#import NS_ASSUME_NONNULL_BEGIN @class RelyingParty; @class NetworkClient; @class MPCNetworkClient; /** * Base class for WebAuthn start operation results. * Contains common MPC data and client state needed for continuation. */ @interface MPCRoundResponse : NSObject @property (nonatomic, strong) NSData *mpcRequest; // Data to send to server @property (nonatomic, strong) NSData *doubleEncryptionKey; // Client encryption key @property (nonatomic, strong) NSData *clientState; // Opaque state for continuation @property (nonatomic, strong, nullable) NSDictionary *metadata; // Operation metadata @end /** * Result from WebAuthn create start operation containing MPC request data and client state. */ @interface WebAuthnCreateStartResult : MPCRoundResponse @property (nonatomic, strong) NSData *creationOptions; // WebAuthn creation options @end /** * Result from WebAuthn get start operation containing MPC request data and client state. */ @interface WebAuthnGetStartResult : MPCRoundResponse @property (nonatomic, strong) NSData *sessionId; // Session identifier @property (nonatomic, strong) NSData *publicKey; // Public key for verification @property (nonatomic, strong) NSData *webauthnState; // WebAuthn state data @property (nonatomic, strong) NSData *requestOptions; // WebAuthn request options @end /** * Completion block for WebAuthn start operations. * @param result The start result containing MPC data and client state. * @param error The error that occurred during the operation, if any. */ typedef void (^WebAuthnStartCompletion)(MPCRoundResponse * _Nullable result, ZSMError * _Nullable error); /** * Completion block for WebAuthn create start operations. * @param result The create start result containing MPC data and client state. * @param error The error that occurred during the operation, if any. */ typedef void (^WebAuthnCreateStartCompletion)(WebAuthnCreateStartResult * _Nullable result, ZSMError * _Nullable error); /** * Completion block for WebAuthn get start operations. * @param result The get start result containing MPC data and client state. * @param error The error that occurred during the operation, if any. */ typedef void (^WebAuthnGetStartCompletion)(WebAuthnGetStartResult * _Nullable result, ZSMError * _Nullable error); @interface FIDO2Client : ZSMClient @property (nonatomic, strong, nullable) MPCNetworkClient *mpcNetworkClient; #pragma mark - Registration and initialization - (instancetype)init NS_UNAVAILABLE; /** * Initialize FIDO2Client with automatic MPC round handling using default RelyingParty. * Creates default RelyingParty from config for seamless WebAuthn operations. * @param config ZSM configuration (must include hostUrl, apiKey, applicationId) */ - (instancetype)initWithConfig:(ZSMConfig *)config NS_SWIFT_NAME(init(_:)); /** * Initialize FIDO2Client with optional MPC network override. * If mpcNetworkClient is provided, uses custom MPC networking. * If nil, FIDO2Client uses built-in MPC network implementation. * @param config ZSM configuration (must include hostUrl, apiKey, applicationId) * @param mpcNetworkClient Optional custom MPC network client for MPC round calls */ - (instancetype)initWithConfig:(ZSMConfig *)config mpcNetworkClient:(nullable MPCNetworkClient *)mpcNetworkClient NS_SWIFT_NAME(init(_:mpcNetworkClient:)); #pragma mark - WebAuthn Operations /** * Performs WebAuthn creation (attestation) using start/stop pattern. * Uses built-in MPC networking OR custom MPCNetworkClient if provided. * Existing customer code works unchanged with 90% smaller binaries. * @param options JSON dictionary of WebAuthn creation options. * @param completion Callback to be invoked upon completion with result data or error. */ - (void)webauthnCreate:(NSDictionary *)options completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnCreate(options:completion:)); /** * Performs WebAuthn creation (attestation) for specific user using start/stop pattern. * Uses built-in MPC networking OR custom MPCNetworkClient if provided. * @param user User identifier for this operation * @param options JSON dictionary of WebAuthn creation options. * @param completion Callback to be invoked upon completion with result data or error. */ - (void)webauthnCreate:(NSString *)user options:(NSDictionary *)options completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnCreate(user:options:completion:)); /** * Performs WebAuthn get (assertion) using start/stop pattern. * Uses built-in MPC networking OR custom MPCNetworkClient if provided. * Existing customer code works unchanged with 90% smaller binaries. * @param options JSON dictionary of WebAuthn get options. * @param completion Callback to be invoked upon completion with result data or error. */ - (void)webauthnGet:(NSDictionary *)options completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnGet(options:completion:)); /** * Performs WebAuthn get (assertion) for specific user using start/stop pattern. * Uses built-in MPC networking OR custom MPCNetworkClient if provided. * @param user User identifier for this operation * @param options JSON dictionary of WebAuthn get options. * @param completion Callback to be invoked upon completion with result data or error. */ - (void)webauthnGet:(NSString *)user options:(NSDictionary *)options completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnGet(user:options:completion:)); /** * Retrieves the attestation from create * @param completion Callback to be invoked upon completion with result data. */ - (void)webauthnRetrieve:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnRetrieve(completion:)); /** * Retrieves the attestation from create with trace ID for end-to-end tracing. * @param traceId Optional trace ID for operation tracking. * @param completion Callback to be invoked upon completion with result data. */ - (void)webauthnRetrieveWithTraceId:(nullable NSString *)traceId completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnRetrieve(traceId:completion:)); /** * Retrieves the attestation from create. Will use the currently configured user identifier (config.consumerId). * @param completion Callback to be invoked upon completion with result data. */ - (void)webauthnRetrieveForUser:(NSString *)user withCompletion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnRetrieve(user:completion:)); #pragma mark - WebAuthn Start/Stop Pattern (Network Separation) /** * Starts WebAuthn creation (attestation) process. Returns MPC data for customer networking. * Customer must send mpcRequest to server and then call webauthnCreateEnd with server response. * @param options JSON dictionary of WebAuthn creation options. