UAE PASS
  • UAE PASS
  • Overview
  • Getting Onboarded with UAE PASS
    • Onboarding Process for UAE PASS Service Providers
      • Initiation Phase
      • Development Phase
      • Assessment Phase
      • Go live Phase
  • Quick Start Guide - UAE PASS Staging Environment
    • User Account Types
    • Create Staging UAE PASS Account
    • Upgrade Staging UAE PASS Account
    • Testing Credentials for POC
    • Conduct a POC with UAE PASS Authentication
  • Feature Guides
    • Authentication
      • Web Integration
        • Introduction
        • Pre-Requisites
        • Endpoints
        • 1. Authorization Code
        • 2. Access Token
        • 3. User Information
        • 4. Logout
        • Login Button
        • Authentication Postman Walkthrough
      • Mobile Integration
        • Introduction
        • Pre-Requisites
        • Requirements
        • Guide
          • SDK
          • API
        • SDK Integration
      • Token Validation API
        • Introduction
        • Pre-Requistes
        • Endpoints
        • Integration Steps
          • 1. Verify access token API using Basic Authentication
          • 2. Obtaining Authenticated User Information from the Access Token
        • Validation Decisions
      • User Linking
        • Automatic Linking
        • Manual Linking
        • Corporate Account
    • Digital Signature
      • Digital Signature (Single Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2. Create Signer Process
            • 3. Sign Document
            • 4. Obtaining Document
            • 5. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 6. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Digital Signature
            • Digital Signature Postman Walkthrough
        • Verification API Integration
          • Web Service Details
          • Postman Collection for Signature Verification API
      • Digital Signature (Multiple Document)
        • Signing Guide
          • Endpoints
          • Document Signing Steps
            • 1. Token
            • 2.Create Documents
            • 3. Create Signer Process
            • 4. Sign Document
            • 5. Obtaining Document
            • 6. LTV Configuration
              • Integration Web Services
              • Postman Collection for LTV
            • 7. Deleting Document
          • Document Signature verification Process
          • Postman Collection for Multiple Document Signing.
    • e-Seal
      • Introduction
      • DESC Process for Dubai Entities
        • Process overview
        • Detailed DESC process description
      • ICA Process for Non-Dubai Entities
        • Onboarding Process
        • Obtaining Credentials and Certificates
      • Integration Web Service
        • PAdES eSeal Signing
        • CAdES eSeal Signing
        • eSeal verification
        • eSeal error codes
      • Postman Collection
    • Hash Signing
      • Introduction
      • Hash Signing (Single Document)
        • Hash Signing (Java SDK Set Up)
          • Quick Setup
          • Hash Signing Process
            • 1. Start the Process
            • 2. Initiate Signing Process
            • 3. Sign PDF Document
          • Endpoints
          • Postman Collection
          • Utility Files
      • Bulk Hash Signing (Multiple Documents)
        • Quick Setup
        • Hash Signing Process
          • 1. Start Signing Process
          • 2. Initiate Signing Process
          • 3. Sign PDF Document
        • Endpoints
        • Postman Collection
  • Web Registration
    • Introduction
    • Steps to create account
    • Endpoints
      • 1. Access Code
      • 2. Access Token
      • 3. User Information
  • Facial Biometric Transactions Confirmation
    • Web Integration
      • Endpoints
      • Integration Steps
        • Obtain Authorization Code
        • Obtain Access Token
        • Obtain User Info
        • Log out User
    • Mobile Integration
      • Mobile Integration Guidelines
  • Guidelines
    • Use-Case Guidelines
      • Standard Authentication Scenarios for Service Provider Use Cases
      • Standard Digital Signature Scenarios for Service Provider Use Cases
      • Standard Implementation Guidelines
    • Design Guidelines
      • UAEPASS Button Guideline
      • Text Message Guidelines
  • Resources
    • Attributes List
    • Sample Apps
    • Staging Apps
    • Assets
  • FAQ
    • Common Integration Issues
  • Versioning
Powered by GitBook
On this page
  • Requirements to Take to Account When Programming the Mobile Application
  • Protocol and Interactions between the Mobile Application and Mobile ID.

Was this helpful?

  1. Facial Biometric Transactions Confirmation
  2. Mobile Integration

Mobile Integration Guidelines

PreviousMobile IntegrationNextUse-Case Guidelines

Last updated 1 month ago

Was this helpful?

