Password
Overview
The password challenge in the REL-ID SDK is one of the core authentication mechanisms. It is invoked when the user must either:
🔐 Authenticate using an existing password (e.g., during login), or
🆕 Set a new password (e.g., during activation or password change flow)
🧩 What is the Password Challenge?
The password challenge is a request from the SDK to the host app to:
- Display a password prompt to the user.
- Enforce password rules (if provided).
- Submit the user’s input securely using the appropriate SDK method.
It is triggered via the getPassword event.
🔄 When Is It Triggered?
| Scenario | Description |
|---|---|
| First-time activation | Set a password for new users |
| Login | Validate an existing password |
| Password change flow | Server instructs user to change password |
| Fallback authentication | Used as a secondary or backup method |
💼 Why It Matters
Password authentication remains a foundational method for verifying identity. With REL-ID’s implementation:
- Security is enforced through configurable policies (length, complexity, repetition).
- The experience is standardized across platforms.
- Developers are in control of UI rendering, while the SDK manages validation logic and flow.
🧠 What the App Must Do
When the password authentication method is triggered by the SDK, the app must:
- Listen for the
getPasswordevent - Prompt the user to enter a password
- Validate it based on the password policy provided
- Submit it using
setPassword()
getPassword Event
getPassword Event📥 Sample Payload – getPassword
getPassword
{
"userID": "testuser",
"challengeMode": 1,
"attemptsLeft": 3,
"challengeResponse": {
"status": {
"statusCode": 100,
"statusMessage": "Success"
},
"session": {
"sessionType": 0,
"sessionID": "1JKMQMQO1X0G9ENL..."
},
"additionalInfo": {
"currentWorkFlow": "FirstTimeUserActivation"
},
"challengeInfo": [
{ "key": "Response label", "value": "Password" },
{ "key": "description", "value": "Enter your account password" },
{ "key": "PASSWORD_POLICY", "value": "{{\"minL\": 8,\"maxL\": 16,\"minLc\": 1,\"minDg\":
1,\"minUc\": 1,\"minSc\": 1,\"Repetition\": 2,\"UserIDcheck\":
\"true\",\"msg\": \"Password must contain 8-16 characters, including
atleast 1 uppercase, 1 lowercase, 1 number and special characters\"}}" },
{ "key": "SDK_CHLNG", "value": "YES" },
{ "key": "SDK_CHLNG_MODE", "value": "AUTO" }
]
},
"error": {
"shortErrorCode": 0,
"longErrorCode": 0,
"errorString": "Success"
}
}🧾 Top-Level Fields
| Field | Description |
|---|---|
userID | Unique identifier for the user being challenged |
challengeMode | Challenge handling mode (e.g., AUTO = SDK, MANUAL = App) |
attemptsLeft | Number of password attempts remaining |
🔁 challengeResponse
challengeResponse| Field | Description |
|---|---|
status.statusCode | 100 indicates success, other codes for failure |
status.statusMessage | Descriptive status string |
session.sessionType | Type of session (typically 0 for app session) |
session.sessionID | Unique session identifier |
📘 additionalInfo
additionalInfo| Field | Description |
|---|---|
currentWorkFlow | Indicates the current user workflow (e.g., onboarding) |
📚 challengeInfo[] (Key-Value UI Hints)
challengeInfo[] (Key-Value UI Hints)| Key | Description |
|---|---|
Response label | Label for password input field |
description | Text instructions for the user |
PASSWORD_POLICY | JSON-encoded string for password complexity rules |
SDK_CHLNG | "YES" = SDK handles UI; "NO" = app should render |
SDK_CHLNG_MODE | "AUTO" or "MANUAL" to determine handling strategy |
IS_USER_PASS | Optional; "true" means this is a user password validation challenge |
🚫 error
error| Field | Description |
|---|---|
shortErrorCode | Brief numeric code to identify error |
longErrorCode | Extended error code used internally |
errorString | Message describing the error or status |
🔐 Password Policy Structure
{
"minL": 8,
"maxL": 16,
"minLc": 1,
"minDg": 1,
"minUc": 1,
"minSc": 1,
"Repetition": 2,
"UserIDcheck": "true"
}| Field | Description |
|---|---|
minL | Minimum length |
maxL | Maximum length |
minLc | Minimum lowercase letters |
minUc | Minimum uppercase letters |
minDg | Minimum digits |
minSc | Minimum special characters |
Repetition | Max consecutive character repetition |
UserIDcheck | Whether password must not include userID |
📤 Submitting the Password - setPassword API
setPassword APIThe setPassword API is used in the REL-ID SDK to submit a password entered by the user in response to the getPassword event. This may be for authentication or first-time password setup.
🧭 When to Use
- In response to a
getPasswordSDK event - When the user must enter a password as part of the login or onboarding flow
- NOT used for changing passwords (use
updatePasswordfor that)
🧪 Sample Code
💙 React Native
RdnaClient.setPassword("MySecure@123", 1, (response) => {
console.log("Password submitted", response);
});🟣 Flutter
rdnaClient.setPassword(["MySecure@123", 1]);🧩 Cordova
com.uniken.rdnaplugin.RdnaClient.setPassword(
() => console.log("Success"),
(err) => console.error("Error", err),
["MySecure@123", 1]
);🍏 iOS (Objective-C)
[rdnaInstance setPassword:@"MySecure@123" challengeMode:1];🤖 Android (Java)
rdna.setPassword("MySecure@123", RDNAChallengeOpMode.MANUAL);✅ What Happens If Password Is Correct?
status.statusCode=100error.shortErrorCode=0- The password challenge is completed successfully.
