This repo is deprecated.
Please go to https://github.com/IBM-Security/verify-sdk-ios
This repository contains sample apps and code snippets to showcase and provide guidance when developing mobile applications with the IBM Mobile Access SDK. The following steps will help you get started.
Looking for the Android version?
To access the SDK you need to sign in with an IBM ID account. Create your free IBM ID and navigate to Fix Central to download the SDK.
| SDK Version | iOS 9 | iOS 10 | iOS 11 | iOS 12 | Xcode | Swift | End of Target Build Support | Comments |
|---|---|---|---|---|---|---|---|---|
| v1.3.0 | Yes (Targeted) | Yes | Yes | Yes | >10.0.0 | >4.2 | N/A - Last of v1.* release stream. | Tested on iOS 12 (BETA). For access to the SDK or to report a problem with the build, use the GitHub repository issues. |
| v1.2.9 | Yes (Targeted) | Yes | Yes | No | >9.3.0 | >4.1 | 30 September 2018. | Tested iOS 11. |
| v1.2.8 | Yes (Targeted) | Yes | Yes | No | >9.1.0 | >4.0 | 13 March 2018 | Tested iOS 11. |
| v1.2.7 | Yes (Targeted) | Yes | Yes | No | >9.1.0 | >4.0 | 13 March 2018 | Tested iOS 11. |
| v1.2.6 | Yes (Targeted) | Yes | Yes | No | >9.0.0 | >3.2 | 13 March 2018 | Tested iOS 11. |
| v1.2.5 | Yes (Targeted) | Yes | Yes | No | >8.2 | >3.1 | 13 March 2018 | Tested iOS 11. |
The SDK can be used in Xcode.
See our instructions on configuring your project with the SDK.
The SDK is a Universal Framework that may require some additional steps before deploying to the Apple AppStore.
See our instructions for deploying your project with the SDK.
NOTE: Samples are built against v1.2.9 of the SDK.
Available samples and snippets include:
| Name | Type | Description |
|---|---|---|
| OAuth token using ROPC grant | Sample | This example demonstrates acquiring and refreshing an OAuth token. |
| Invoke username password policy | Sample | This example demonstrates invoking the username password policy. |
| QR code scanning | Sample | This example demonstrates scanning a QR code for one-time password (OTP) generation or multi-factor authentication (MMFA) with ISAM. |
| Secure key | Sample | This example demonstrates generating a private and public key with access control to protect access to the private key. |
| Get OAuth token | Snippet | The SDK supports the ROPC grant flow. |
| Certificate pinning | Snippet | Compares a certificate stored in the mobile app as being the same certificate presented by the web server that provides the HTTPS connection. |
| Key pair generation | Snippet | TKey pairs are used in the SDK to sign challenges, coming from IBM Security Access Manager. The private key remains on the device, whereas the public key gets uploaded to the server as part of the mechanisms enrollment. |
| Signing data | Snippet | The public key would be stored on a server and provide the challenge text to the client. The client uses the private key to sign the data which is sent back to the server. The server validates the signed data against the public key to verify the keys have not been tampered with. |
IBM Verify is a mobile app for multi-factor authentication (MFA) with IBM Security Access Manager (ISAM). IBM Verify features:
- One-time password (OTP)
- Device registration and enrolment
- Multi-tenant services for push notification
- Built on the IBM Security Mobile Access SDK
For more information about IBM Verify, navigate to the user guide.
The Mobile Access SDK for iOS will support continuous delivery for features and security vulnerabilties and defects into the latest stream. Security vulnerabilties and critical defects will be backported into Older SDK Versions. Support is defined as fixing of critical security vulnerabilties and defects. Support does not imply new feature enhancements.
| Support Statement | Latest SDK Versions (Xcode 9.0) | Older SDK Versions (Xcode < 9.0) |
|---|---|---|
| Xcode updates | Yes | No |
| Swift updates | Yes | No |
| New features | Yes | No |
| Security Vulnerabilties | Yes | Yes |
| Critical Defects | Yes | Yes |
| iOS version updates | Yes | No |
IBM has an internal development and release process for ensuring code quality and to mitigate the risk of vulnerabilities. As part of the development process, all products are scanned by security vulnerability scanning tools to mitigate the risks of at least the following:
In addition, IBM Security products are developed and tested according to the best practices outlined in the IBM Secure Engineering Framework
http://www-03.ibm.com/security/secure-engineering/
We do not provide external security certifications for the SDK. IBM recommends professional security scanning be performed on all mobile apps built with the ISAM SDK.
The contents of this repository are open-source under the Apache 2.0 licence. The SDK itself is closed-source.
Copyright 2018 International Business Machines
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
These sample apps are intended solely for use with an Apple iOS product and intended to be used in conjunction with officially licensed Apple development tools and further customized and distributed under the terms and conditions of your licensed Apple developer program.