Requirements to Take to Account When Programming the Mobile Application

  1. Register, during installation, its own customized URI scheme (e.g., yourapp://...) in the mobile's operating system.

  2. Start OAuth 2.0 authorization in the WebView.

  3. Monitor the WebView's URL to intercept the Mobile ID's URI scheme (by default, mobileid://...).

  4. In the Mobile ID's URI, change the callback URLs so they use the URI scheme of yourapp instead of https, propagating the original callback URL via a parameter.

  5. Launch the Mobile ID application, opening the modified URI in the system.

  6. Process incoming URLs that use the customized scheme (yourapp://...), retrieving the original callback URL from the parameter.

  7. Open the original callback URL in the WebView so the authorization server can take over again and complete the OAuth authorization.

  8. Monitor the WebView URL to intercept the OAuth redirect URI, which indicates the completion of the authorization phase.

Refer the documentation for the mobile's operating system for how to perform these tasks, in particular the communication between applications using customized URI schemes.

Protocol and Interactions between the Mobile Application and Mobile ID.

The complete protocol, including the OAuth 2.0 messages that the mobile application exchanges with UAE PASS, and the interactions between the application, the WebView and the UAE PASS Mobile ID application, entail the following steps.

  1. “YourApp” starts an OAuth 2.0 authorization flow in an embedded WebView. It uses, for example, OAuth 2.0 landing page as the redirect URI. OAuth 2.0 start URL. Example :

  2. “YourApp” monitors the WebView's URL to intercept the UAE PASS Mobile ID's URI customized scheme (by default, uaepass://...) and detect the redirect URL.

  3. Following a few WebView redirects, the identity provider starts the authentication with Mobile ID in the same device. To do this, it edits the WebView's URL with a URL based on the Mobile ID's scheme.

  4. "YourApp" detects the Mobile ID scheme. The URL has the following format, where and are the callback URLs from UAE PASS Mobile ID to UAE PASS Identity Server. Original Mobile ID URL (partial): uaepass://...? successURL= & failureURL= & ...

  5. “YourApp” rewrites the above URL so that the callback URLs refer to its customized scheme (let's assume it is yourapp), including the original URL in a parameter. For example, the edited callback URLs can follow the yourapp:///resume_authn syntax with a url parameter for the original URL. Modified Mobile ID URL (example). uaepass://...? successURL=yourapp:///resume_authn?url= &failureURL=yourapp:///resume_authn?url= & ...

  6. “YourApp” invokes the mobile's operating system to open the above URL. This launches the Mobile ID application (assuming it is installed in the mobile), sending it the URL.

  7. The Mobile ID application interacts with the user to prompt them to authenticate through face verification.

  8. Once the user has authenticated through face verification, the Mobile ID application finalizes and invokes the mobile's operating system to open the callback URL (successURL if the authentication finished correctly and failureURL if an error occurred). This brings the YourApp application back to the foreground.

  9. YourApp processes the incoming URL, verifies that it observes the above syntax and obtains the original callback URL from the url parameter.

  10. “YourApp” opens the above URL in the WebView. This URL, which always uses the https scheme, sends the WebView back to UAE PASS Identity Server.

  11. It continues interacting with the user in the WebView until it finishes the authentication (or cancels it if an error occurs). For example, face verification is not working at the given time

  12. The requests authorization from the user for granting “YourApp” access to the requested scopes, also within the WebView.

  13. Lastly, the OAuth 2.0 authorization finishes and redirects the WebView back to the redirect URI. OAuth Redirect URL. Example: https://<<your_redirect_uri>>? code=4515...e0ba&state=3dd9...8cd4

  14. “YourApp”, which was monitoring the WebView for detecting the above redirect URI, extracts the authorization code (or information on any error that occurred) from the code parameter. At this point, the application can destroy the WebView (see Cookies and SSO about this) and return to interacting with the user in its native interface.

  15. “YourApp” exchange the authorization code for an access token. (Given what we said above, and because a mobile application cannot maintain secrets, YourApp includes only its client_id in the HTTP authorization header of the access token request message.)

  16. “YourApp” accesses the protected resource(s) by invoking the HTTP API of the resource server with the access token and/or stores the token for subsequent calls to the HTTP API.

  17. “YourApp” resumes interaction with the user.

https://stg-id.uaepass.ae/idshub/authorize?client_id=your_app&redirect_uri=https://your_redirect_uri&...