TGFPasscodeAuthenticator
Objective-C
@interface TGFPasscodeAuthenticator : NSObject <TGFAuthenticator>
Swift
class TGFPasscodeAuthenticator : NSObject, TGFAuthenticator
A concrete implementation of the TGFAuthenticator protocol that uses a
user-provided passcode for FIDO2 user verification.
This class manages the entire lifecycle of a passcode credential, including its creation, deletion, and modification. It uses a delegate pattern to request the presentation of a secure keyboard UI when user interaction is required.
@since 1.0.0
-
Unavailable
Use the designated initializer
initWithDelegate:instead.Declaration
Objective-C
- (instancetype _Nonnull)init; -
Creates and returns a new passcode authenticator.
Declaration
Objective-C
- (nonnull instancetype)initWithDelegate: (id<TGFPasscodeAuthenticatorDelegate> _Nullable)delegate;Swift
init(delegate: (any TGFPasscodeAuthenticatorDelegate)?)Parameters
delegateThe delegate object that will handle UI-related events, such as presenting the secure keyboard. While this parameter is nullable, a delegate must be provided to perform any operation that requires user interaction (e.g.,
createPasscode,deletePasscode,changePasscode).Return Value
An initialized
TGFPasscodeAuthenticatorinstance. -
Checks if a passcode has been created and enrolled for this authenticator.
Declaration
Objective-C
- (BOOL)isPasscodeCreated;Swift
func isPasscodeCreated() -> BoolReturn Value
YESif a passcode exists; otherwise,NO. -
Initiates the flow to create and enroll a new passcode.
This method triggers the delegate method
passcodeAuthenticator:willStartKeyboard:operationInfo:cancelHandler:, which provides the application with a secure keyboard view to present to the user for passcode entry.Note
An error is delivered if this method is called on a previously enrolled user.
See
TGFPasscodeAuthenticatorDelegatefor handling the enrollment flow and result callbacks.Declaration
Objective-C
- (void)createPasscode;Swift
func createPasscode() -
Initiates the flow to delete the existing passcode.
User verification is required to complete this operation. This method triggers the delegate method
passcodeAuthenticator:willStartKeyboard:operationInfo:cancelHandler:to present the secure keyboard for authentication.Warning
Upon successful deletion, all FIDO2 registrations associated with this authenticator will be permanently invalidated.
Note
An error is delivered via the delegate if no passcode is currently enrolled.
See
TGFPasscodeAuthenticatorDelegatefor handling the deletion flow and result callbacks.Declaration
Objective-C
- (void)deletePasscode;Swift
func deletePasscode() -
Initiates the flow to change the existing passcode.
The process requires the user to first authenticate with their current passcode. After successful verification, the user will be prompted to enter and confirm a new passcode. The delegate will be called multiple times to present the necessary keyboard UIs for each step.
Note
An error is delivered via the delegate if no passcode is currently enrolled.Declaration
Objective-C
- (void)changePasscode;Swift
func changePasscode() -
Retrieves the timestamp for when the current user lockout period expires.
If a user fails authentication too many times, they will be locked out for a period of time. During this lockout, all authentication attempts will fail immediately with a
TGFFido2ErrorCodeUserLockouterror. The lockout duration starts at 30 seconds and increases exponentially with subsequent consecutive lockouts. The counter is reset upon a successful authentication.Declaration
Objective-C
+ (NSNumber *_Nullable)lockoutExpiryTimestamp: (NSError *_Nullable *_Nullable)error;Swift
class func lockoutExpiryTimestamp() throws -> NSNumberParameters
errorOn input, a pointer to an error object. If an error occurs while retrieving the lockout status, this pointer is set to an
NSErrorobject with information about the error.Return Value
An
NSNumbercontaining the expiration timestamp as seconds since the Unix epoch (00:00:00 UTC on 1 January 1970). Returnsnilif an error occurs. Returns a number with a value of0if the user is not currently locked out.