The ForgeRock SDKs leverage the Access Management (AM) intelligent authentication. Use the SDKs to easily step through each stage of an authentication tree by using callbacks. User Login Analytics, built into Intelligent Authentication, offer metrics and timers that measure user interactions as well as their devices, such as the time it takes to authenticate and call out to third-party systems across services and applications. You can change your authentication tree in AM, and the SDK will automatically handle the changes in real time. You don’t have to redeploy the application or make any code changes in the app.
The SDKs use the OAuth 2.0 Auth Code flow with PKCE. ForgeRock has selected this method as the best practice for first-party applications. The SDK automatically handles token exchange for you, and also securely stores the tokens. Token refresh is automatically handled by the SDK so you don’t have to think about it.
The SDKs also let you pull in a separate UI component. You can use it for rapid prototyping, or as a building block for your application. Let’s say you want to get an authentication experience in front of some of your users or business stakeholders. You can easily use modules to implement different authentication flows, update them in real time in ForgeRock Access Management, and display the results immediately in your application.
Single Sign-On (SSO)
In some scenarios your company may have multiple native applications that customers have installed on their devices. You can use the SDK to seamlessly sign users in to multiple applications on a device. When the customer signs into one application, they are automatically signed into a second application on that device—without having to authenticate again.
Pluggability & Extensibility
All SDK modules are pluggable and extensible. Don’t want to use our method for jailbroken detection? No problem! Just plug in your own method, or use any 3rd-party plug-in instead. On top of the plugability of the SDK, you can also create any custom node on the server side to send data to a 3rd party to validate user information like phone number or IP address.
Device Security Profile
Using the SDK you have the option to collect device DNA to use in your authentication flows. You might use this data to compare to a user sign-in to a prior sign-in event. If the device profile has changed too much from the prior event, you can deny the sign-in.
Jailbreak or Root Detection
The iOS and Android SDKs generate a score to determine if a device is jailbroken or rooted. There are a number of factors that go into creating this score. The score ranges from 0 to 1.0, where 0 indicates the device is an emulator.
Device ID & Meta Data
ForgeRock SDKs will automatically generate a device ID for you. You can use the ID with Identity Manager or Access Management to allow your users to manage their devices. For example, you can insert the device ID and associated data into a user’s profile. This lets them view their devices and set the devices as trusted. You can also decide to use a recognized device in an authentication flow to avoid asking a user for another factor.
You can collect Latitude and Longitude information from your users via the Android and IOS SDKs. Apps that use location services must request location permissions from users.