull NSString *)appGroup;Swift
class func setAppGroup(_ appGroup: String)Parameters
appGroupThe App Group identifier string (e.g., “group.com.example.myapp”).
-
Checks if a data migration to a shared App Group container is necessary.
@discussion A migration is required if
setAppGroup:has been called and there is existing SDK data in the application’s private container. Call this method to determine if you need to invokeperformDataMigration:.@since 4.0.0
Declaration
Objective-C
+ (BOOL)shouldPerformDataMigration;Swift
class func shouldPerformDataMigration() -> BoolReturn Value
YESif a data migration is required,NOotherwise. -
Migrates existing SDK data from the application’s private container to the configured App Group container.
@discussion Call this method after calling
setAppGroup:ifshouldPerformDataMigrationreturnsYES. This is necessary to make existing credentials available to app extensions or other apps within the same App Group.Warning
This is a critical and potentially destructive operation. Once migration is complete, the original data is deleted. If an error occurs during migration, data may be lost and unrecoverable. It is highly recommended to back up user data where possible before performing this operation. After a successful migration, the app must continue to call
setAppGroup:on all subsequent launches.Note
No action is taken if a migration is not required (e.g., if there is no existing data or if data is already in the App Group).
@since 4.0.0
Declaration
Objective-C
+ (BOOL)performDataMigration:(NSError *_Nullable *_Nullable)error;Swift
class func performDataMigration() throwsParameters
errorOn input, a pointer to an error object. If an error occurs, this pointer is set to an
NSErrorobject containing information about the issue.Return Value
YESif the migration was successful or not needed.NOif an error occurred during the migration process.