The TwilioAuth SDK has been deprecated. This means that while we will continue to provide maintenance support for existing customers and their usage, we discourage new customers and new usage, as we may shut it down entirely in the future. We strongly recommend using the Verify Push SDK instead, which currently supports the Push channel, and will be enhanced to support the TOTP channel in the future.
For iOS projects, make sure you import the framework in the files in which you will interact with the SDK.
Make sure the current device is registered by calling isDeviceRegistered.
To obtain the device id, call the getDeviceId method. This method will be useful for device specific operations such as deletion.
To create a new approval request, you can follow the instructions here or use the pre-built Authy API scripts available here.
Call getApprovalRequests to get the list of approval requests:
1long since = ...; // lower limit2long until= ...; // upper limit3TimeInterval timeInterval = new TimeInterval.Builder()4.setSince(since)5.setUntil(until)6.build();7List<ApprovalRequestStatus> statuses = Arrays.asList(8ApprovalRequestStatus.approved,9ApprovalRequestStatus.denied,10ApprovalRequestStatus.expired,11ApprovalRequestStatus.pending);1213twilioAuth.getApprovalRequests(statuses, timeInterval);
Call approveRequest or denyRequest to handle approval requests.
If you configured a callback URL in the Dashboard to receive notifications when a user approves/denies a request it will be called after this step. Otherwise you should poll the OneTouch API. For more details go here.
In order to interact with the request notifications you will need to update the push token every time it changes in the device.
Once the notification arrives, you will need to pull it from the TwilioAuth API. The reason for this is that it contains sensitive information, so the device must retrieve it through the TwilioAuth SDK instead of having it directly in the notification payload.
1public class MessagingService extends FirebaseMessagingService {2private static final String TAG = MessagingService.class.getSimpleName();3public static final String ONETOUCH_APPROVAL_REQUEST_TYPE = "onetouch_approval_request";45@Override6public void onMessageReceived(RemoteMessage remoteMessage) {78// Check if message contains a data payload.9if (remoteMessage.getData().size() == 0) {10Log.e(TAG, "Received notification with empty payload");11return;12}1314if (ONETOUCH_APPROVAL_REQUEST_TYPE.equals(remoteMessage.getData().get("type"))) {1516// Since the approval request has sensitive data, we'll fetch it in background with17// the request uuid instead of delivering the information within the userInfo.1819// Get the approval request id20String approvalRequestUuid = remoteMessage.getData().get("approval_request_uuid");2122TwilioAuth twilioAuth = ((App) getApplicationContext()).getTwilioAuth();2324if (!twilioAuth.isDeviceRegistered()) {25throw new RuntimeException("Device should be registered");26}2728ApprovalRequest approvalRequest;2930try {31ApprovalRequests approvalRequests = twilioAuth.getApprovalRequests(null, null);3233approvalRequest = approvalRequests.getApprovalRequestById(approvalRequestUuid);3435} catch (TwilioException e) {36throw new RuntimeException(e);37}3839if (approvalRequest != null) {40// Do something with the pending approvalRequest41}42}4344}
As a fallback when OneTouch requests aren't functioning (more specifically, if the user is in Airplane mode, has no Wi-Fi/cell connection, misses the push notification, or prefers to type the generated code in for validation instead of pushing the Approve/Deny button) you can obtain a TOTP.
The TOTP will be valid for 30 seconds and you can obtain it as follows:
Additionally your class must implement the AUTTOTPDelegate protocol (on iOS) or the TOTPCallback interface (on Android) to be able to receive the TOTP:
This delegate/callback listener will receive a TOTP immediately, which will be generated with the local token. Then the SDK will try to sync the token with TwilioAuth API in the background. If that token differs (i.e. digits changed, seed was rotated, or token was removed) your delegate will receive another call with the newest TOTP.
To delete the device local data you can use the following method:
Please note this method doesn't delete the device in the Authy backend, it only clears the data stored locally on the device. For example, you may use this method as a logout option inside your app.
If you find any inconveniences while following this guide please file us an issue