3️⃣ Authentication
Authentication is the biometric equivalent of "signing-in". During authentication Keyless compares the user's facial biometrics with the ones computed during enrollment.
If the biometrics match, Keyless authenticates the user.
Check out the guide on using Keyless to authenticate with Auth0, or read on for detailed information on the authentication builder methods.
Authentication builder methods
You can customize the authentication process with optional methods from the AuthenticationConfiguration
builder:
Authentication success result
Depending on the builder methods you enable, Keyless will populate the corresponding fields in the AuthenticationSuccess
result reported below.
Custom Secret
If you saved a custom secret during enrollment, you can retrieve it using the retrievingSecret
method.
If you add retrievingSecret
to the builder, Keyless will populate the field customSecret
in the AuthenticationSuccess
result.
Backup data
Keyless can generate backup data that you can use to recover an account.
To create the backup data use the retrievingBackup
method. Once authentication succeeds, copy the backup data from the AuthenticationSuccess
result, and store it securely.
To recover an account, use withBackup
passing as parameter the backup data you stored previously.
Liveness Settings
Using withLivenessSettings
you can specify the liveness security level during authentication, choosing the options from LivenessConfiguration
.
You can also specify a timeout
(in seconds) to cancel the authentication if the liveness takes longer than the timeout.
More details on liveness levels in the SDK Reference.
Operation info
withOperationInfo
specifies a customizable unique operation identifier and associated payload stored on the Keyless backend if the enrollment succeeds.
Details on how to query our backend for stored operations are available on Operations API.
Jwt signing
Using the withMessageToSign
method you can sign a message (string
) with the user signing key.
If the authentication is successful, you will find the signedJwt
and the userPublicSigningKey
in the AuthenticationSuccess
.
More information in the deadicate jwt signing section.
Authentication Delay
Use withDelay
to specify the delay (in seconds) between when the camera preview appears, and when the liveness processing starts.
Dynamic linking
Displays a custom payload to the user and signs it before returning the signed JWT. The signed JWT is the same used in the message signing builder method.
If the authentication is successful, you will find the signedJwt
in the AuthenticationSuccess
.
With this method the Keyless SDK will also display a map of key value pairs to user. Keyless does not validate the key value pairs in any way.
Keys are used as labels while values populate the fields of a form with dynamic linking information shown to the users. The same payload is added as body of the returned signedJwt
.
Success Animation
Using withSuccessAnimation
you can specify whether the Keyless SDK should display a checkmark indicating a successful authentication to the user.
Multidevice
The following builder methods are coverdered in the multidevice section:
addingNewDevice
confirmingNewDevice
revokingDevice
Last updated