Password Login
Document Description
This document describes how the iOS client can integrate password login.
Flow Description
Login scenarios:
Username + password login: the user enters the username and password. After verifying them, IDaaS SDK returns
session_tokenandid_tokento the APP client.Mobile number + password login: the user enters the mobile number and password. After verifying them, IDaaS SDK returns
session_tokenandid_tokento the APP client.Email + password login: the user enters the email and password. After verifying them, IDaaS SDK returns
session_tokenandid_tokento the APP client.Unified username/password login API: username/mobile/email + password login can be implemented on one page, returning
session_tokenandid_tokento the APP client.
Flows serving login scenarios:
After tapping the login button, the system returns that the password is about to expire, reminding the user to modify it. This can be skipped or navigate to the modify password page.
After tapping the login button, the system returns that the password has expired, and the user must be forced to modify the password.
Before login, forgot password: retrieve password via mobile number.
Login Flow

Integration Flow Description
Enter username + password / mobile number + password / email + password, and tap the Login button.
The APP client calls the login method (4 types).
The IDaaS SDK calls the IDaaS server for authentication. The authentication result is one of four types: success, password about to expire, password expired, or failure.
On success, the IDaaS server returns
session_tokenandid_token.The IDaaS SDK returns
session_tokenandid_tokento the APP client.If the password is about to expire, the IDaaS server returns the password-about-to-expire parameter.
The IDaaS SDK returns password-about-to-expire to the APP client.
The user can choose to skip password modification or modify the password directly.
The APP client calls the skip password modification method or the modify password method based on the button tapped.
The IDaaS SDK calls the IDaaS server skip password modification interface or the modify password interface.
The IDaaS server returns
session_tokenandid_tokenif verification succeeds, or an error code if it fails.The IDaaS SDK returns the success or failure parameters to the APP client.
If the password has expired, the IDaaS server returns the force password modification parameter to the IDaaS SDK.
The IDaaS SDK returns the force password modification parameter to the APP client.
The user is forced to modify the password. The APP client calls the modify password method.
The IDaaS SDK calls the IDaaS server modify password interface.
The IDaaS server returns
session_tokenandid_tokento the IDaaS SDK if password modification succeeds, or an error code if it fails.The IDaaS SDK returns
session_tokenandid_tokento the APP client if password modification succeeds, or an error code if it fails.The client can use
id_tokento verify login validity and obtain basic user information.The client can use
session_tokento refreshid_token.
Retrieve Password Flow

Integration Flow Description
The user taps the Forgot Password button.
The APP client displays the retrieve password page, which must be provided by the APP.
The user enters the mobile number and taps the button to obtain the verification code.
The APP calls the slider verification method.
The IDaaS SDK requests the IDaaS server sliding verification interface.
The IDaaS server returns the sliding verification parameters.
The IDaaS SDK pops up the sliding verification window.
The user drags the slider to verify.
The IDaaS SDK sends the sliding verification to the IDaaS server.
The IDaaS server returns the sliding verification result.
The IDaaS SDK returns the sliding verification result to the APP client.
The APP client calls the IDaaS SDK method to send the SMS verification code using the sliding token.
The IDaaS SDK calls the IDaaS server send verification code interface.
The IDaaS server returns the send verification code result to the IDaaS SDK.
The IDaaS SDK returns the send verification code result to the APP client.
The user receives the SMS verification code, fills it in, and taps the Retrieve Password button.
The APP client calls the IDaaS SDK retrieve password method using mobile number + verification code + new password.
The IDaaS SDK calls the IDaaS server retrieve password interface.
The IDaaS server returns the retrieve password result to the IDaaS SDK.
The IDaaS SDK returns the retrieve password result to the APP client.
Environment Setup
Obtain clientID
Log in to the IDaaS Enterprise Center, click Resources > Applications, and select the relevant application to view it.

Password Policy Settings
This setting configures the password expiration time and reminder duration. First, follow the path shown below to the password policy module.

You can enable password expiration as shown below:

After enabling, you can set how long until the password expires and the number of days in advance to notify, as shown below:

This setting is used so that after login, the IDaaS server detects how long the currently used password needs to be changed and prompts the user to modify it a few days in advance. After password expiration check is enabled, every login will be checked according to the configured parameters.
Import Dependency Packages
No third-party SDK dependencies.
Add Main Library
AuthnCenter_common_2E.framework
AuthnCenter_PWLogin_2E.framework
AuthnCenter_PWLogin_2E.bundleDrag the IDaaS SDK into the project. The import method is as follows:

And introduce the Pod dependency.
pod 'JWT', '~> 3.0.0-beta.14'Target Settings
The IDaaS password login SDK is compatible with iOS 10 and above.
Add the main library and dependencies in Frameworks, Libraries, and Embedded Content, and add
-ObjCto Other Linker Flags.
In the menu bar, select TARGETS > Info > Custom iOS Target Properties > App Transport Security Settings > Allow Arbitrary Loads, as shown below.

