Implement new session API

Author: Foriger

.github/workflows/ci.yml

@@ -35,18 +35,26 @@ jobs:
     steps:
         - name: Checkout
           uses: actions/checkout@v4
+        - name: Select Xcode versions
+          uses: maxim-lobanov/setup-xcode@v1
+          with:
+            xcode-version: '16.4'
         - name: Run unit tests
           run: | 
               cd MIRACLTrust
               xcrun simctl erase "iPhone 16"
-              xcodebuild clean test -scheme "MIRACLTrust-iOS" -destination "platform=iOS Simulator,name=iPhone 16,OS=18.1" -quiet
+              xcodebuild clean test -scheme "MIRACLTrust-iOS" -destination "platform=iOS Simulator,name=iPhone 16,OS=18.6" -quiet
 
   integration-test:
     runs-on: macos-latest
     needs: test
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Select Xcode versions
+        uses: maxim-lobanov/setup-xcode@v1
+        with:
+          xcode-version: '16.4'
       - name: Run integration tests
         env: 
           TEST_ENVIRONMENT_URL: ${{ vars.TEST_ENVIRONMENT_URL }}
@@ -62,7 +70,7 @@ jobs:
         run: |
             cd MIRACLTrust
             xcrun simctl erase "iPhone 16"
-            xcodebuild clean test -scheme MIRACLTrust-IntegrationTests -destination "platform=iOS Simulator,name=iPhone 16,OS=18.1" -resultBundlePath reports/MIRACLTrust-IntegrationTests -quiet 
+            xcodebuild clean test -scheme MIRACLTrust-IntegrationTests -destination "platform=iOS Simulator,name=iPhone 16,OS=18.6" -resultBundlePath reports/MIRACLTrust-IntegrationTests -quiet 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         if: failure()
@@ -76,6 +84,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+      - name: Select Xcode versions
+        uses: maxim-lobanov/setup-xcode@v1
+        with:
+          xcode-version: '16.4'
       - name: Build SPM package
         run: xcodebuild -scheme MIRACLTrust -destination "generic/platform=iOS Simulator" -quiet
       - name: Build iOS Simulator framework version

MIRACLTrust/MIRACLTrust-Sources/Authentication Session Management/CodeStatusRequestBody.swift

@@ -2,4 +2,5 @@ struct CodeStatusRequestBody: Codable {
     var wid = ""
     var status = ""
     var userId: String?
+    var signature: String?
 }

MIRACLTrust/MIRACLTrust-Sources/Authentication/AuthenticationError.swift

@@ -34,6 +34,9 @@ public enum AuthenticationError: Error {
 
     /// Pin code includes invalid symbols or pin length does not match.
     case invalidPin
+
+    /// Invalid or expired cross-device session.
+    case invalidCrossDeviceSession
 }
 
 extension AuthenticationError: Equatable {
@@ -68,6 +71,8 @@ extension AuthenticationError: LocalizedError {
             description = NSLocalizedString("\(AuthenticationError.unsuccessfulAuthentication)", comment: "")
         case let .authenticationFail(error):
             description = NSLocalizedString("\(AuthenticationError.authenticationFail(error))", comment: "")
+        case .invalidCrossDeviceSession:
+            description = NSLocalizedString("\(AuthenticationError.invalidCrossDeviceSession)", comment: "")
         }
         return description
     }
@@ -98,6 +103,8 @@ extension AuthenticationError: CustomNSError {
             return 10
         case .invalidPin:
             return 11
+        case .invalidCrossDeviceSession:
+            return 12
         }
     }
 

MIRACLTrust/MIRACLTrust-Sources/Authentication/Authenticator.swift

@@ -15,7 +15,7 @@ let INVALID_AUTHENTICATION_SESSION = "INVALID_AUTHENTICATION_SESSION"
 struct Authenticator: Sendable, AuthenticatorBlueprint {
     let user: User
     let didRequestPinHandler: PinRequestHandler
-    let accessId: String?
+    let sessionType: SessionType
     let scope: [String]
     let miraclAPI: APIBlueprint
     let crypto: CryptoBlueprint
@@ -26,7 +26,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
     var completionHandler: AuthenticateCompletionHandler
 
     init(user: User,
-         accessId: String?,
+         sessionType: SessionType,
          crypto: CryptoBlueprint = MIRACLTrust.getInstance().crypto,
          deviceName: String = MIRACLTrust.getInstance().deviceName,
          api: APIBlueprint = MIRACLTrust.getInstance().miraclAPI,
@@ -36,7 +36,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
          didRequestPinHandler: @escaping PinRequestHandler,
          completionHandler: @escaping AuthenticateCompletionHandler) throws {
         self.user = user
-        self.accessId = accessId?.trimmingCharacters(in: .whitespacesAndNewlines)
+        self.sessionType = sessionType
         self.didRequestPinHandler = didRequestPinHandler
         self.completionHandler = completionHandler
         miraclAPI = api
@@ -63,7 +63,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
     }
 
     private func updateCodeStatus() {
-        guard let accessId = accessId else {
+        guard let sessionIdentifier = sessionType.getSessionIdentifier() else {
             return
         }
 
