This repository contains sample apps and code snippets to showcase and provide guidance when developing mobile applications with the IBM Verify SDK. The following steps will help you get started.
Looking for the Android version?
To access the SDK you need to sign in with an IBM ID account. Create your free IBM ID and navigate to IBM AppExchange to download the SDK.
| SDK Version | iOS 12 | iOS 13 | iOS 14 | Xcode | Swift | End of Target Build Support | Comments |
|---|---|---|---|---|---|---|---|
| v2.1.4 | Yes (Targeted) | Yes | Yes | 12.1.0 | 5.1 | Tested on iOS 14. For access to the SDK or to report a problem with the build, use the GitHub repository issues. | |
| v2.1.3 | Yes (Targeted) | Yes | Yes | 12.1.0 | 5.1 | Tested on iOS 14. For access to the SDK or to report a problem with the build, use the GitHub repository issues. | |
| v2.1.2 | Yes (Targeted) | Yes | Yes | 12.1.0 | 5.1 | Tested on iOS 14. For access to the SDK or to report a problem with the build, use the GitHub repository issues. | |
| v2.0.6 | Yes (Targeted) | Yes | Yes | 11.0.0 | 5.1 | March 2020 | Tested on iOS 13. For access to the SDK or to report a problem with the build, use the GitHub repository issues. |
| v2.0.5 | Yes (Targeted) | Yes | Yes | 11.0.0 | 5.1 | March 2020 | Tested on iOS 13. For access to the SDK or to report a problem with the build, use the GitHub repository issues. |
| v2.0.4 | Yes (Targeted) | Yes | Yes | 10.0.0 | 5.0 | March 2020 |
The SDK can be used in Xcode.
See our instructions on configuring your project with the SDK.
The SDK is a Universal Framework supporting simulators and device deployments. From v2.0.6 onwards, the Build phase run script is no longer a requirement.
See our instructions for deploying your project with the SDK using v2.0.5 or earlier..
NOTE: Samples are built against v2.0.6 of the SDK.
Available samples and snippets include:
| Name | Type | Description |
|---|---|---|
| OAuth token using ROPC grant | Sample | This example demonstrates acquiring and refreshing an OAuth token. |
| OIDC token using authorization code (ANZ) flow | Sample | This example demonstrates acquiring a token using a hybrid web view. |
| QR code scanning | Sample | This example demonstrates scanning a QR code for one-time password (OTP) generation or multi-factor authentication (MMFA) with ISAM or Clould Identity Verify (CIV). |
| Secure key | Sample | This example demonstrates generating a private and public key with access control to protect access to the private key. |
| Get OAuth token | Snippet | The SDK supports the ROPC grant flow. |
| Certificate pinning | Snippet | Compares a certificate stored in the mobile app as being the same certificate presented by the web server that provides the HTTPS connection. |
| Key pair generation | Snippet | TKey pairs are used in the SDK to sign challenges, coming from IBM Security Access Manager. The private key remains on the device, whereas the public key gets uploaded to the server as part of the mechanisms enrollment. |
| Signing data | Snippet | The public key would be stored on a server and provide the challenge text to the client. The client uses the private key to sign the data which is sent back to the server. The server validates the signed data against the public key to verify the keys have not been tampered with. |
IBM Verify is a mobile app for multi-factor authentication (MFA) with IBM Security Access Manager (ISAM). IBM Verify features:
- One-time password (OTP)
- Device registration and enrolment
- Multi-tenant services for push notification
- Built on the IBM Security Mobile Access SDK
For more information about IBM Verify, navigate to the user guide.
The IBM Verify SDK for iOS will support continuous delivery for features and security vulnerabilties and defects into the latest stream. Security vulnerabilties and critical defects will be backported into Older SDK Versions. Support is defined as fixing of critical security vulnerabilties and defects. Support does not imply new feature enhancements.
| Support Statement | Latest SDK Versions (Xcode 11.0) |
|---|---|
| Xcode updates | Yes |
| Swift updates | Yes |
| New features | Yes |
| Security Vulnerabilties | Yes |
| Critical Defects | Yes |
| iOS version updates | Yes |
IBM has an internal development and release process for ensuring code quality and to mitigate the risk of vulnerabilities. As part of the development process, all products are scanned by security vulnerability scanning tools to mitigate the risks of at least the following:
In addition, IBM Security products are developed and tested according to the best practices outlined in the IBM Secure Engineering Framework
http://www-03.ibm.com/security/secure-engineering/
We do not provide external security certifications for the SDK. IBM recommends professional security scanning be performed on all mobile apps built with the ISAM SDK.
The contents of this repository are open-source under the Apache 2.0 licence. The SDK itself is closed-source.
Copyright 2018 International Business Machines
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
These sample apps are intended solely for use with an Apple iOS product and intended to be used in conjunction with officially licensed Apple development tools and further customized and distributed under the terms and conditions of your licensed Apple developer program.