Set bitcode, as shown below, and set bitcode to NO.

Development Integration
Built-in API Introduction
- Choose one login method (username/password, mobile/password, email/password, unified username/password). If forced password modification or skip is needed, call the corresponding methods (modify password / skip password modification).
- You can retrieve the password via mobile number. The APP client builds its own retrieve password page, which needs three elements: mobile number input box, verification code input box, button to obtain verification code, and retrieve button. After tapping the button to obtain the verification code, call IDaaS:
- SDK sliding verification method and call IDaaS.
- SDK send SMS method. After receiving the verification code, tap the retrieve button, and the APP client calls IDaaS.
- SDK retrieve password method.
SDK Initialization
Place the initialization method in the didFinishLaunchingWithOptions method of AppDelegate.
Import the following in AppDelegate
#import <AuthnCenter_common_2E /BCIDACommonManager.h>
//1. Basic configuration initialization
[[[[[BCIDACommonManager sharedInstance] initWithDomain:@"https://your-tenant-server.com"] initWithClientID:@"tenant-clientID"] initWithSSLCerVerification:NO] setLogEnabled:YES] ;Basic configuration initialization main class BCIDACommonManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: initWithDomain
* @param domain, starts with https:// and ends with .com.
* @return Instance
*/
-(BCIDACommonManager)initWithDomain:(NSString)domain
/**
* Method name: initWithClientID
* @param client id.
* @return Instance
*/
-(BCIDACommonManager)initWithClientID:(NSString)clientID;
/**
* Method name: setLogEnabled
* @param Boolean whether to enable log.
* @return Instance
*/
-(void)setLogEnabled:(BOOL)enable;
/**
* Method name: initWithSSLCerVerification
* @param Boolean whether to enable SSL certificate verification.
* @return Instance
*/
-(BCIDACommonManager*)initWithSSLCerVerification:(bool)sslCerVerification;International Mobile Area Code
If international number support is enabled, call the international area code API in advance. The API returns the configured list of international area codes with regular expressions for phone numbers. The figure below shows how to configure the international area code list and preferred area code.

The IDaaS SDK provides an API to obtain international area codes:
Example code for obtaining the international area code list:
#import <AuthnCenter_common_2E/BCIDAInternationalPhoneCodeManager.h>
[BCIDAInternationalPhoneCodeManager getInternaltionalAreaCodeWithCompletionHandler:^(NSString * _Nonnull code, id _Nonnull data) {
__strong __typeof(weakSelf)strongSelf = weakSelf;
dispatch_async(dispatch_get_main_queue(), ^{
NSDictionary* dic=(NSDictionary*)data;
// Check whether the phone number matches the regular expression
BOOL flag= [strongSelf parseDictionary:dic andWithMoile:mobile];
});
}];Main class method introduction:
/**
* Method name: getInternaltionalAreaCodeWithCompletionHandler
* @brief: Method to obtain international area codes
* @param
*@param
* @param BCSMSGetInternationalAreaCodeHandlerBlock () result callback. code=0, data returns an NSDictionary result.
**/
+(void)getInternaltionalAreaCodeWithCompletionHandler:(BCSMSGetInternationalAreaCodeHandlerBlock)resultHander;Success example code=0, data value:
{
"phoneAreaCodeDefinitions": [
{
"areaCode": "86",
"displayMapping": {
"zh-TW": "Mainland China",
"en": "China",
"zh-CN": "Mainland China"
},
"countryCode": "CN",
"mobileRegex": "^(\\+86){0,1}\\-?1\\d{10}$",
"areaCodeSuffixes": []
},
{
"areaCode": "852",
"displayMapping": {
"zh-TW": "Hong Kong",
"en": "Hong Kong",
"zh-CN": "Hong Kong"
},
"countryCode": "HK",
"mobileRegex": "^(\\+852){1}\\-?0{0,1}[1,4,5,6,7,8,9](?:\\d{7}|\\d{8}|\\d{12})$",
"areaCodeSuffixes": []
},
{
"areaCode": "886",
"displayMapping": {
"zh-TW": "Taiwan",
"en": "Taiwan",
"zh-CN": "Taiwan"
},
"countryCode": "TW",
"mobileRegex": "^(\\+886){1}\\-?[6,7,9](?:\\d{7}|\\d{8})$",
"areaCodeSuffixes": []
},
{
"areaCode": "853",
"displayMapping": {
"zh-TW": "Macau",
"en": "Macau",
"zh-CN": "Macau"
},
"countryCode": "MO",
"mobileRegex": "^(\\+853){1}\\-?0{0,1}[1,4,5,6,7,8,9](?:\\d{7}|\\d{8}|\\d{12})$",
"areaCodeSuffixes": []
},
{
"areaCode": "93",
"displayMapping": {
"zh-TW": "Afghanistan",
"en": "Afghanistan",
"zh-CN": "Afghanistan"
},
"countryCode": "AF",
"mobileRegex": "^(\\+93){1}\\-\\d{6,11}",
"areaCodeSuffixes": []
}
],
"preferredAreaCode": "CN"
}Response parameters format:
| Parameter Name | Description | Type |
|---|---|---|
| preferredAreaCode | Preferred international area code | String |
| countryCode | Country/region code | String |
| areaCode | International dialing code | String |
| areaCodeSuffixes | International dialing code suffixes | String |
| mobileRegex | Mobile number format regular expression | String |
| displayMapping | Multi-language display name mapping | String |
Built-in Sliding Verification
This sliding verification method is used together with "Retrieve password via mobile number" and "Register new user via mobile SMS verification code".
