REL-ID Verify flow
🧭 What Is the "Verify Auth" Challenge?
The Verify Auth Challenge is a key security mechanism in REL-ID SDK that allows a user to activate a new device by approving a verification request on an already registered (trusted) device.
It’s the REL-ID equivalent of “tap to approve this login” in multi-device ecosystems — but deeply integrated with REL-ID’s identity binding architecture.
This challenge can be configured in the Gateway manager.
📲 When Is It Used?
During additional device activation, after the user enters their login ID, the SDK recognizes this device is unregistered and triggers addNewDeviceOptions
🔁 What Happens Internally – Verify Auth Challenge
During additional device activation, when the user chooses REL-ID Verify Authentication, the following sequence of events takes place:
-
📱 New Device Calls:
performVerifyAuth(true)- This triggers the start of the verify challenge.
-
📲 Registered Device Receives Notification
- A push notification is sent to one of the user's previously registered devices.
-
🔔 User Action Required
- The user must approve the request on the registered device within a predefined time window.
-
✅ If Approved:
- REL-ID server acknowledges the approval.
- New device is allowed to proceed to the next step (e.g., LDA Consent or Password).
-
❌ If Rejected or Timeout:
- The new device receives a failure response.
- App should prompt the user to retry or offer the fallback option using
fallbackNewDeviceActivationFlow().
🪜 Step-by-Step Activation Flow
1. Login Attempt on New Device
- SDK detects this is a new/unregistered device
- Event triggered:
addNewDeviceOptions
2. Event:addNewDeviceOptions
addNewDeviceOptions🔄 Options (from event payload)
"REL-ID Verify Authentication""Add New Device using Fallback"
📱 App Screen
- Show challenge information from
challengeInfo - Display buttons:
- ✅ Proceed with REL-ID Verify →
performVerifyAuth(true) - ❌ Use Fallback Method →
fallbackNewDeviceActivationFlow()
- ✅ Proceed with REL-ID Verify →
3. User Chooses: REL-ID Verify
🔧 API Call: performVerifyAuth(true)
performVerifyAuth(true)- Notification sent to existing registered device
- User approves the request
👉 On Success
- SDK continues with:
getUserConsentForLDA(biometric)- or
getPassword(fallback)
❌ On Failure
- Show error message
- Offer retry or fallback method
4. (Optional) Consent Collection
Event: getUserConsentForLDA
getUserConsentForLDA- Show biometric or consent dialog
➡️ On success: continue to device binding
➡️ On failure: use fallback flow
5. Device Binding
- SDK binds the device to the user's account
Event Triggered: getDeviceName
getDeviceName6. Event:getDeviceName
getDeviceName📱 App Screen
- Prompt user to enter or confirm device name
🔧 API Call: setDeviceName(deviceName)
setDeviceName(deviceName)➡️ On success: proceed to final step
➡️ On failure: retry or use auto-generated name
7. Final Step: Device Activated
Event: onDeviceActivated
onDeviceActivated- SDK confirms that device is registered and ready
📱 UI Action
- Redirect to home/dashboard
- Show success message
🛠 Alternate Path: Fallback Flow
API: fallbackNewDeviceActivationFlow()
fallbackNewDeviceActivationFlow()- Trigger alternate activation (OTP, passcode, QR, etc.)
- On success: proceeds to
getDeviceName→setDeviceName
❗ Error Handling Summary
| Step | Event/API | On Failure Action |
|---|---|---|
| Option Display | addNewDeviceOptions | Show retry or fallback option |
| Notification Approval | performVerifyAuth | Retry or fallback path |
| Biometric Consent | getUserConsentForLDA | Use password or fallback method |
| Device Naming | setDeviceName | Retry or use auto-generated name |
| Final Confirmation | onDeviceActivated | Retry / logout |
Updated 3 months ago