Request Authorization

Once the BindID SDK is initialized, you can invoke a BindID authentication process using the authenticate() SDK call (see API reference). A successful authentication returns an authorization code that can be exchanged for the ID and access tokens.

The token exchange can be performed either in the front-end or backend. When using a front-end PKCE exchange, add the usePkce parameter to the authenticate() call, and then invoke the exchangeToken() SDK method with the authentication response. Alternatively, perform a backend exchange using the Token API (see Get User Identity and Trust).

The following example shows a front-end PKCE token exchange, however, BindID also supports a backend authorization code token exchange (with or without PKCE) using the Token API.

Note: You will need to add the import XmBindIdSDK at the top of the implementation class.

func authenticate () {
    let request = XmBindIdAuthenticationRequest(redirectUri: "[REDIRECT_URI]")
    request.usePkce = true
    XmBindIdSdk.shared.authenticate(bindIdRequestParams: request) { [weak self] (response, error) in
        if let e = error {
            self?.handleError(error: e)
        } else if let requestResponse = response {
            self?.exchange(response: requestResponse)
        }
    }
}

func exchange (response: XmBindIdResponse) {
    XmBindIdSdk.shared.exchangeToken(exchangeRequest: XmBindIdExchangeTokenRequest.init(codeResponse: response)) { [weak self] (response, error) in
        if let e = error {
            self?.handleError(error: e)
        } else if let tokenResponse = response {
            self?.sendTokenToServer(idToken: tokenResponse.idToken, accessToken: tokenResponse.accessToken)
        }
    }
}

func sendTokenToServer(idToken: String,accessToken: String) {
 // Add code to send the ID and access token to your application server here  
}

func handleError(error: XmBindIdError) {
 // Add code to process the authentication error here 
}

where [REDIRECT_URI] is redirect URI you configured in the BindID Admin Portal.

The functions in the snippet above should be implemented as follows:

sendTokenToServer should send the ID and access tokens received upon successful authentication to your backend server.
handleError should respond to an authentication error, possibly by presenting a suitable message to the user.

Request Authorization#

Request Authorization