Please check the mobile number format before calling this method.
Tap (trigger) the send verification code event. The App client calls the IDaaS SDK sliding verification method. Example:
// Import header
#import <AuthnCenter_PWLogin_2E/BCPWSlideVerifyCodeManager.h>
// Tap (trigger) send verification code event
[BCPWSlideVerifyCodeManager startSlidingVerifyCodePageWithMobileNumber:mobile andWithResultHandler:^(NSString * _Nonnull code, id _Nonnull data) {
// Handle result
}];BCPWSlideVerifyCodeManager method overview:
/**
* Method name: startSlidingVerifyCodePageWithMobileNumber
* @brief: Trigger sliding verification
*@ param mobile Mobile number: with area code "+86-13800000000" or without area code "13800000000" are both acceptable.
*@param complete: Asynchronous result callback:
1. When sliding verification succeeds, returns code=0, data=sliding token.
2. When sliding verification fails, returns code=other (refer to error codes).
3. code=105, data="User closed" means the close button of the sliding box was tapped, so the APP client receives the behavior of the user closing the sliding box.
**/
+(void)startSlidingVerifyCodePageWithMobileNumber:(NSString*)mobile andWithResultHandler:(BCPWSlideCodeHandlerBlock)resultHandler;Example code for sending SMS when sliding verification succeeds with code=0:
// When forgetting password (modifying password via mobile number), select type:
pwSlideSMSSendType type= pwSlideSMSForgetPassword;
// When registering a new user via mobile number, select type:
pwSlideSMSSendType type= pwSlideSMSRegist;
[BCPWSlideVerifyCodeManager sendSMSWithSlideResultWithToken:token andMobile:mobile andWithType:type andWithCallBack:^(NSString * _Nonnull code, id _Nonnull data) {
if ([code isEqualToString:@"0"]) {
NSLog(@"SMS sent successfully--code=%@ data=%@",code,data);
}else{
NSLog(@"SMS sending failed--code=%@ data=%@",code,data);
}
}];BCPWSlideVerifyCodeManager method overview for sending SMS:
/**
* Method name: sendSMSWithSlideResultWithToken
* @brief: Call this method to send SMS.
*@ param token Token obtained after the previous sliding verification succeeded.
*@ param mobile Mobile number.
*@ param type (pwSlideSMSSendType enum)
When forgetting password and needing to send SMS verification code: type= pwSlideSMSForgetPassword.
When registering a new user and needing to send SMS verification code: type= pwSlideSMSRegist.
*@param complete: Asynchronous result callback. SMS sent successfully: code=0; other values indicate SMS sending failure.
**/
+(void)sendSMSWithSlideResultWithToken:(NSString*)token andMobile:(NSString*)mobile andWithType:(pwSlideSMSSendType)type andWithCallBack:(BCPWSendSMSHandlerBlock)callBack;Username/Password Login
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCUserNamePWLoginManager.h>
// Tap (trigger) login button
[[BCUserNamePWLoginManager sharedInstance] loginByUserName:userName andWithPassword:passWord andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
dispatch_async(dispatch_get_main_queue(), ^{
NSLog(@"result==%@==%@",code,data);
});
}];BCUserNamePWLoginManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: loginByUserName
* @brief: Username + password login.
* Login succeeded: code=0, data=session_token.
* Failed: code=error code, data returns error reason.
*@ param username Username.
*@ param password Password.
*@param BCUserNamePWLoginHandlerBlock: Asynchronous result callback containing two return parameters, NSString code and id data:
1. code=0 success, data returns session_token and id_token.
2. code=101 indicates password modification is needed or password is about to expire; should navigate.
data =【status= PASSWORD_WARN】password not expired but about to expire.
【status= PASSWORD_EXPIRED】password expired, must modify.
3. code=1 error, data (NSDictionary type) returns "error_code" and "error_msg".
