TGFPasscodeAuthenticator

Objective-C


@interface TGFPasscodeAuthenticator : NSObject <TGFAuthenticator>

Swift

class TGFPasscodeAuthenticator : NSObject, TGFAuthenticator

A concrete implementation of the TGFAuthenticator protocol that uses a user-provided passcode for FIDO2 user verification.

This class manages the entire lifecycle of a passcode credential, including its creation, deletion, and modification. It uses a delegate pattern to request the presentation of a secure keyboard UI when user interaction is required.

@since 1.0.0

  • Unavailable

    Use the designated initializer initWithDelegate: instead.

    Declaration

    Objective-C

    - (instancetype _Nonnull)init;
  • Creates and returns a new passcode authenticator.

    Declaration

    Objective-C

    - (nonnull instancetype)initWithDelegate:
        (id<TGFPasscodeAuthenticatorDelegate> _Nullable)delegate;

    Swift

    init(delegate: (any TGFPasscodeAuthenticatorDelegate)?)

    Parameters

    delegate

    The delegate object that will handle UI-related events, such as presenting the secure keyboard. While this parameter is nullable, a delegate must be provided to perform any operation that requires user interaction (e.g., createPasscode, deletePasscode, changePasscode).

    Return Value

    An initialized TGFPasscodeAuthenticator instance.

  • Checks if a passcode has been created and enrolled for this authenticator.

    Declaration

    Objective-C

    - (BOOL)isPasscodeCreated;

    Swift

    func isPasscodeCreated() -> Bool

    Return Value

    YES if a passcode exists; otherwise, NO.

  • Initiates the flow to create and enroll a new passcode.

    This method triggers the delegate method passcodeAuthenticator:willStartKeyboard:operationInfo:cancelHandler:, which provides the application with a secure keyboard view to present to the user for passcode entry.

    Note

    An error is delivered if this method is called on a previously enrolled user.

    See

    TGFPasscodeAuthenticatorDelegate for handling the enrollment flow and result callbacks.

    Declaration

    Objective-C

    - (void)createPasscode;

    Swift

    func createPasscode()
  • Initiates the flow to delete the existing passcode.

    User verification is required to complete this operation. This method triggers the delegate method passcodeAuthenticator:willStartKeyboard:operationInfo:cancelHandler: to present the secure keyboard for authentication.

    Warning

    Upon successful deletion, all FIDO2 registrations associated with this authenticator will be permanently invalidated.

    Note

    An error is delivered via the delegate if no passcode is currently enrolled.

    See

    TGFPasscodeAuthenticatorDelegate for handling the deletion flow and result callbacks.

    Declaration

    Objective-C

    - (void)deletePasscode;

    Swift

    func deletePasscode()
  • Initiates the flow to change the existing passcode.

    The process requires the user to first authenticate with their current passcode. After successful verification, the user will be prompted to enter and confirm a new passcode. The delegate will be called multiple times to present the necessary keyboard UIs for each step.

    Note

    An error is delivered via the delegate if no passcode is currently enrolled.

    Declaration

    Objective-C

    - (void)changePasscode;

    Swift

    func changePasscode()
  • Retrieves the timestamp for when the current user lockout period expires.

    If a user fails authentication too many times, they will be locked out for a period of time. During this lockout, all authentication attempts will fail immediately with a TGFFido2ErrorCodeUserLockout error. The lockout duration starts at 30 seconds and increases exponentially with subsequent consecutive lockouts. The counter is reset upon a successful authentication.

    Declaration

    Objective-C

    + (NSNumber *_Nullable)lockoutExpiryTimestamp:
        (NSError *_Nullable *_Nullable)error;

    Swift

    class func lockoutExpiryTimestamp() throws -> NSNumber

    Parameters

    error

    On input, a pointer to an error object. If an error occurs while retrieving the lockout status, this pointer is set to an NSError object with information about the error.

    Return Value

    An NSNumber containing the expiration timestamp as seconds since the Unix epoch (00:00:00 UTC on 1 January 1970). Returns nil if an error occurs. Returns a number with a value of 0 if the user is not currently locked out.