@@ -73,7 +73,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
         )
 
         miraclAPI.updateCodeStatus(
-            accessId: accessId,
+            accessId: sessionIdentifier,
             userId: user.userId,
             completionHandler: { _, _, _ in }
         )
@@ -191,7 +191,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
     func serverPass2(vBytes: Data, pinCode: String) {
         miraclAPI.pass2(
             for: user.mpinId.hex,
-            accessId: accessId,
+            accessId: sessionType.getSessionIdentifier(),
             vValue: vBytes.hex
         ) { apiCallResult, response, error in
             if apiCallResult == .failed, let error = error {
@@ -230,7 +230,14 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
                             callCompletionHandler(with: AuthenticationError.revoked)
                             return
                         case INVALID_AUTH_SESSION, INVALID_AUTHENTICATION_SESSION:
-                            callCompletionHandler(with: AuthenticationError.invalidAuthenticationSession)
+                            switch sessionType {
+                            case .crossDevice:
+                                callCompletionHandler(with: AuthenticationError.invalidCrossDeviceSession)
+                            case .legacy:
+                                callCompletionHandler(with: AuthenticationError.invalidAuthenticationSession)
+                            case .noSession:
+                                callCompletionHandler(with: AuthenticationError.invalidAuthenticationSession)
+                            }
                             return
                         case INVALID_AUTH, UNSUCCESSFUL_AUTHENTICATION:
                             callCompletionHandler(with: AuthenticationError.unsuccessfulAuthentication)
@@ -322,7 +329,7 @@ struct Authenticator: Sendable, AuthenticatorBlueprint {
 
             let updatedAuthenticator = try Authenticator(
                 user: updatedUser,
-                accessId: accessId,
+                sessionType: sessionType,
                 crypto: crypto,
                 deviceName: deviceName,
                 api: miraclAPI,

MIRACLTrust/MIRACLTrust-Sources/Constants.swift

@@ -5,6 +5,7 @@ public typealias PinRequestHandler = @MainActor @Sendable (@escaping ProcessPinH
 public typealias RegistrationCompletionHandler = @MainActor @Sendable (User?, Error?) -> Void
 public typealias AuthenticationCompletionHandler = @MainActor @Sendable (Bool, Error?) -> Void
 public typealias SigningCompletionHandler = @MainActor @Sendable (SigningResult?, Error?) -> Void
+public typealias CrossDeviceSigningCompletionHandler = @MainActor @Sendable (Bool, Error?) -> Void
 public typealias VerificationCompletionHandler = @MainActor @Sendable (VerificationResponse?, Error?) -> Void
 public typealias ActivationTokenCompletionHandler = @MainActor @Sendable (ActivationTokenResponse?, Error?) -> Void
 public typealias QuickCodeCompletionHandler = @MainActor @Sendable (QuickCode?, Error?) -> Void
@@ -18,3 +19,6 @@ public let MIRACL_API_URL = URL(string: "https://api.mpin.io")!
 
 typealias AuthenticateCompletionHandler = @MainActor @Sendable (AuthenticateResponse?, Error?) -> Void
 typealias APIRequestCompletionHandler<T> = @Sendable (APICallResult, T?, Error?) -> Void
+
+public typealias CrossDeviceSessionCompletionHandler = @MainActor @Sendable (CrossDeviceSession?, Error?) -> Void
+public typealias CrossDeviceSessionAborterCompletionHandler = @MainActor @Sendable (Bool, Error?) -> Void

