Skip to content

SDK Configuration⚓︎

The Mobile SDK needs a signed configuration string provided by nextAuth. In order to obtain this configuration string, please follow the instructions here. It contains the parameters for connecting to the right Second Factor Server and Message Center. All other configuration values below are optional.

Parameter Mandatory Description
config Signed configuration string provided by nextAuth.
biometricsDisabled Boolean indicating whether or not biometrics should be disabled for the app, default: false.
hideVash Boolean indicating whether or not a visual hash of the server's public key should be hidden during registration for the user to verify (part of the ConfirmEnrol callback), default: false.
maxNumberSecondFactorWithoutPIN Integer indicating when the user must enter a PIN if second factor confirmation is requested after a number of second factor confirmations with a biometric, default: 0 (ignored). Note that this value only has effect if biometrics are enabled.
maxTimeSecondFactorWithoutPIN Duration string1 indicating when the user must enter a PIN if second factor confirmation is requested, default: 0 (ignored). Note that this value only has effect if biometrics are enabled.
singleAccount Boolean indicating whether or not the app can only have a single account, default: false.
timeoutInactivityAppLogin Duration string1 indicating after which duration of user inactivity AppLogins must be logged out, default: 0 (ignored). Note that this value only has effect if your app uses AppLogins.
manuallyStartUserInteraction Boolean indicating whether or not the user should manually start user interaction for a given session, default: false.
automaticallySelectSingleAccountWhenSecondFactorNeeded Boolean indicating whether or not the user should confirm logging in when there is only one account to select from and a second factor will requested afterwards, default: true.
defaultNSURI URI of the default nextAuth server (e.g., wss://[your domain]/ns/sigmai), only used for sending a NOACCOUNTS message over the WebSocket to the browser when the user scan a login QR code (or clicks on a login deep link) when there are no accounts for that server.
alwaysRequireSecondFactorIfInactiveAppLogin Always require a second factor for logging in (web) if there is no active AppLogin.

Info

It might be useful to also alert users in the web frontend that they need to enrol an account first before being able to login. This done by sending a NOACCOUNTS over the WebSocket to the browser. Since the login QR code (or deep link) only contains your server's identifier but not its URI, this will need to be specified by setting the defaultNSURI.

If your app can be used to authenticate to multiple nextAuth servers at different URIs (different server identifiers at the same URI is fine), we do not recommend setting the defaultNSURI value.

Android⚓︎

The Mobile SDK configuration is specified as a JSON string that must contain all mandatory parameters. For the non-specified parameters, the SDK will take the default values.

{
  "config": ""
}

By default, the SDK looks for a nextauth.json file in the assets folder of the app. You can also manually pass the configuration as a JSON string.

//default, looks for a nextauth.json file in the assets folder
NextAuth.init(getApplicationContext());

//manually pass configuration
NextAuth.init(getApplicationContext(),"{\"config\": \"\"}");

iOS⚓︎

The following configuration parameters listed below are only used by the iOS SDK. Note that the appGroup parameters is required for on-device builds, as detailed in our quick-start guide.

Parameter Mandatory Description
appGroup The App Group you provisioned in the Apple Developer Portal, which is required for on-device builds (see here).
migrateDataDirectory Boolean indicating whether or not the SDK's data directory should be migrated, default: false. This parameter should only be enabled for legacy applications.
universalLinkPathPrefix The prefix that should be removed from the path component of deep links, default: /. For instance, if your deep link is https://app.nextauth.com/authenticate/<data>, you would set this parameter to /authenticate/.
appLoginRequired Boolean indicating whether or not an AppLogin is required.

The Mobile SDK configuration can be specified as a JSON or Property List string that must contain all mandatory parameters. Include a Constants.plist file in your project. Ensure that it is added to the main application bundle.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>NAConfig</key>
    <string></string>
</dict>
</plist>

By default, the SDK looks for the constants file specified by the NAConstantsFile key (see here). From v1.4.0 onwards, you can also manually pass the configuration. This can only be done once and has to happen before any other interactions with the SDK.

NextAuth.default.configure(from: "{\"config\": \"\"}", withFormat: NextAuth.Constants.JSON)

  1. A duration string consists of a number and a letter to indicate s - seconds, m - minutes, h - hours. For example, "720h" means 30 days.