iOS Swift advanced setup
In this guide, you'll find an overview and best practices for enabling advanced features and using built in functions for biometric authentication (passkeys) and step-up.
Passkeys authentication (iOS 15+)
Passkeys provide a seamless, passwordless login experience using WebAuthn and platform-level biometric authentication.
Prerequisites
- iOS Version: Ensure your project targets iOS 15 or later to support the necessary WebAuthn APIs.
- Associated Domain: Configure your app's associated domains to enable passkeys functionality.
- Frontegg SDK Version: Use Frontegg iOS SDK version 1.2.24 or later.
Configure associated domains in Xcode
- Open your project in Xcode
- Go to your target settings
- Open the Signing & Capabilities tab
- Click the + Capability button and add Associated Domains
- Under Associated Domains, click the + and add:
webcredentials:your-domain.com. For example, if your domain ishttps://example.com, usewebcredentials:example.com.
Host the .well-known/webauthn file
- On your server, create a JSON file at the following location:
https://your-domain.com/.well-known/webauthn. - Use the structure below:
{
"origins": [
"https://your-domain.com",
"https://subdomain.your-domain.com"
]
}- Ensure this file is publicly accessible (HTTP 200 OK).
Test domain association
Verify that your associated domain configuration works using Apple's Associated Domains Validator.
Register passkeys
Call this method from your app to enable passkeys registration for a user:
import FronteggSwift
func registerPasskeys() {
if #available(iOS 15.0, *) {
FronteggAuth.shared.registerPasskeys()
} else {
print("Passkeys are only supported on iOS 15 or later.")
}
}Login with passkeys
To log users in using a stored passkey:
import FronteggSwift
func loginWithPasskeys() {
if #available(iOS 15.0, *) {
FronteggAuth.shared.loginWithPasskeys { result in
switch result {
case .success(let user):
print("User logged in: \(user)")
case .failure(let error):
print("Error logging in: \(error)")
}
}
} else {
print("Passkeys are only supported on iOS 15 or later.")
}
}Step-up authentication
Step-Up Authentication allows you to temporarily elevate a user's authentication level to perform sensitive actions. This is useful for operations like updating credentials, accessing confidential data, or performing secure transactions.
stepUp -
Starts the step-up authentication flow. This will usually trigger a secondary authentication method ( e.g. biometric, MFA, etc).
maxAge (optional): How long the elevated session is considered valid, in seconds.
completion: A closure called after authentication finishes. If step-up fails, it receives an error.
Task {
await FronteggAuth.shared.stepUp(maxAge: 300) { error in
if let error = error {
print("Step-up failed: \(error.localizedDescription)")
return
}
// Authentication successful, continue with the secure action
self.performSensitiveAction()
}
}isSteppedUp -
This method hecks whether the user has recently completed a step-up authentication and whether it is still valid.
let isSteppedUp = FronteggAuth.shared.isSteppedUp(maxAge: 300) // 300 seconds = 5 minutes
if isSteppedUp {
// Proceed with secure operation
} else {
// Trigger step-up flow
}Example
func performSensitiveFlow() {
let isElevated = FronteggAuth.shared.isSteppedUp(maxAge: 300)
if isElevated {
performSensitiveAction()
} else {
Task {
await FronteggAuth.shared.stepUp(maxAge: 300) { error in
if let error = error {
showAlert("Authentication Failed", message: error.localizedDescription)
return
}
performSensitiveAction()
}
}
}
}
func performSensitiveAction() {
// Proceed with a high-security task
print("Secure action performed.")
}Logout after reinstall
To force logout when a user reinstalls the app, update your Frontegg.plist file:
<plist version="1.0">
<dict>
<key>keepUserLoggedInAfterReinstall</key>
<false/>
...
</dict>
</plist>By default keepUserLoggedInAfterReinstall is true.