ForgeRock Push Authentication — with Meaning
Everyone loves getting postcards and letters, but everyone *really* loves getting parcels and goodies. It’s all about the payload!
In a previous article I talked about adding support for ForgeRock push notifications to your own IOS apps. But by default, the ForgeRock push service only supports sending authentication requests as simple messages. The user reads the message, decides on an action, and usually responds with an Accept or Reject. In many cases that’s fine. If I start a login, or initiate a payment, my phone buzzes with an approval request, and I’m pretty confident the request is down to me. But not always. Take the case where a child or a partner initiates a payment from a shared bank account, and I’m the approver. My phone buzzes asking for approval, but I’m not 100% sure it’s genuine. For that case, a simple message isn’t enough to convey everything I need to make a decision. I’d like it to send something more, like a geo-location, or even a photo of the person requesting the payment.
So how about extending the default ForgeRock push authentication behaviour to convey that additional data? Turns out it’s pretty straightforward — we need to alter the default ForgeRock push authentication sender node, and then extend our custom push authenticator app to handle and display the additional context.
I’ve made the first part easy and published a new node on the ForgeRock Markeplace here, or you can also grab it from github. The payload content is specified through shared state values in the node configuration. As long as you can get the data into your authentication tree, it can be added as a payload item to be sent with push notifications.
In the previous article I included a sample app to handle the standard notifications. For this new project I created an extended version here.
In the original sample we handle an incoming authentication request by simply displaying an alert (UIAlertController). We’ll do the same here, but we’ll also add an MKMapView controller, so we can display a pretty map showing the geolocation of the request (assuming the authentication tree is configured to send it!)
First, we add the MKMapView controller to our view:
On launching, the app now looks like this:
Now we need to adapt the incoming authentication handler to update the map.
And that’s it — an incoming push message, with geolocation payload, updates the map:
So for this particular example, the final piece of the puzzle is how to get the geolocation data so it can be passed to the push sender authentication node. There are a few community nodes available on ForgeRock Marketplace, but in this case I’m using this geolocation node which calls a user’s browser native geolocation methods to get an accurate result.