**/
-(void)loginByUserName:(NSString*)username andWithPassword:(NSString*)password andWithCallBackHandler:(BCUserNamePWLoginHandlerBlock)callBack;Response parameters list:
Success example 1 (user matched, returns session_token):
code=0
data=
{
"session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
"id_token":"xxxxxx",
"expire": 432000,
"status": "SUCCESS"
}
Success example 2 (returns password-about-to-expire flow):
code=101
data=
{
"status": "PASSWORD_WARN",
"state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMjExMTY0NDUwNjk5LTE2M0QtNTVFMEI1RTRCXCIsXCJzdGF0dXNcIjpcIlBBU1NXT1JEX0VYUElSRURcIn0iLCJleHAiOjE2NDQ1NzEzNjAsImlhdCI6MTY0NDU2OTU2MCwianRpIjoiMTY0NDU2OTU2MDIwNDAifQ.WGk9GGQGmKsmo4UmCzKfiC9x1Fj0WBowdO7jEStMvB4",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Success example 3 (returns password-expired flow):
Code=101,
data=
{
"status": "PASSWORD_EXPIRED",
"state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWJqZWN0Ijoie1wic3RhdGVcIjpcIlBBU1NXT1JEX1dBUk5cIixcInVzZXJJZFwiOlwiMjAyMTA3MjYxNzQwNTgxNDUtOTFCQy0xM0UwMTRBQkJcIn0iLCJpZCI6IjIwMjEwNzI2MTc0MDU4MTQ1LTkxQkMtMTNFMDE0QUJCIiwiZXhwIjoxNjI43MTkwLCJpYXQiOjEasd2Mjg4NDY1OTB9.-egHWNfNPIxNnM540_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Error example
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be left blank."
}Mobile Number/Password Login
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCPhonePWLoginManager.h>
// Tap (trigger) login button
[[BCPhonePWLoginManager sharedInstance] loginByPhoneNumber:phoneStr andWithPassword:passWord andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
dispatch_async(dispatch_get_main_queue(), ^{
NSLog(@"result==%@==%@",code,data);
});
}];BCPhonePWLoginManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: loginByPhoneNumber
* @brief: Mobile number + password login.
*@ param username Username.
*@ param password Password.
*@param BCPhonePWLoginHandlerBlock: Asynchronous result callback containing two return parameters, NSString code and id data:
1. code=0 success, data returns session_token and id_token.
2. code=101 indicates password modification is needed or password is about to expire; should navigate.
data =【status= PASSWORD_WARN】password not expired but about to expire.
【status= PASSWORD_EXPIRED】password expired, must modify.
3. code=1 error, data (NSDictionary type) returns "error_code" and "error_msg".
**/
-(void) loginByPhoneNumber:(NSString*)mobile andWithPassword:(NSString*)password andWithCallBackHandler:(BCPhonePWLoginHandlerBlock)callBack;Response parameters list:
Success example 1 (user matched, returns session_token):
code=0
data=
{
"session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
"id_token":"xxxxxx",
"expire": 432000,
"status": "SUCCESS"
}
Success example 2 (returns password-about-to-expire flow):
code=101
data=
{
"status": "PASSWORD_WARN",
"state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMjExMTY0NDUwNjk5LTE2M0QtNTVFMEI1RTRCXCIsXCJzdGF0dXNcIjpcIlBBU1NXT1JEX0VYUElSRURcIn0iLCJleHAiOjE2NDQ1NzEzNjAsImlhdCI6MTY0NDU2OTU2MCwianRpIjoiMTY0NDU2OTU2MDIwNDAifQ.WGk9GGQGmKsmo4UmCzKfiC9x1Fj0WBowdO7jEStMvB4",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Success example 3 (returns password-expired flow):
Code=101,
data=
{
"status": "PASSWORD_EXPIRED",
"state_token":"eyJhbGciOiJIUzI1NitFwmznEPRiIC4we0",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Error example
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be left blank."
}Email/Password Login
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCEmailPWLoginManager.h>
// Tap (trigger) login button
[[BCEmailPWLoginManager sharedInstance] loginByEmail:emailStr andPassword:passWord andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
dispatch_async(dispatch_get_main_queue(), ^{
NSLog(@"result==%@==%@",code,data);
});
}];BCEmailPWLoginManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: loginByEmail
* @brief: Email + password login. Failed: code=error code, data returns error reason. Password sent successfully: code=0, data=session_token.
*@ param email Email.
*@ param password Password.
*@param BCEmailPWLoginHandlerBlock: Asynchronous result callback containing two return parameters, NSString code and id data:
1. code=0 success, data returns session_token and id_token.
2. code=101 indicates password modification is needed or password is about to expire; should navigate.
data =【status= PASSWORD_WARN】password not expired but about to expire.
【status= PASSWORD_EXPIRED】password expired, must modify.
3. code=1 error, data (NSDictionary type) returns "error_code" and "error_msg".
**/
-(void)loginByEmail:(NSString*)email andPassword:(NSString*)password andWithCallBackHandler:(BCEmailPWLoginHandlerBlock)callBack;Response parameters list:
Success example 1 (user matched, returns session_token):
code=0
data=
{
"session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
"id_token":"xxxxxx",
"expire": 432000,
"status": "SUCCESS"
}
Success example 2 (returns password-about-to-expire flow):
code=101
data=
{
"status": "PASSWORD_WARN",
"state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMjExMTY0NDUwNjk5LTE2M0QtNTVFMEI1RTRCXCIsXCJzdGF0dXNcIjpcIlBBU1NXT1JEX0VYUElSRURcIn0iLCJleHAiOjE2NDQ1NzEzNjAsImlhdCI6MTY0NDU2OTU2MCwianRpIjoiMTY0NDU2OTU2MDIwNDAifQ.WGk9GGQGmKsmo4UmCzKfiC9x1Fj0WBowdO7jEStMvB4",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Success example 3 (returns password-expired flow):
Code=101,
data=
{
"status": "PASSWORD_EXPIRED",
"state_token":"e_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Error example
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be left blank."
