Open AlexLobaciov opened 3 years ago
geolocation_required
geolocation_required
[bool, optional]
Add a new optional Bool field isGeolocationRequired
in the Connection model.
After the successful Connection enrolment, check the received isGeolocationRequired
field:
isGeoloctionRequired
is nil, skip this step.isGeoloctionRequired
is true, and sharing of the geolocation isn’t already enabled, the mobile app should ask for the permission for Geolocation usage.isGeolocationRequired
is false, and sharing of the geolocation isn’t already enabled, the mobile app should ask for the permission for Geolocation usage.When a mobile application receives the Authorization, check whether this provider requires the geolocation. Access the Authorization’s connection, by the connectionId
, which is already in the authorisation response.
Authorization flow:
isGeolocationRequired
true, and geolocation sharing is enabled, allow user to make an actionisGeolocationRequired
is true and the user has declined the geolocation permission, hide the action buttons(Confirm/deny) and replace buttons with the following text: “Your service provider requires your GPS data to authorize action. To continue, please allow using the geolocation in your phone settings”.isGeolocationRequired
false allow user to make an actionisGeolocationRequired
is nil allow user to make an actionAdd GEO-Location
header. Geolocation will be shared with SCA service as a HTTP Header in the next format:
GEO-Location
[string, optional]
Format using [RFC2426], i.e. GEO:<latitude>;<longitude>
Example: GEO-Location: “GEO:52.506931;13.144558”
By confirming/denying the Authorization the HTTP request should contain the geolocation header. Retrieve the user’s geolocation using the mobile location api and make the request.
Point 3. User authorization type.
We should send the type of how user has been authorized in the app, using biometrics
or passcode
. To do this, would be a better choice to create a global variable somewhere in the app, which will store the authorization type.
Example:
var userAuthorizationType = "biometrics"
The userAuthorizationType
should be send, when confirming/denying the authorization, as an HTTP header in the following format:
Authorization-Type
[string, required]
Example:
"Authorization-Type": "biometrics"
Backend could ignore extra headers, that's why we can send the Authorization-Type
with every authorization request.
@ConstantinKV @baller784 please take a look on the updated description - user flow, and prototype. Thanks!
@AlexLobaciov
Due to Apple guidelines, it is not allowed by Apple to open specific Settings page (Like Privacy -> Location), cause this API is private.
Please see reference here: https://www.zerotoappstore.com/how-to-open-settings-in-ios-programmatically.html (Section How To Open Specific Settings Page in iOS
)
@baller784 after investigation, the iOS will solely switch user to the Privacy>Location settings the first time. Afterwards, we'll have to instruct user with the following dialogue window with title "Turn on Location Services". description "Salt Edge Authenticator requires Location Services. To turn on Location Services, open the Settings app > select Privacy > select Location Services > enable Location Services" and button "OK". The OK button just closes the dialogue.
Thanks!
@baller784 some fixes should be applied.
mappin.and.ellipse
Updated the Prototypes, please take a look for the user flow.
Summary:
Reference issue: https://github.com/saltedge/sca-identity-service-example/issues/55
Task:
Example
UPDATE
User flow:
PROTOYPE = "SCA geolocation" page in default Figma file.
1) "Access to Location Services" (granting permission) when provider sets it as
mandatory
A. Location Services access after successful enrollment.
Once new connection is finished, user should be asked about granting access for Authenticator to Location Services. It might be that Location Services are off.
B. Location Services access if user taps on "Don't Allow" after enrollment
If user denied to grant permission for Salt Edge Authenticator to grant access to Location Services, then user cannot be asked about it once again later, since permission is denied completely.
Use-case: User got pending action authorization.
For pending authorization request, by tap on "Allow" or "Deny", user sees dialogue window with explanation why is Location Services data required with title "Turn on Location Settings", description "Select Location and tap “While Using the App” to allow Authenticator to determine your location, as requested by your service provider.", and buttons "Settings" and "Cancel".
As a result, it is required for user to grant permission to access Location Services for this specific provider. Until then, user cannot authorize any action.
C. Connection status if access not granted (Don't Allow)
If user did not grant the access to location user can see a different connection status:
2) Enable "Location Services" when provider sets geolocation data asmandatory
If access to Location Services data is granted for Salt Edge Authenticator app, but "Location Services" is currently disabled/turned off, then when user got pending action authorization, by tap on "Allow" or "Deny", user sees system dialogue to turn it on, with description "Turn On Location Services to Allow "Authenticator" to Determine Your Location" with buttons "Settings" and "Cancel". Button "Cancel" just closes the system dialogue; button "Settings" takes user to "Location Services" page in settings, where user should just activate the Location Services and return back to the app.
3) Access to "Location Services" and enabling "Location Services" when provider sets it as
optional
Access to "Location Service". After enrollment, ask user once for the access to location data
Enabling "Location Service":
Thanks!