Ping SDKs

Integrate MFA using OATH one-time passwords

Applies to:

  • Ping SDK for Android

  • Ping SDK for iOS

  • Ping SDK for JavaScript

This topic explains how to integrate support for OATH one-time passwords into your projects that use the Ping (ForgeRock) Authenticator module.

Prerequisites

To integrate OATH one-time passwords into your application that uses the Ping (ForgeRock) Authenticator module, ensure you have completed the following tasks first:

  1. Configure your server to request a one-time password during the authentication journey.

    Refer to Create an OATH registration and authentication journey.

  2. Integrate the Ping (ForgeRock) Authenticator module into your app.

    Refer to Set up your Ping (ForgeRock) Authenticator module project.

  3. Start the Ping (ForgeRock) Authenticator module in your app.

    Refer to Initialize the Ping (ForgeRock) Authenticator module.

Sample apps

You can find example source code for integrating one-time passwords in the sample authenticator application repositories on GitHub:

Android

ForgeRock Authenticator sample for Android.
iOS

ForgeRock Authenticator sample for iOS.

Step 1. Register your app

The first time you authenticate you are asked to register a device by scanning a QR code.

Your application must implement a QR code scanning mechanism. The QR code contains the URI used for registering the device, although you could also offer a method for entering the URI manually.

After obtaining the URI, register the authentication mechanism in your app:

  • Android

  • iOS

Register the OATH mechanism by implementing the FRAClient.createMechanismFromUri() method, and use FRAListener to receive the newly created mechanism:

fraClient.createMechanismFromUri("qrcode_scan_result", new FRAListener<Mechanism>() {

    @Override
    public void onSuccess(Mechanism mechanism) {
        // called when device enrollment was successful.
    }

    @Override
    public void onFailure(final MechanismCreationException e) {
        // called when device enrollment has failed.
    }
});

Implement FRAClient.shared in your ViewController, or View to receive the Mechanism object:

guard let fraClient = FRAClient.shared else {
    print("FRAuthenticator SDK is not initialized")
    return
}

fraClient.createMechanismFromUri(uri: url, onSuccess: { (mechanism) in
    // Method call occurs when device enrollment is successful.
}, onError: { (error) in
    // Method call occurs when device enrollment fails.
})

Step 2. Generate one-time passwords

With the OATH mechanisms now registered, your app can obtain the current, and next tokens, as an OathTokenCode object:

  • Android

  • iOS

OathTokenCode token = oath.getOathTokenCode();
String otp = token.getCurrentCode();
do {
    // Generate OathTokenCode
    let code = try mechanism.generateCode()
    // Update UI with generated code
    codeLabel?.text = code.code
} catch {
    // Handle errors for generating OATH code
}

More information

Refer to the following links for information on some of the interfaces and objects used in this topic:

Android iOS

OathMechanism

OathMechanism

createMechanismFromUri

createMechanismFromUri