REL-ID for MobileREL-ID APIsREL-ID for Web
Guides
Start typing to search…

Password to LDA

🔁 Toggling from Password to LDA (Authentication Mode Management)

This flow enables users to switch from Password-based login to Local Device Authentication (LDA) after logging in. It’s often provided as part of security settings or preferences within the app.

🧩 Precondition

  • The user is already logged in using Password.
  • The device must support LDA (e.g., fingerprint, Face ID).
  • The user’s app UI should offer a toggle to switch login method.

🧭 Workflow Overview

flowchart TD
    onUserLoggedIn --> getDeviceAuthenticationDetails[App calls 
 getDeviceAuthenticationDetails]
    getDeviceAuthenticationDetails -- LDA enabled for device --> ldaToggleScreen[App shows LDA toggle screen]
    ldaToggleScreen -- toggle from Password to LDA --> manageDeviceAuthenticationModes[App calls manageDeviceAuthenticationModes, isEnabled:true]
    manageDeviceAuthenticationModes --> getPassword[SDK triggers getPassword to validate password]
    getPassword --> setPassword[App calls setPassword, challengeMode : RDNA_AUTHORIZE_LDA_MANAGEMENT/5] 
    setPassword --> userConsentForLDA[SDK triggers getUserConsentForLDA]
    userConsentForLDA --> setUserConsentForLDA[App calls setUserConsentForLDA, isEnrollLDA:true/false, challengeMode:RDNA_MANAGE_LDA_SET_LDA/16 ]
    setUserConsentForLDA -- isEnrollLDA : false, user cancels LDA prompt --> onDeviceAuthManagementStatusError[SDK triggers onDeviceAuthManagementStatus with Error]
    setUserConsentForLDA -- isEnrollLDA: true --> ldaPrompt[SDK shows LDA Prompt]
    ldaPrompt --> provideLDA[User provides LDA]
    provideLDA --> onDeviceAuthManagementStatus[SDK triggers onDeviceAuthManagementStatus with success]
    
 style getPassword fill:#d4fdd4,stroke:#228b22,stroke-width:2px
 style userConsentForLDA fill:#d4fdd4,stroke:#228b22,stroke-width:2px
 style getPassword fill:#d4fdd4,stroke:#228b22,stroke-width:2px
 style onDeviceAuthManagementStatusError fill:#d4fdd4,stroke:#228b22,stroke-width:2px
 style onDeviceAuthManagementStatus fill:#d4fdd4,stroke:#228b22,stroke-width:2px
 style getDeviceAuthenticationDetails fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
 style manageDeviceAuthenticationModes fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
 style setPassword fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px
 style setUserConsentForLDA fill:#ffe4b3,stroke:#ff8c00,stroke-width:2px

🟩 Green - Callbacks issued by REL-ID SDK
🟧 Orange - APIs invoked by the Client App

📝 Step-by-Step Explanation

  1. Post Login:
    The user logs in using password. The app queries device capabilities using getDeviceAuthenticationDetails().

  2. App UI:
    If the device supports LDA and is eligible, the app presents a toggle option to enable LDA.

  3. Toggling Action:
    Upon toggle, the app calls manageDeviceAuthenticationModes(isEnabled: true) to begin LDA enrollment.

  4. Revalidation via Password:
    SDK emits getPassword() with challenge mode RDNA_AUTHORIZE_LDA_MANAGEMENT (5) to re-validate the user.

  5. User Provides Password:
    App collects the password and invokes setPassword().

  6. Consent for LDA Prompting:
    SDK triggers getUserConsentForLDA, and app responds with setUserConsentForLDA():

    • isEnrollLDA: false: User cancels the prompt, SDK emits onDeviceAuthManagementStatus with error.
    • isEnrollLDA: true: SDK proceeds to show biometric prompt.

  7. User Enrolls LDA:
    SDK shows the LDA prompt. If user provides valid biometric (e.g., fingerprint), SDK emits onDeviceAuthManagementStatus with success.

Updated 2 months ago