ForgeRock SDKs 3.3

Understand the authentication flow

The SDKs use authentication journeys/trees for user authentication. The SDKs rely on the forgerock_auth_service_name that you define in the FRAuthConfig.plist configuration file to initiate the user login and authentication flow.

You must implement a UI element for each callback object and you must handle each node object. Although the callback classes are implemented in the FRAuth module, the FRAuth module itself cannot render those callbacks as UI elements.

To initiate the authentication flow, use the FRUser.login() method or the FRSession.authenticate(authIndexValue:, authIndexType:) method. Both methods return a node object. The node object includes an array of callbacks that you must present to the user and submit to the SDK.

The SDK submits the callback objects to the server. The process continues until the authentication tree is complete.

For a list of callbacks that are implemented in the FRAuth module, see FRAuth in the API reference.

Upon completion, the callback returns any one of the following:

  • Expected result object

    Token

    SSOToken as a Token object.

    AccessToken

    Access token, other OAuth2 token, and values associated with the access token.

    FRUser

    Abstract layer of the currently authenticated user session.

  • Node object to process

    The Node object is a representation of a step in the authentication process, which requires user interaction to provide input value(s) to each Callback object within the Node instance.

  • Error

    If an error occurs during the authentication process.

Copyright © 2010-2022 ForgeRock, all rights reserved.