}Unified Username/Password Login
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCAllInOnePWLoginManager.h>
// Tap (trigger) login button
[[BCAllInOnePWLoginManager sharedInstance] loginByAllInOneString:userName andWithPassword:passWord andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
dispatch_async(dispatch_get_main_queue(), ^{
NSLog(@"result==%@==%@",code,data);
});
}];BCAllInOnePWLoginManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: loginByAllInOneString
* @brief: Unified login field + password login. Failed: code=error code, data returns error reason. Password sent successfully: code=0, data=session_token.
*@ param allStr Unified login field.
*@ param password Password.
*@param BCAllInOnePWLoginHandlerBlock: Asynchronous result callback containing two return parameters, NSString code and id data:
1. code=0 success, data returns session_token and id_token.
2. code=101 indicates password modification is needed or password is about to expire; should navigate.
data =【status= PASSWORD_WARN】password not expired but about to expire.
【status= PASSWORD_EXPIRED】password expired, must modify.
3. code=1 error, data (NSDictionary type) returns "error_code" and "error_msg".
**/
-(void)loginByAllInOneString:(NSString*)allStr andWithPassword:(NSString*)password andWithCallBackHandler:(BCAllInOnePWLoginHandlerBlock)callBack;Response parameters list:
Success example 1 (user matched, returns session_token):
code=0
data=
{
"session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
"id_token":"xxxxxx",
"expire": 432000,
"status": "SUCCESS"
}
Success example 2 (returns password-about-to-expire flow):
code=101
data=
{
"status": "PASSWORD_WARN",
"state_token": "eyJhFj0WBowdO7jEStMvB4",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Success example 3 (returns password-expired flow):
Code=101,
data=
{
"status": "PASSWORD_EXPIRED",
"state_token":"eyJhbGciHWNfNPIxNnM540_wTYMtFwB4C9ymznEPRiIC4we0",
"data": "{\"maxLength\":18,\"minLength\":8,\"regEx\":\"^(?![a-zA-Z]+$)(?![A-Z0-9]+$)(?![A-Z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![a-z0-9]+$)(?![a-z~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)(?![0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]+$)[a-zA-Z0-9~!#$%&+\\\\-,*:;<=>@_?^、`~\\\\./]{1,}$\",\"tip\":\"Contains at least 3 of: digits, uppercase letters, lowercase letters, and special characters\"}"
}
Error example
{
"error_code": "SDK.COMMON.1001",
"error_msg": "Parameter X-client-id cannot be left blank."
}Skip Password Modification
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCPWPassWordUpdateManager.h>
// Tap (trigger) login button
[[BCPWPassWordUpdateManager sharedInstance] skipPassWordModifyWithStateToken:state_token andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
NSString* msg=[NSString stringWithFormat:@"Result after skipping password modification: code=%@-------data=%@",code,data];
}];BCPWPassWordUpdateManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: skipPassWordModifyWithStateToken
* @brief: Skip password modification. Only used when the login API returns status: "PASSWORD_WARN" (when login API code=101).
*@ param state_token state_token field returned by the login API (when login API code=101).
*@param BCSkipPasswordModifyHandlerBlock: Asynchronous result callback.
code=0 success, other values indicate failure.
**/
-(void)skipPassWordModifyWithStateToken:(NSString*)state_token andWithCallBackHandler:(BCSkipPasswordModifyHandlerBlock)callBack;Return parameters:
| code | Description |
|---|---|
| code=0 success | data returns NSDictionary: data=@{@"session_token":sessionTokenContent,@"id_token":idTokenContent}; |
| code=other | data=Failure description |
Modify Password
Example code:
// Import header
#import <AuthnCenter_PWLogin_2E/BCPWPassWordUpdateManager.h>
// Tap (trigger) login button
[[BCPWPassWordUpdateManager sharedInstance] modifyPasswordWithStateToken:_state_token andWithNewPassword:nePass andWithOldPassword:oldPass andWithCallBackHandler:^(NSString * _Nonnull code, id _Nonnull data) {
NSString* str=[NSString stringWithFormat:@"code=%@-----data=%@",code,data];
}];BCPWPassWordUpdateManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: modifyPasswordWithStateToken
* @brief: Modify password. Only used when the login API returns status: "PASSWORD_EXPIRED" (when login API code=101).
*@ param state_token state_token field returned by the login API.
*@param newPassword
*@param oldPassword
*@param BCPWModifyPasswordHandlerBlock: Asynchronous result callback.
code=0 success, other values indicate failure.
