Password

Overview

The password challenge in the REL-ID SDK is one of the core authentication mechanisms. It is invoked when the user must either:

🔐 Authenticate using an existing password (e.g., during login), or

🆕 Set a new password (e.g., during activation or password change flow)

🧩 What is the Password Challenge?

The password challenge is a request from the SDK to the host app to:

Display a password prompt to the user.
Enforce password rules (if provided).
Submit the user’s input securely using the appropriate SDK method.

It is triggered via the getPassword event.

🔄 When Is It Triggered?

Scenario	Description
First-time activation	Set a password for new users
Login	Validate an existing password
Password change flow	Server instructs user to change password
Fallback authentication	Used as a secondary or backup method

💼 Why It Matters

Password authentication remains a foundational method for verifying identity. With REL-ID’s implementation:

Security is enforced through configurable policies (length, complexity, repetition).
The experience is standardized across platforms.
Developers are in control of UI rendering, while the SDK manages validation logic and flow.

🧠 What the App Must Do

When the password authentication method is triggered by the SDK, the app must:

Listen for the getPassword event
Prompt the user to enter a password
Validate it based on the password policy provided
Submit it using setPassword()

`getPassword` Event

📥 Sample Payload – `getPassword`


{
  "userID": "testuser",
  "challengeMode": 1,
  "attemptsLeft": 3,
  "challengeResponse": {
    "status": {
      "statusCode": 100,
      "statusMessage": "Success"
    },
    "session": {
      "sessionType": 0,
      "sessionID": "1JKMQMQO1X0G9ENL..."
    },
    "additionalInfo": {
      "currentWorkFlow": "FirstTimeUserActivation"
    },
    "challengeInfo": [
      { "key": "Response label", "value": "Password" },
      { "key": "description", "value": "Enter your account password" },
      { "key": "PASSWORD_POLICY", "value": "{{\"minL\": 8,\"maxL\": 16,\"minLc\": 1,\"minDg\":
1,\"minUc\": 1,\"minSc\": 1,\"Repetition\": 2,\"UserIDcheck\":
\"true\",\"msg\": \"Password must contain 8-16 characters, including
atleast 1 uppercase, 1 lowercase, 1 number and special characters\"}}" },
      { "key": "SDK_CHLNG", "value": "YES" },
      { "key": "SDK_CHLNG_MODE", "value": "AUTO" }
    ]
  },
  "error": {
    "shortErrorCode": 0,
    "longErrorCode": 0,
    "errorString": "Success"
  }
}

🧾 Top-Level Fields

Field	Description
`userID`	Unique identifier for the user being challenged
`challengeMode`	Challenge handling mode (e.g., AUTO = SDK, MANUAL = App)
`attemptsLeft`	Number of password attempts remaining

🔁 `challengeResponse`

Field	Description
`status.statusCode`	`100` indicates success, other codes for failure
`status.statusMessage`	Descriptive status string
`session.sessionType`	Type of session (typically `0` for app session)
`session.sessionID`	Unique session identifier

📘 `additionalInfo`

Field	Description
`currentWorkFlow`	Indicates the current user workflow (e.g., onboarding)

📚 `challengeInfo[]` (Key-Value UI Hints)

Key	Description
`Response label`	Label for password input field
`description`	Text instructions for the user
`PASSWORD_POLICY`	JSON-encoded string for password complexity rules
`SDK_CHLNG`	`"YES"` = SDK handles UI; `"NO"` = app should render
`SDK_CHLNG_MODE`	`"AUTO"` or `"MANUAL"` to determine handling strategy
`IS_USER_PASS`	Optional; `"true"` means this is a user password validation challenge

🚫 `error`

Field	Description
`shortErrorCode`	Brief numeric code to identify error
`longErrorCode`	Extended error code used internally
`errorString`	Message describing the error or status

🔐 Password Policy Structure

{
  "minL": 8,
  "maxL": 16,
  "minLc": 1,
  "minDg": 1,
  "minUc": 1,
  "minSc": 1,
  "Repetition": 2,
  "UserIDcheck": "true"
}

Field	Description
`minL`	Minimum length
`maxL`	Maximum length
`minLc`	Minimum lowercase letters
`minUc`	Minimum uppercase letters
`minDg`	Minimum digits
`minSc`	Minimum special characters
`Repetition`	Max consecutive character repetition
`UserIDcheck`	Whether password must not include userID

📤 Submitting the Password - `setPassword` API

The setPassword API is used in the REL-ID SDK to submit a password entered by the user in response to the getPassword event. This may be for authentication or first-time password setup.

🧭 When to Use

In response to a getPassword SDK event
When the user must enter a password as part of the login or onboarding flow
NOT used for changing passwords (use updatePassword for that)

🧪 Sample Code

💙 React Native

RdnaClient.setPassword("MySecure@123", 1, (response) => {
  console.log("Password submitted", response);
});

🟣 Flutter

rdnaClient.setPassword(["MySecure@123", 1]);

🧩 Cordova

com.uniken.rdnaplugin.RdnaClient.setPassword(
  () => console.log("Success"),
  (err) => console.error("Error", err),
  ["MySecure@123", 1]
);

🍏 iOS (Objective-C)

[rdnaInstance setPassword:@"MySecure@123" challengeMode:1];

🤖 Android (Java)

rdna.setPassword("MySecure@123", RDNAChallengeOpMode.MANUAL);

✅ What Happens If Password Is Correct?

status.statusCode = 100
error.shortErrorCode = 0
The password challenge is completed successfully.
The SDK moves to the next event in the workflow or completes the session.