MIRACLTrust/MIRACLTrust-Sources/Cross Device Session/CrossDeviceSession.swift

@@ -0,0 +1,84 @@
+import Foundation
+
+/// An object representing details for an operation (authentication or signing)  started on another device.
+@objcMembers
+@objc public final class CrossDeviceSession: NSObject, Sendable {
+    /// User ID entered by the user when session is started.
+    public let userId: String
+
+    /// Name of the project in MIRACL Trust platform.
+    public let projectName: String
+
+    /// URL of the project logo.
+    public let projectLogoURL: String
+
+    /// Project ID setting for the application in MIRACL Trust platform.
+    public let projectId: String
+
+    /// PIN length that needs to be entered from the user.
+    public let pinLength: Int
+
+    /// Indicates method of user verification.
+    public let verificationMethod: VerificationMethod
+
+    /// URL for verification in case of custom verification method.
+    public let verificationURL: String
+
+    /// Custom text specified in the MIRACL Trust portal for the custom verification.
+    public let verificationCustomText: String
+
+    /// Label of the identity which will be used for identity verification.
+    public let identityTypeLabel: String
+
+    /// Indicates whether [QuickCode](https://miracl.com/resources/docs/guides/built-in-user-verification/quickcode/) is enabled for the project or not.
+    public let quickCodeEnabled: Bool
+
+    /// Indicates whether registration with QuickCode is allowed for identities registered also with QuickCode.
+    public let limitQuickCodeRegistration: Bool
+
+    /// Identity type which will be used for identity verification.
+    public let identityType: IdentityType
+
+    /// Identifier of the session.
+    public let sessionId: String
+
+    /// Description of the operation that needs to be done.
+    public let sessionDescription: String
+
+    /// Hash of the transaction that needs to be signed if any.
+    public let signingHash: String
+
+    public init(
+        userId: String,
+        projectName: String,
+        projectLogoURL: String,
+        projectId: String,
+        pinLength: Int,
+        verificationMethod: VerificationMethod,
+        verificationURL: String,
+        verificationCustomText: String,
+        identityTypeLabel: String,
+        quickCodeEnabled: Bool,
+        limitQuickCodeRegistration: Bool,
+        identityType: IdentityType,
+        sessionId: String,
+        sessionDescription: String,
+        signingHash: String
+    ) {
+        self.userId = userId
+        self.projectName = projectName
+        self.projectLogoURL = projectLogoURL
+        self.projectId = projectId
+        self.pinLength = pinLength
+        self.verificationMethod = verificationMethod
+        self.verificationURL = verificationURL
+        self.verificationCustomText = verificationCustomText
+        self.identityTypeLabel = identityTypeLabel
+        self.quickCodeEnabled = quickCodeEnabled
+        self.limitQuickCodeRegistration = limitQuickCodeRegistration
+        self.identityType = identityType
+        self.sessionId = sessionId
+        self.sessionDescription = sessionDescription
+        self.signingHash = signingHash
+    }
+}

MIRACLTrust/MIRACLTrust-Sources/Cross Device Session/CrossDeviceSessionAborter.swift

@@ -0,0 +1,69 @@
+import Foundation
+
+struct CrossDeviceSessionAborter: Sendable {
+    let sessionId: String
+    let miraclAPI: APIBlueprint
+    let completionHandler: CrossDeviceSessionAborterCompletionHandler
+
+    init(
+        sessionId: String,
+        miraclAPI: APIBlueprint = MIRACLTrust.getInstance().miraclAPI,
+        completionHandler: @escaping CrossDeviceSessionAborterCompletionHandler
+    ) throws {
+        self.sessionId = sessionId.trimmingCharacters(in: .whitespacesAndNewlines)
+        self.miraclAPI = miraclAPI
+        self.completionHandler = completionHandler
+
+        try validateInput()
+    }
+
+    func abort() {
+        miraclAPI.abortSession(accessId: sessionId) { result, _, error in
+            if let error {
+                if case let APIError.apiClientError(clientErrorData: clientErrorData, requestId: _, message: _, requestURL: _) = error, let clientErrorData, clientErrorData.code == INVALID_REQUEST_PARAMETERS, let context = clientErrorData.context, context["params"] == "id" {
+                    callCompletionHandler(
+                        isAborted: false,
+                        error: CrossDeviceSessionError.invalidCrossDeviceSession
+                    )
+                    return
+                }
+
+                callCompletionHandler(
+                    isAborted: false,
+                    error: CrossDeviceSessionError.abortCrossDeviceSessionFail(error)
+                )
+                return
+            }
+
+            if result == .failed {
+                callCompletionHandler(
+                    isAborted: false,
+                    error: CrossDeviceSessionError.abortCrossDeviceSessionFail(error)
+                )
+                return
+            }
+
+            callCompletionHandler(
+                isAborted: true,
+                error: nil
+            )
+        }
+    }
+
+    // MARK: Private
+
+    private func callCompletionHandler(
+        isAborted: Bool,
+        error: Error?
+    ) {
+        DispatchQueue.main.async {
+            completionHandler(isAborted, error)
+        }
+    }
+
+    private func validateInput() throws {
+        if sessionId.isEmpty {
+            throw CrossDeviceSessionError.invalidCrossDeviceSession
+        }
+    }
+}