iOS Tutorial DeviceCheck - uniquely identify iOS device

Discussion in 'iOS Tutorials' started by JanPRO, Jan 6, 2019.

  1. JanPRO

    JanPRO Well-Known Member Licensed User

    Hi,

    in this tutorial (intended for advanced B4i user) I want to demonstrate how you can use the DeviceCheck framework (introduced with iOS 11) in order to uniquely identify an iOS device. I highly recommend to read the offical Apple documentation first: https://developer.apple.com/documentation/devicecheck?language=objc

    The main advantages & use cases:
    • "DeviceCheck APIs also let you verify that the token you receive comes from an authentic Apple device on which your app has been downloaded"
    • "identify devices that have already taken advantage of a promotional offer that you provide"

    Basically the framework allows you to save two bits (2x2) of data per device & per developer (this also means: if you have 100 Apps or more in the store, they all share the same two bits! Personally, I believe this is a big disadvantage ...)

    The following graphic illustrates the server communication between the Device, your Server & Apple:

    [​IMG]
    Source: https://iosimage.s3.amazonaws.com/2018/34-devicecheck-tutorial/server.png

    Before we can start to code, we need to create a new DeviceCheck key in the member center:


    upload_2019-1-6_0-18-27.png

    Be sure you have selected "DeviceCheck".
    Note down the KeyID & download the generated key file and save it, we will need it later.

    Now go to the following page https://developer.apple.com/account/#/membership/ and note down your TeamID.

    These information are needed in order to generated a JSON web token for authentication. This step is done by the server module and with the help of a tool called JWT.jar (also written in B4J). As a developer, you just have to enter your collected information (Path to the private key, KeyID & TeamID) in the Initialize method of the DeviceCheckServer module.

    The two resumable subs GetBitState and SetBitState of the module are doing the "magic" for you & return a custom response type with information about the request & validities; for status codes & errors please have a look at the documentation: https://developer.apple.com/documen...g_and_modifying_per-device_data?language=objc

    On the device side, the DeviceCheck module generates the temporary DeviceToken & sends it to our server - simple.

    In general, I recommend to start with the examples and fit them to your needs.

    Notes & tips:
    • set the MinVersion of your iOS App to iOS 11
    • be sure you have register an explicit App ID
    • DeviceCheck has no simulator support
    Feel free to ask questions ;)
     

    Attached Files:

    Pendrush, tufanv, Filippo and 2 others like this.
  2. JanPRO

    JanPRO Well-Known Member Licensed User

    By the way: You can also use the JWT tool in order to create the authentication token for Apple's (new) Apns Http Api, which is much more powerful than the old solution :)
     
    Last edited: Jan 6, 2019
  3. tufanv

    tufanv Expert Licensed User

    very useful. I think we can use this to protect our API's and limit the access to devices only which our app is installed on right?
     
    JanPRO likes this.
  4. JanPRO

    JanPRO Well-Known Member Licensed User

    Yes, correct.

    Jan
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice