Descope supports validating sign-up and sign-ins via Authenticator Applications which provide a Time-based One-time Password (TOTP).
Google Authenticator, Microsoft Authenticator, and Authy are examples of authenticator apps. Descope generates the required QR
code or key (also called a secret or seed) in order to configure new a new Authenticator.
// 1. Within XCode, go to File > Add Packages// 2. Search for the URL of the git repo: https://github.com/descope/swift-sdk// 3. Configure your desired dependency rule// 4. Click Add Package
The first step for implementing TOTP authentication is sign-up. In this step the user registers their TOTP app with the authentication
service. Descope will generate a TOTP key (also called a secret or seed) that will be entered into the end user's authenticator app so
that TOTP codes can be successfully verified. The new end user will be registered after the full TOTP sign-up flow has been successfully completed.
// Args:// loginId: email or phone - becomes the unique ID for the user from here on and also used for deliverylet loginId = "email@company.com"// user: Optional user object to populate new user information.let user = { "name": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}do { let totpResponse = try await Descope.totp.signUp(loginId: loginId, user: user) print("Successfully initiated TOTP Sign Up") print("TOTP QR Code: Returned as a UIImage within totpResponse.image") print("TOTP Key: " + totpResponse.key) print("TOTP Provisioning URL: " + totpResponse.provisioningURL)} catch { print("Failed to initiate TOTP Sign Up") print(error)}
For signing in, your application client must prompt the user for loginId, such as email or phone, and the code from the
authenticator application. Your client will then call the verify function. Upon successful verification, the user will be
logged in and the response will include the JWT information.
// Args:// loginId: email or phone - must be same as provided at the time of signup.let loginId = "email@company.com"// code: code entered by the user from the authenticator application.let code = "xxxx"guard let session = Descope.sessionManager.session else { return }var signInOptions: [SignInOptions] = [ .customClaims(["name": "{{user.name}}"]), .mfa(refreshJwt: session.refreshJwt), .stepup(refreshJwt: session.refreshJwt)]do { let descopeSession = try await Descope.totp.verify(loginId: loginId, code: code, options: signInOptions) print("Successfully verified TOTP Code") print(descopeSession as Any)} catch { print("Failed to verify TOTP Code") print(error)}
The update user call is used when you would like to associate a new authenticator method with an existing and authenticated user.
You need to pass the refresh token or http request of an authenticated user. The update will work only if the user is authenticated.
// Args:// loginId: email, phone or username of the authenticated userlet loginId = "email@company.com"// refresh_token: string with the refresh token of the user. This should be extracted from cookies sent with the query.let refresh_token = "xxxxxxxx"do { let totpResponse = try await Descope.totp.update(loginId: loginId, refreshJwt: descopeSession!.refreshJwt) print("Successfully initiated TOTP Update") print("TOTP QR Code: Returned as a UIImage within totpResponse.image") print("TOTP Key: " + totpResponse.key) print("TOTP Provisioning URL: " + totpResponse.provisioningURL)} catch { print("Failed to initiate TOTP Update") print(error)}
The final step of completing the authentication with Descope is to validate the user session. Descope provides rich session management capabilities, including configurable session timeouts and
logout functions. You can find the details and sample code for client session validation here.
Checkpoint
Your application is now integrated with Descope. Please test with sign-up or sign-in use case.