TGFFido2Config

Objective-C


@interface TGFFido2Config : NSObject

Swift

class TGFFido2Config : NSObject

Provides a global configuration point for the FIDO2 SDK.

This class allows applications to customize security features and other behaviors of the SDK. By default, the SDK is configured for maximum security. Use the methods in this class to adjust settings like user verification policies, secure logging, and TLS Certificates.

@since 1.0.0

  • Configures the maximum number of user verification retries before a lockout is triggered.

    @discussion This setting helps prevent brute-force attacks on user verification. If the number of failed attempts exceeds this value, the user will be temporarily locked out.

    • Default value: 5
    • Minimum value: 1
    • Maximum value: 5

    Values outside the valid range [1, 5] will be ignored, and the default value will be used. This method should only be called once during the application’s lifecycle, ideally at startup.

    Declaration

    Objective-C

    + (void)setMaximumRetryCount:(NSUInteger)maximumRetryCount;

    Swift

    class func setMaximumRetryCount(_ maximumRetryCount: UInt)

    Parameters

    maximumRetryCount

    The maximum number of allowed retries.

  • Configures the base duration for the lockout penalty.

    @discussion When a user exceeds the maximum retry count, they are locked out for this initial duration. The lockout duration increases exponentially with each subsequent series of failed attempts.

    • Default value: 30 seconds
    • Minimum value: 30 seconds
    • Maximum value: 1800 seconds (30 minutes)

    Values outside the valid range [30, 1800] will be ignored, and the default value will be used. This method should only be called once during the application’s lifecycle, ideally at startup.

    Declaration

    Objective-C

    + (void)setBaseLockoutDuration:(NSTimeInterval)durationInSeconds;

    Swift

    class func setBaseLockoutDuration(_ durationInSeconds: TimeInterval)

    Parameters

    durationInSeconds

    The base lockout duration in seconds.

  • Initializes and enables the secure logging feature.

    @discussion Secure logging provides an encrypted and tamper-evident way to record SDK events for diagnostics and auditing. This is an optional feature. If not configured, no secure logs will be generated.

    Declaration

    Objective-C

    + (id<SecureLog> _Nullable)setupSecureLog:(SecureLogConfig *_Nullable)config;

    Swift

    class func setupSecureLog(_ config: SecureLogConfig?) -> (any SecureLog)?

    Parameters

    config

    A SecureLogConfig object containing the configuration parameters for the logger, such as encryption keys and log rotation policies. Pass nil to disable logging.

    Return Value

    An object conforming to the SecureLog protocol, which can be used to manage log levels and retrieve log files. Returns nil if the provided configuration is nil or invalid.

  • Sets the public key certificates for TLS pinning.

    @discussion This enhances security by ensuring the SDK communicates only with servers that present a valid, known certificate. Provide an array of NSData objects, where each object represents a DER-encoded X.509 certificate. The SDK will then only trust servers whose certificate chain is validated against these provided certificates.

    @since 3.0.0

    Declaration

    Objective-C

    + (void)setTlsCertificates:(NSArray<NSData *> *_Nullable)certificates;

    Swift

    class func setTlsCertificates(_ certificates: [Data]?)

    Parameters

    certificates

    An array of NSData objects representing the server’s public key certificates (Root, Intermediate, and Leaf). Pass nil or an empty array to disable TLS pinning.

  • Configures an App Group for shared data storage.

    @discussion Use this method to enable sharing of FIDO2 credentials and other SDK data between a main application and its extensions. This method must be called before initializing TGFFido2Client.

    Note

    Calling this method only designates the App Group for new data; it does not automatically move existing data. To move existing data to the App Group container, you must call performDataMigration:. Ensure the App Group identifier is correctly configured in your project’s entitlements.

    Warning

    This configuration should be set only once per application launch. Subsequent calls will be ignored.

    @since 4.0.0

    Declaration

    Objective-C

    + (void)setAppGroup:(nonnull NSString *)appGroup;

    Swift

    class func setAppGroup(_ appGroup: String)

    Parameters

    appGroup

    The App Group identifier string (e.g., “group.com.example.myapp”).

  • Checks if a data migration to a shared App Group container is necessary.

    @discussion A migration is required if setAppGroup: has been called and there is existing SDK data in the application’s private container. Call this method to determine if you need to invoke performDataMigration:.

    @since 4.0.0

    Declaration

    Objective-C

    + (BOOL)shouldPerformDataMigration;

    Swift

    class func shouldPerformDataMigration() -> Bool

    Return Value

    YES if a data migration is required, NO otherwise.

  • Migrates existing SDK data from the application’s private container to the configured App Group container.

    @discussion Call this method after calling setAppGroup: if shouldPerformDataMigration returns YES. This is necessary to make existing credentials available to app extensions or other apps within the same App Group.

    Warning

    This is a critical and potentially destructive operation. Once migration is complete, the original data is deleted. If an error occurs during migration, data may be lost and unrecoverable. It is highly recommended to back up user data where possible before performing this operation. After a successful migration, the app must continue to call setAppGroup: on all subsequent launches.

    Note

    No action is taken if a migration is not required (e.g., if there is no existing data or if data is already in the App Group).

    @since 4.0.0

    Declaration

    Objective-C

    + (BOOL)performDataMigration:(NSError *_Nullable *_Nullable)error;

    Swift

    class func performDataMigration() throws

    Parameters

    error

    On input, a pointer to an error object. If an error occurs, this pointer is set to an NSError object containing information about the issue.

    Return Value

    YES if the migration was successful or not needed. NO if an error occurred during the migration process.