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnCreateStart:(NSDictionary *)options completion:(WebAuthnCreateStartCompletion)completion NS_SWIFT_NAME(webauthnCreateStart(options:completion:)); /** * Starts WebAuthn creation (attestation) process with optional trace ID for end-to-end tracing. * @param options JSON dictionary of WebAuthn creation options. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnCreateStart:(NSDictionary *)options traceId:(nullable NSString *)traceId completion:(WebAuthnCreateStartCompletion)completion NS_SWIFT_NAME(webauthnCreateStart(options:traceId:completion:)); /** * Starts WebAuthn creation (attestation) process for specific user. * @param user User identifier for this operation. * @param options JSON dictionary of WebAuthn creation options. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnCreateStart:(NSString *)user options:(NSDictionary *)options completion:(WebAuthnCreateStartCompletion)completion NS_SWIFT_NAME(webauthnCreateStart(user:options:completion:)); /** * Starts WebAuthn creation (attestation) process for specific user with optional trace ID. * @param user User identifier for this operation. * @param options JSON dictionary of WebAuthn creation options. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnCreateStart:(NSString *)user options:(NSDictionary *)options traceId:(nullable NSString *)traceId completion:(WebAuthnCreateStartCompletion)completion NS_SWIFT_NAME(webauthnCreateStart(user:options:traceId:completion:)); /** * Completes WebAuthn creation (attestation) process with server response. * @param startResult Result from webauthnCreateStart containing client state and keys. * @param serverResponse Data received from server after sending mpcRequest. * @param completion Callback with final WebAuthn result or error. */ - (void)webauthnCreateEnd:(MPCRoundResponse *)startResult serverResponse:(NSData *)serverResponse completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnCreateEnd(startResult:serverResponse:completion:)); /** * Completes WebAuthn creation (attestation) process with server response and optional trace ID. * @param startResult Result from webauthnCreateStart containing client state and keys. * @param serverResponse Data received from server after sending mpcRequest. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with final WebAuthn result or error. */ - (void)webauthnCreateEnd:(MPCRoundResponse *)startResult serverResponse:(NSData *)serverResponse traceId:(nullable NSString *)traceId completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnCreateEnd(startResult:serverResponse:traceId:completion:)); /** * Starts WebAuthn get (assertion) process. Returns MPC data for customer networking. * @param options JSON dictionary of WebAuthn get options. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnGetStart:(NSDictionary *)options completion:(WebAuthnGetStartCompletion)completion NS_SWIFT_NAME(webauthnGetStart(options:completion:)); /** * Starts WebAuthn get (assertion) process with optional trace ID for end-to-end tracing. * @param options JSON dictionary of WebAuthn get options. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnGetStart:(NSDictionary *)options traceId:(nullable NSString *)traceId completion:(WebAuthnGetStartCompletion)completion NS_SWIFT_NAME(webauthnGetStart(options:traceId:completion:)); /** * Starts WebAuthn get (assertion) process for specific user. * @param user User identifier for this operation. * @param options JSON dictionary of WebAuthn get options. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnGetStart:(NSString *)user options:(NSDictionary *)options completion:(WebAuthnGetStartCompletion)completion NS_SWIFT_NAME(webauthnGetStart(user:options:completion:)); /** * Starts WebAuthn get (assertion) process for specific user with optional trace ID. * @param user User identifier for this operation. * @param options JSON dictionary of WebAuthn get options. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with start result containing MPC data or error. */ - (void)webauthnGetStart:(NSString *)user options:(NSDictionary *)options traceId:(nullable NSString *)traceId completion:(WebAuthnGetStartCompletion)completion NS_SWIFT_NAME(webauthnGetStart(user:options:traceId:completion:)); /** * Completes WebAuthn get (assertion) process with server response. * @param startResult Result from webauthnGetStart containing client state and keys. * @param serverResponse Data received from server after sending mpcRequest. * @param completion Callback with final WebAuthn result or error. */ - (void)webauthnGetEnd:(MPCRoundResponse *)startResult serverResponse:(NSData *)serverResponse completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnGetEnd(startResult:serverResponse:completion:)); /** * Completes WebAuthn get (assertion) process with server response and optional trace ID. * @param startResult Result from webauthnGetStart containing client state and keys. * @param serverResponse Data received from server after sending mpcRequest. * @param traceId Optional trace ID for operation tracking. If nil, one will be generated. * @param completion Callback with final WebAuthn result or error. */ - (void)webauthnGetEnd:(MPCRoundResponse *)startResult serverResponse:(NSData *)serverResponse traceId:(nullable NSString *)traceId completion:(ZSMJSONCompletion)completion NS_SWIFT_NAME(webauthnGetEnd(startResult:serverResponse:traceId:completion:)); #pragma mark - User Management /** * Lists all registered consumer IDs (UUIDs) that have WebAuthn credentials stored locally. * This queries the Keychain for all consumer_id UUIDs that have successfully completed WebAuthn registration. * * Note: This method operates at the FIDO2/MPC layer and returns raw consumer_id UUIDs used in * cryptographic operations. It has no knowledge of user identities. The UMFA layer is responsible * for mapping these consumer_id UUIDs to user-facing identities. * * @return Array of consumer_id UUIDs (as strings) that have registered credentials */ - (NSArray *)listRegisteredUsers NS_SWIFT_NAME(listRegisteredUsers()); @end NS_ASSUME_NONNULL_END