**/
-(void)modifyPasswordWithStateToken:(NSString*)state_token andWithNewPassword:(NSString*)newPassword andWithOldPassword:(NSString*)oldPassword andWithCallBackHandler:(BCPWModifyPasswordHandlerBlock)callBack;Return parameters:
| code | Description |
|---|---|
| code=0 success | data returns NSDictionary: data=@{@"session_token":sessionTokenContent,@"id_token":idTokenContent}; |
| code=other | data=Failure description |
Retrieve Password via Mobile Number
The App client needs to build its own interface including a mobile number input box, button to obtain verification code, verification code input box, new password input box, and submit button. After tapping the button to obtain the verification code, call the sliding verification method in this document to obtain the verification code.
// Import header
#import <AuthnCenter_PWLogin_2E/BCPWForgetPassWordManager.h>
// Tap (trigger) send verification code event
[[BCPWForgetPassWordManager sharedInstance] forgetPasswordChangePassWordByPhone:mobile andVerifyCode:verifyC andWithNewPassword:newPassword andWithCompletionHandler:^(NSString * _Nonnull code, id _Nonnull data) {
dispatch_async(dispatch_get_main_queue(), ^{
NSString* str=[NSString stringWithFormat:@"code=%@------data=%@",code,data];
});
}];BCPWForgetPassWordManager method overview:
/**
* Method name: sharedInstance
* @param none
* @return Singleton instance
*/
+ (instancetype )sharedInstance ;
/**
* Method name: forgetPasswordChangePassWordByPhone
* @brief: Retrieve password via mobile number.
*@ param mobile Mobile number: with area code "+86-13800000000" or without area code "13800000000" are both acceptable.
*@ param verifyCode SMS verification code.
*@ param newPassword New password.
*@param complete: BCPWforgetPasswordModifyByPhoneHandlerBlock asynchronous result callback. code=0 password modified successfully, other values indicate failure.
**/
-(void)forgetPasswordChangePassWordByPhone:(NSString*)mobile andVerifyCode:(NSString*)verifyCode andWithNewPassword:(NSString*)newPassword andWithCompletionHandler:(BCPWforgetPasswordModifyByPhoneHandlerBlock)callBack;Return parameters:
| code | Description |
|---|---|
| code=0 success | data=Success |
| code=other | data=Failure description |
Register via Mobile SMS Verification Code
The user builds the interface. Mobile number and verification code are required. You can use IDaaS SDK sliding verification and send SMS methods to obtain the verification code. Other personal information parameters are optional. Registration success is equivalent to login success, returning session_token and id_token.
Example code:
// Import header
#import <AuthnCenter_SMSLogin_2E/BCPWRegistByPhoneNumManager.h>
// Tap register
[[BCPWRegistManager sharedInstance] registUserByPhone:mobile andWithVerifyCode:verifyCode andWithUserName:username andWithName:name andWithEmail:email andWithPassword:password andWithHeadImageURLStr:headIma andWithGender:gender andWithBirthDay:birthDay andWithNickName:nickName andWithAddress:address andWithZipCode:zipCode andWithFirstName:FirstNAme andWithMiddleName:middleName andWithLastName:lastName andWithIndustry:industry andWithExtension:nil andWithCompletionHandler:^(NSString * _Nonnull code, id _Nonnull data) {
}];BCPWRegistManager method overview:
/**
* Method name: registUserByPhone
* @brief: Register a new user with mobile number.
*@ param mobile Mobile number (required): with area code "+86-13800000000" or without area code "13800000000" are both acceptable.
*@ param verifyCode (required): SMS verification code.
*@param complete: BCPWRegistByPhoneHandlerBlock asynchronous result callback. code=0 success, data returns session_token and id_token; other values indicate failure.
