binding/com.pingidentity.device.binding.journey/DeviceBindingCallback

DeviceBindingCallback

open class DeviceBindingCallback : AbstractCallback, JourneyAware

Journey callback for handling device binding operations in authentication flows.

This callback enables applications to bind a device to a user's identity by creating and registering cryptographic keys with various authentication methods. It supports multiple authentication types including biometric, PIN, and no authentication.

The callback handles the complete device binding lifecycle:

  • Key pair generation with optional attestation

  • User authentication based on the specified authentication type

  • JWT signing with the generated keys

  • Storage of user key metadata

  • Error handling and cleanup on failures

See also

Constructors

Link copied to clipboard
constructor()

Properties

Link copied to clipboard
lateinit var attestation: Attestation

The attestation configuration specifying what type of key attestation should be included when generating the key pair. Can be None for no attestation or contain a challenge for hardware attestation.

Link copied to clipboard
lateinit var challenge: String

The cryptographic challenge provided by the server that must be included in the signed JWT to prove possession of the private key.

Link copied to clipboard
var clientError: String

Error message to be sent to the server if the device binding operation fails. Can be overridden to provide custom error messages.

Link copied to clipboard
lateinit var description: String

The description to display in authentication prompts. Explains why authentication is required and what will happen.

Link copied to clipboard
lateinit var deviceBindingAuthenticationType: DeviceBindingAuthenticationType

The type of authentication required to access the cryptographic keys. Determines whether biometric, PIN, or no authentication is required.

Link copied to clipboard
open lateinit override var journey: <Error class: unknown class>

The Journey instance providing access to configuration and logging. Injected by the Journey framework during callback initialization.

Link copied to clipboard
lateinit var subtitle: String

The subtitle to display in authentication prompts. Provides additional context about the authentication request.

Link copied to clipboard
var timeout: Int

The timeout in seconds for the entire device binding operation. If the operation takes longer than this time, it will be cancelled. Default value is 60 seconds.

Link copied to clipboard
lateinit var title: String

The title to display in authentication prompts (e.g., biometric or PIN dialogs). Provides context to users about what they are authenticating for.

Link copied to clipboard
lateinit var userId: String

The unique identifier for the user performing device binding. This value is set from the server callback configuration and used as the subject in the generated JWT and for key storage identification.

Link copied to clipboard
lateinit var userName: String

The username associated with the user performing device binding. This can be overridden if needed and is used for display purposes and stored in the user key metadata.

Functions

Link copied to clipboard
suspend fun bind(config: DeviceBindingConfig.() -> Unit = {}): Result<String>

Performs the complete device binding operation.

Link copied to clipboard
protected open override fun init(name: String, value: JsonElement)

Initializes callback properties from the server-provided JSON configuration.

Link copied to clipboard
open override fun payload(): JsonObject

Creates the payload to be sent back to the server after device binding completion.