❌ Error Handling - Error Codes for getPassword

Error Code	Description
`140`	Password policy misconfiguration or JSON parsing failed
`141`	Password does not meet the policy
`153`	Attempts exhausted

🔐 Status Codes for getPassword

Status Code	Description	Suggested Action
102	Invalid Password provided. Please try again.	Show an error message with an OK option.
164	Password reuse violation. Must enter a new password not used in the last LAST_PASSWORDS passwords.	Show message with OK option and prompt user to enter a new password.

❌ What Happens If Password Is Incorrect?

status.statusCode = 102
The SDK re-triggers getPassword if attemptsLeft > 0
You should show an error and prompt the user again

🔒 What Happens If Attempts Are Exhausted?

error.shortErrorCode = 153
The challenge fails and the SDK determines the next step:
- Could be fallback authentication
- Could end the session

🧠 Developer Tips

Parse and use PASSWORD_POLICY to validate input on the client side.
Always display the description and attemptsLeft.
Handle success and error cases cleanly.
Wait for SDK callbacks to move to the next challenge — do not hardcode flow transitions.
UsesetPassword() for both verification and setting password in first-time activation (Mode 1).
UseupdatePassword() for password changes post-login (Mode 2 or 4).
Always validate inputs against password policy rules when challengeMode is 1, 2, or 4.

🧪 Sample Code Check

// Pseudocode logic
if ([0, 1, 3, 5, 12, 14].includes(challengeMode)) {
    setPassword(userInputPassword);
} else if ([2, 4].includes(challengeMode)) {
    updatePassword(oldPassword, newPassword);
}

📘 Additional Error Codes Related to `getPassword`

Error Code	Error Enum	Description
89	`RDNA_LDA_BIOMETRIC_CANCELLED_BY_USER`	Biometric authentication cancelled by user.
90	`RDNA_LDA_BIOMETRIC_CANCELLED_BY_SYSTEM`	Biometric authentication cancelled by system.
91	`RDNA_LDA_BIOMETRIC_LOCKED_OUT`	Too many biometric failures; biometric authentication is locked.
92	`RDNA_LDA_BIO_FACERECOGNITION_CANCELLED_BY_USER`	Face recognition cancelled by user.
93	`RDNA_ERR_LDA_BIO_FACERECOGNITION_CANCELLED_BY_SYSTEM`	Face recognition cancelled by system.
94	`RDNA_LDA_BIO_FACERECOGNITION_LOCKED_OUT`	Too many face recognition failures; system has locked the feature.
95	`RDNA_LDA_PATTERN_CANCELLED_BY_USER`	Pattern authentication cancelled by user.
196	`RDNA_ERR_LDA_BIO_AUTHENTICATION_CANCELLED_BY_APPLICATION`	Biometric authentication cancelled by application.
197	`RDNA_ERR_LDA_BIO_AUTHENTICATION_CONTEXT_INVALIDATED`	Authentication context invalidated.
198	`RDNA_ERR_LDA_BIO_AUTHENTICATION_FAILED_BY_APPLE_WATCH`	Authentication failed by Apple Watch.
199	`RDNA_ERR_LDA_BIO_AUTHENTICATION_NON_INTERACTIVE_USERINTERFACE_FORBIDDEN`	Non-interactive UI not allowed during authentication.
200	`RDNA_ERR_LDA_BIO_AUTHENTICATION_ERROR_UNKNOWN`	Unknown authentication error.
201	`RDNA_ERR_LDA_BIO_AUTHENTICATION_NO_FALLBACK_AVAILABLE`	No fallback authentication available.
202	`RDNA_ERR_LDA_PASSCODE_NOT_SET`	Device passcode is not set.
203	`RDNA_ERR_LDA_BIO_AUTHENTICATION_NOT_SUPPORTED`	Biometric authentication is not supported.
204	`RDNA_ERR_LDA_BIO_AUTHENTICATION_BIOMETRY_NOT_ENROLLED`	Biometric authentication not enrolled.
405	`RDNA_ERR_FALLBACK_TO_PASSWORD_LDA_NOT_AVAILABLE`	Fallback to password not available for LDA.

ℹ️ Developer Note:
For all the above error codes:

If SDK Mode is REL_ID_MANUAL_LDA and RDNAChallengeOpMode is RDNA_CHALLENGE_OP_VERIFY(0):

Show error with OK button

On OK click → Navigate to password verification screen

If SDK Mode is AUTO and RDNAChallengeOpMode is RDNA_CHALLENGE_OP_SET(1):

Show error with OK button

On OK click → Navigate to set password screen

📌 Additional Developer Note (For RDNA_ERR_ENABLED_LDA_NOT_FOUND_ON_DEVICE):
This error is triggered in login flow under the following scenarios:

User is activated using device biometric only, and no manual password is set.

The prerequisite ACTIVATE_USING_PASS_MANDATORY is configured to FALSE. The user is activated using manual password. Later, biometric authentication is enabled using LDA toggling. During the next login, if all the device biometrics are removed:

👉 Action: Ask user to enroll at least one biometric on the device and try again.