- The SDK moves to the next event in the workflow or completes the session.
❌ Error Handling - Error Codes for getPassword
| Error Code | Description |
|---|---|
140 | Password policy misconfiguration or JSON parsing failed |
141 | Password does not meet the policy |
153 | Attempts exhausted |
🔐 Status Codes for getPassword
| Status Code | Description | Suggested Action |
|---|---|---|
| 102 | Invalid Password provided. Please try again. | Show an error message with an OK option. |
| 164 | Password reuse violation. Must enter a new password not used in the last LAST_PASSWORDS passwords. | Show message with OK option and prompt user to enter a new password. |
❌ What Happens If Password Is Incorrect?
status.statusCode=102- The SDK re-triggers
getPasswordifattemptsLeft > 0 - You should show an error and prompt the user again
🔒 What Happens If Attempts Are Exhausted?
error.shortErrorCode=153- The challenge fails and the SDK determines the next step:
- Could be fallback authentication
- Could end the session
🧠 Developer Tips
- Parse and use
PASSWORD_POLICYto validate input on the client side. - Always display the
descriptionandattemptsLeft. - Handle success and error cases cleanly.
- Wait for SDK callbacks to move to the next challenge — do not hardcode flow transitions.
- Use
setPassword()for both verification and setting password in first-time activation (Mode 1). - Use
updatePassword()for password changes post-login (Mode 2 or 4). - Always validate inputs against password policy rules when
challengeModeis 1, 2, or 4.
🧪 Sample Code Check
// Pseudocode logic
if ([0, 1, 3, 5, 12, 14].includes(challengeMode)) {
setPassword(userInputPassword);
} else if ([2, 4].includes(challengeMode)) {
updatePassword(oldPassword, newPassword);
}📘 Additional Error Codes Related to getPassword
getPassword| Error Code | Error Enum | Description |
|---|---|---|
| 89 | RDNA_LDA_BIOMETRIC_CANCELLED_BY_USER | Biometric authentication cancelled by user. |
| 90 | RDNA_LDA_BIOMETRIC_CANCELLED_BY_SYSTEM | Biometric authentication cancelled by system. |
| 91 | RDNA_LDA_BIOMETRIC_LOCKED_OUT | Too many biometric failures; biometric authentication is locked. |
| 92 | RDNA_LDA_BIO_FACERECOGNITION_CANCELLED_BY_USER | Face recognition cancelled by user. |
| 93 | RDNA_ERR_LDA_BIO_FACERECOGNITION_CANCELLED_BY_SYSTEM | Face recognition cancelled by system. |
| 94 | RDNA_LDA_BIO_FACERECOGNITION_LOCKED_OUT | Too many face recognition failures; system has locked the feature. |
| 95 | RDNA_LDA_PATTERN_CANCELLED_BY_USER | Pattern authentication cancelled by user. |
| 196 | RDNA_ERR_LDA_BIO_AUTHENTICATION_CANCELLED_BY_APPLICATION | Biometric authentication cancelled by application. |
| 197 | RDNA_ERR_LDA_BIO_AUTHENTICATION_CONTEXT_INVALIDATED | Authentication context invalidated. |
| 198 | RDNA_ERR_LDA_BIO_AUTHENTICATION_FAILED_BY_APPLE_WATCH | Authentication failed by Apple Watch. |
| 199 | RDNA_ERR_LDA_BIO_AUTHENTICATION_NON_INTERACTIVE_USERINTERFACE_FORBIDDEN | Non-interactive UI not allowed during authentication. |
| 200 | RDNA_ERR_LDA_BIO_AUTHENTICATION_ERROR_UNKNOWN | Unknown authentication error. |
| 201 | RDNA_ERR_LDA_BIO_AUTHENTICATION_NO_FALLBACK_AVAILABLE | No fallback authentication available. |
| 202 | RDNA_ERR_LDA_PASSCODE_NOT_SET | Device passcode is not set. |
| 203 | RDNA_ERR_LDA_BIO_AUTHENTICATION_NOT_SUPPORTED | Biometric authentication is not supported. |
| 204 | RDNA_ERR_LDA_BIO_AUTHENTICATION_BIOMETRY_NOT_ENROLLED | Biometric authentication not enrolled. |
| 405 | RDNA_ERR_FALLBACK_TO_PASSWORD_LDA_NOT_AVAILABLE | Fallback to password not available for LDA. |
ℹ️ Developer Note:
For all the above error codes:
- If SDK Mode is
REL_ID_MANUAL_LDAandRDNAChallengeOpModeisRDNA_CHALLENGE_OP_VERIFY(0):
- Show error with OK button
- On OK click → Navigate to password verification screen
- If SDK Mode is
AUTOandRDNAChallengeOpModeisRDNA_CHALLENGE_OP_SET(1):
- Show error with OK button
- On OK click → Navigate to set password screen
📌 Additional Developer Note (For RDNA_ERR_ENABLED_LDA_NOT_FOUND_ON_DEVICE):
This error is triggered in login flow under the following scenarios:
- User is activated using device biometric only, and no manual password is set.
- The prerequisite
ACTIVATE_USING_PASS_MANDATORYis configured toFALSE. The user is activated using manual password. Later, biometric authentication is enabled using LDA toggling. During the next login, if all the device biometrics are removed:👉 Action: Ask user to enroll at least one biometric on the device and try again.
Updated 5 months ago