LogoLogo
  • Introduction
  • Getting Started
  • SenseCrypt Server
    • Starting the server
    • Configuration
    • Licensing and Authorization
    • Using the Swagger Docs page
    • Authorization
    • Using a JWT Token for Mobile Authorization
    • Getting information about your license
    • SenseCrypt eID
      • Generating your first SensePrint eID QR
      • Generating a raw SensePrint
      • Decrypting a raw SensePrint
      • Parsing a SensePrint
    • SenseCrypt Face PKI
      • Configuration
      • Accessing your Root Certificate
      • Generate your first Face Certificate
      • Verifying a Face Certificate
      • Encrypting Data/Keys using a Face Certificate
      • Face Decrypting Data/Keys
      • Face Signing
      • Face Signature Verification
    • Accessing the server for testing
    • Liveness Image Requirements
  • SenseCrypt Mobile SDKs
    • Licensing
    • Authorization for Online SDKs
    • Liveness and Face Capture
    • Android SDK
    • iOS SDK
  • Conclusion
  • FAQ & Search
  • Appendix
    • Privacy Preserving Biometric Verifiability
    • Principles of Privacy Preserving Face Verification
    • Foundational vs Functional eID
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. SenseCrypt Mobile SDKs

Authorization for Online SDKs

How online mobile SDKs connect with the server

PreviousLicensingNextLiveness and Face Capture

Was this helpful?

The online SDKs function by communicating with the SenseCrypt server using an end-to-end encrypted protocol.

There are two methods available for authorization:

  1. Mobile API Key - Configured in the app source code constants, this is the easiest method during development. Correspondingly, the mobile key is configured on the server as we saw in the server's section.

  2. JWT Token - A JWT token mechanism allows you to use your own authorization mechanism. To use a device specific JWT, follow the following steps:

    1. Get the device ID by calling getDeviceId() from the mobile SDK.

    2. Pass the device ID along with authentication parameters (such as username/password) to your own application server.

    3. If authentication succeeds, make a server-to-server call from your application server to your SenseCrypt server's /gen-jwt end-point passing in the device ID as the instance_id. See the section for more details. The server-to-server call can be authorized using the api_key that you defined in the section.

    4. Return the generated JWT token to the mobile device.

    5. Store the JWT token on the device for future use.

    6. When initializing the mobile SDK, pass the server URL along with Bearer your_jwt_token as the authentication parameter.

By default, the source code uses the Mobile API Key configured in the code constants. Since a JWT flow involves your own authentication, implementing such a flow is left to you. However, the mobile SDKs do support such a flow out of the box should you choose to implement it.

Configuration
Using a JWT Token for Authorization
Configuration