**/
-(void)registUserByPhone:(NSString*)mobile andWithVerifyCode:(NSString*)verifyCode andWithUserName:(NSString*)userName andWithName:(NSString*)name andWithEmail:(NSString*)email andWithPassword:(NSString*)password andWithHeadImageURLStr:(NSString*)headImageUrlStr andWithGender:(NSString*)gender andWithBirthDay:(NSString*)birthday andWithNickName:(NSString*)nickName andWithAddress:(NSString*)address andWithZipCode:(NSString*)zipCode andWithFirstName:(NSString*)firstName andWithMiddleName:(NSString*)middleName andWithLastName:(NSString*)lastName andWithIndustry:(NSString*)industry andWithExtension:(NSDictionary*)extendDic andWithCompletionHandler:(BCPWRegistByPhoneHandlerBlock)callBack;Input parameter description:
| Parameter Name | Type | Required | Example |
|---|---|---|---|
| mobile | NSString | Yes | With area code "+86-13800000000" or without area code "13800000000" are both acceptable |
| verifyCode | NSString | Yes | Use the verification code received by SMS |
| userName | NSString | No | Username, letters and digits |
| name | NSString | No | Chinese, English, digits |
| NSString | No | ||
| password | NSString | No | Password |
| headImageUrlStr | NSString | No | Avatar URL "https://thirdwx.qlogo.cn/mmopen/vi_32/Q0j4TwGTfTIQ8QOTSn3y4cYHLlMC3sv6RCBmeMkxtOog47Zr3v2Afbqc2bmP0WibUIUskX39eJlJ" |
| gender | NSString | No | Optional values: female, male, unknow (keep secret). This parameter is validated; if it does not match, the callback returns an error. |
| birthday | NSString | No | Format: yyyy-MM-dd. This parameter is validated; if it does not match, the callback returns an error. |
| nickName | NSString | No | Nickname, Chinese/English/digits |
| address | NSString | No | Address |
| zipCode | NSString | No | Zip code |
| firstName | NSString | No | First name |
| middleName | NSString | No | Middle name |
| lastName | NSString | No | Last name |
| industry | NSString | No | Industry |
| extendDic | NSDictionary | No | Pass newly added background parameters in the format below. age is the parameter name newly configured in the Enterprise Center. |
Return parameters:
| code | Description |
|---|---|
| code=0 success | Data returns NSDictionary: data= {"session_token":sessionTokenContent,"id_token":idTokenContent}; |
| code=other | data=Failure description |
Parameter input example:
{
"user_name": "zhangsan",
"name": "Zhang San",
"email": "15200000000@qq.com",
"pwd": "QWE@qwe123",
"head_img": "https://thirdwx.qlogo.cn/mmopen/vi_32/Q0j4TwGTfTIQ8QOTSn3y4cYHLlMC3sv6RCBmeMkxtOog47Zr3v2Afbqc2bmP0WibUIUskX39eJlJ",
"attr_gender":"male",
"attr_birthday": "2022-02-17",
"attr_nick_name": "Zhang San",
"mailing_address": "Wuhan, Hubei",
"zip_code": "430000",
"first_name": "zhangsan",
"middle_name": "zhangsan",
"last_name": "zhangsan",
"industry": "Public institution",
"extension": {
"age":"18"
}
}IDToken Verification and User Information
After login succeeds, session_token and id_token are returned. id_token can be used to obtain user information and verify login validity.
Flow: obtain user information from idToken (this method can be called directly without verification).
Parse User Information from idToken
Call example:
[[BCIDAIDTokenManager sharedInstance] getUserInfoFromIdTokenWithIdToken:idToken andWithCallBack:^(NSString * _Nonnull code, id _Nonnull data) {
}];BCIDAIDTokenManager introduction:
/**
* Method name: sharedInstance
* @param no input
* @return Returns the singleton instance
*/
+ (instancetype )sharedInstance;
/**
* Method name: getUserInfoFromIdTokenWithIdToken
* @brief: Parse user information from idToken
* @param idToken returned during login
* @param BCIDAIdTokenGetInfoHandlerBlock callback:
NSString code
id data
**/
-(void)getUserInfoFromIdTokenWithIdToken:(NSString*)idToken andWithCallBack:(BCIDAIdTokenGetInfoHandlerBlock)callback;User information parameter description:
| Parameter Name | Description |
|---|---|
| iss | Token issuer |
| aud | Token recipient, application clientId |
| exp | Token expiration time |
| jti | Token ID |
| iat | Token issue time |
| sub | Fixed as subject |
| name | User name |
| mobile | User mobile number |
| id | User ID |
| userName | Username |
| User email |
Callback return value:
Success example:
code=0
data=
{
"id": "20220729174957176-2C7F-A2C54C293",
"exp": 1659407592,
"nbf": 1659407172,
"mobile": "+86-13808603636",
"jti": "7iwCYPo8EYcmLAD18x-CAw",
"iss": "https:\/\/sdk2c.idaas-test-alpha.bccastle.com\/api\/v1\/oauth2",
"userName": "zhangrui1",
"sub": "20220729174957176-2C7F-A2C54C293",
"aud": "S1ScicdIVR1QUbNs8TBz6BYVd2Zt8Adc",
"iat": 1659407292,
"email": "",
"name": "zhangrui1"
}
Failure example
code=102Refresh IDToken
Call example:
