Skip to content

SDK Configuration⚓︎

The Mobile SDK needs a signed configuration string provided by nextAuth. For obtaining this configuration string, please follow the instructions here. This string contains the parameters for connecting to the right second factor server and message center. All other configuration values below are optional.

Parameter Mandatory Description
config Signed configuration string provided by nextAuth.
biometricsDisabled Boolean indicating whether or not biometrics should be disabled for the app, default: false.
hideVash Boolean indicating whether or not a visual hash of the server's public key should be hidden during registration for the user to verify (part of the ConfirmRegister callback), default: false.
maxNumberSecondFactorWithoutPIN Integer indicating when the user must enter a PIN if second factor confirmation is requested after a number of second factor confirmations with a biometric, default: 0 (ignored). Note that this value only has effect if biometrics are enabled.
maxTimeSecondFactorWithoutPIN Duration string1 indicating when the user must enter a PIN if second factor confirmation is requested, default: 0 (ignored). Note that this value only has effect if biometrics are enabled.
singleAccount Boolean indicating whether or not the app can only have a single account, default: false.
timeoutInactivityAppLogin Duration string1 indicating after which duration of user inactivity AppLogins must be logged out, default: 0 (ignored). Note that this value only has effect if your app uses AppLogins.
manuallyStartUserInteraction Boolean indicating whether or not the user should manually start user interaction for a given session, default: false.
automaticallySelectSingleAccountWhenSecondFactorNeeded Boolean indicating whether or not the user should confirm logging in when there is only one account to select from and a second factor will requested afterwards, default: true.
defaultNSURI URI of the default nextAuth server (e.g., wss://[your domain]/ns/sigmai), only used for sending a NOACCOUNTS over the WebSocket to the browser when the user scan a login QR code (or clicks on a login deep link) when there are no accounts for that server.

Info

It might be useful to also alert users in the web frontend that they need to enrol an account first before being able to login. This done by sending a NOACCOUNTS over the WebSocket to the browser. Since the login QR code (or deep link) only contains your server's identifier but not its URI, this will need to be specified by setting the defaultNSURI.

If your app can be used to authenticate to multiple nextAuth servers at different URIs (different server identifiers at the same URI is fine), we do not recommend setting the defaultNSURI value.

Android⚓︎

The Mobile SDK configuration is specified as a json object that contains at least all the mandatory parameters. For the non-specified parameters, the SDK will take the default values.

{
  "config": "XXXXXXXXXXXX"
}

By default, the SDK looks for a nextauth.json file in the assets folder of the app.

iOS⚓︎

Include a Constants.plist file in your project. Ensure that it is added to the main application bundle.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NAAppGroup</key>
    <string>XXXXXXXXXXXX</string>
    <key>NAAppLoginInactivityTimeout</key>
    <string>5m</string>
    <key>NAAppLoginRequired</key>
    <false/>
    <key>NAAutomaticallySelectSingleAccountWhenSecondFactorNeeded</key>
    <true/>
    <key>NAConfig</key>
    <string>XXXXXXXXXXXX</string>
    <key>NADisableBiometrics</key>
    <false/>
    <key>NAHideVash</key>
    <false/>
    <key>NAManuallyStartUserInteraction</key>
    <false/>
    <key>NAMaxNumberSecondFactorWithoutPIN</key>
    <integer>30</integer>
    <key>NAMaxTimeSecondFactorWithoutPIN</key>
    <string>720h</string>
    <key>NASingleAccount</key>
    <false/>
    <key>NAUniversalLinkPathPrefix</key>
    <string>/authenticate/</string>
</dict>
</plist>

  1. A duration string consists of a number and a letter to indicate s - seconds, m - minutes, h - hours. For example, "720h" means 30 days.