[[BCIDAIDTokenRefreshManager sharedInstance] refreshIdTokenWithSessionToken:sessionToken andWithCallBack:^(NSString * _Nonnull code, id _Nonnull data) {
NSString* jsonS=(NSString*)data;
NSDictionary* dict= [self dictionaryWithJsonString:jsonS];// Parse jsonStr to NSDictionary
NSString* idTok= [dict objectForKey:@"id_token"];
NSString* session_tok=[dict objectForKey:@"session_token"];
NSString* expr=[dict objectForKey:@"expire"];
}];BCIDAIDTokenManager introduction:
/**
* Method name: sharedInstance
* @param no input
* @return Returns the singleton instance
*/
+ (instancetype )sharedInstance;
/**
* Method name: refreshIdTokenWithSessionToken
* @brief: Refresh idToken
* @param sessionToken returned during login
* @param BCIDAIdTokenRefreshIDTokenHandlerBlock callback:
NSString code
id data
**/
-(void)refreshIdTokenWithSessionToken:(NSString*)sessionToken andWithCallBack:(BCIDAIdTokenRefreshIDTokenHandlerBlock)callBack;Callback return value:
Success example:
code=0
data=
{
"id_token" : "eyJraWQiOiJhODJkzJjLmlkYWFzLXRllKp6w",
"session_token" : "apcOKuyry7kASh9h6mtf2G2GbettkyiU",
"expire" : 7200
}
Failure example (data unavailable)
code=1Error Codes
| HTTP Status | Error Code (error_code) | Error Message (error_msg) | Solution |
|---|---|---|---|
| 400 | IDAAS.SDK.COMMON.1001 | Parameter {0} cannot be left blank | |
| 400 | IDAAS.SDK.COMMON.1002 | The {0} parameter format is incorrect | |
| 400 | IDAAS.SDK.COMMON.1003 | Device information is incomplete | |
| 400 | IDAAS.SDK.COMMON.1004 | Signature decryption error | |
| 400 | IDAAS.SDK.COMMON.1005 | The {0} has failed | |
| 400 | IDAAS.SDK.COMMON.1006 | The {0} parameter error | |
| 400 | IDAAS.SDK.COMMON.1007 | The {0} parameter type error | |
| 500 | IDAAS.SDK.COMMON.1008 | The system is busy. Try again later | |
| 400 | IDAAS.SDK.COMMON.1009 | Unknown authentication configuration | |
| 400 | IDAAS.SDK.COMMON.1010 | Failed to obtain the enterprise center global configuration | |
| 400 | IDAAS.SDK.COMMON.1011 | Failed to obtain the international area code configuration | |
| 400 | IDAAS.SDK.COMMON.1012 | The x-client-ID is incorrect and the corresponding application cannot be found | |
| 400 | IDAAS.SDK.COMMON.1013 | The corresponding user is not found | |
| 400 | IDAAS.SDK.COMMON.1014 | Application private key not found | |
| 400 | IDAAS.SDK.LOGIN.1001 | Error calling interface | |
| 400 | IDAAS.SDK.LOGIN.1002 | User not bound | |
| 400 | IDAAS.SDK.LOGIN.1003 | The user has been locked due to too many unsuccessful login attempts. It will be unlocked in {0} minutes and {1} seconds | |
| 400 | IDAAS.SDK.LOGIN.1004 | Failed to obtain the password policy | |
| 400 | IDAAS.SDK.LOGIN.1005 | Invalid username or password. Remaining login attempts: | |
| 400 | IDAAS.SDK.LOGIN.1006 | Configuration error, unable to find wechat authentication source | |
| 400 | IDAAS.SDK.LOGIN.1007 | Configuration error, unable to find alipay authentication source | |
| 400 | IDAAS.SDK.LOGIN.1008 | The configuration is incorrect. The one-click login authentication source cannot be found | |
| 400 | IDAAS.SDK.SMS.1001 | {0} slide base map is not initialized successfully, please check the path | |
| 400 | IDAAS.SDK.SMS.1002 | {0} verification code coordinate resolution failed | |
| 400 | IDAAS.SDK.SMS.1003 | {0} verification code coordinate verification fails | |
| 400 | IDAAS.SDK.SMS.1004 | The graphic verification code is incorrect | |
| 400 | IDAAS.SDK.SMS.1005 | SMS verification code verification is incorrect | |
| 400 | IDAAS.SDK.SMS.1006 | The email verification code is incorrect | |
| 400 | IDAAS.SDK.SMS.1007 | Sending scenario does not exist | |
| 400 | IDAAS.SDK.SMS.1008 | Failed to send the verification code | |
| 400 | IDAAS.SDK.SOCIAL.1001 | The social account is unbound incorrectly | |
| 400 | IDAAS.SDK.SOCIAL.1002 | The social account has been bound, please unbind it first | |
| 400 | IDAAS.SDK.PWD.1001 | The password length is incorrect | |
| 400 | IDAAS.SDK.PWD.1002 | The password cannot be the username | |
| 400 | IDAAS.SDK.PWD.1003 | Your password complexity is low | |
| 400 | IDAAS.SDK.PWD.1004 | The password is weak | |
| 400 | IDAAS.SDK.PWD.1005 | The password is used before, cannot be used again | |
| 400 | IDAAS.SDK.PWD.1006 | Password cannot username in reverse order | |
| 400 | IDAAS.SDK.PWD.1007 | The number of repeated password characters exceeded the upper limit | |
| 400 | IDAAS.SDK.PWD.1008 | Password cannot contain :username, phone number, email prefix, name in PinYing | |
| 400 | IDAAS.SDK.MFA.1001 | The mobile doesn't match the user | |
| 400 | IDAAS.SDK.MFA.1002 | The access control policy is incorrect | |
| 400 | IDAAS.SDK.MFA.1003 | Access control authentication source type conversion error |