Adding Custom Mobile MFA workflows for Nexmo Verify

Nexmo Verify is a 2FA service, where the user submits a phone number, Nexmo sends an SMS or makes a voice call with the PIN code, and the user submits the PIN for verification.  Appdome is a mobile integration platform as a service (iPaaS) that allows users to add a wide variety of features, SDKs, and APIs to Android and iOS apps.

For more information about Nexmo Verify and how to use Appdome to integrate Nexmo Verify to your app, see: Add Nexmo Verify 2FA to your application.

This KB article provides step by step instructions for adding Appdome DEV-Events™ to your mobile app. You subscribe to Appdome DEV-Events™ to trigger the Nexmo Verify API, thereby leveraging the app’s internal unique event structure.

Prerequisites for adding Nexmo Verify to your mobile app

As a preliminary step to adding Nexmo Verify 2FA service to your mobile app using Appdome, Nexmo and Appdome customers are encouraged to verify their backend servers are configured correctly to work with the Nexmo Verify MFA service. To make it easy to tell if your servers are configured correctly, Appdome has created a simple Nexmo Environment app. For more information, please refer to the following KB article: Nexmo Environment App.

In order to use Appdome’s no code implementation of Nexmo Verify, you will need:

• Appdome account
• Mobile App (.ipa for iOS, or .apk for Android)
• An account for Nexmo Verify service, and obtained from Nexmo dashboard:
  1. API key
  2. API secret
• Signing Credentials (e.g., signing certificates and provisioning profile)

Adding DEV-Events™ Code to Your App

You can add Appdome DEV-Events™ into your mobile app in the form of ‘Broadcasts‘ (for Android apps) and ‘NSNotificationCenter notifications’ (for iOS apps).

To let Appdome handle Nexmo Verify with DEV-Events™ events, follow this flow in the app’s code:

1. The application sends an Event ID “NexmoverifyVerify”, key “phoneNumber” and value containing the phone number you want to verify
2. After submitting this phone number, Appdome implementation of Nexmo Verify returns the Event ID “NexmoverifyPincodeNeeded”
3. An SMS message or voice call requesting the PIN code should be on the way from the Nexmo Verify service.
4. The user enters the PIN code value which triggers the next step.
5. The application returns it to Appdome with the following Event ID:  “NexmoverifyPincode” with key “pin” and value containing the PIN code is collected.
6. Appdome will verify the PIN code and return an Event ID “NexmoverifyDone” with key “success” that holds a value of “true” or “false”, indicating the success or failure of the validation. In case of an error, Appdome will notify the application with Event ID “NexmoverifyError” with key “error” and value containing the description of the error that occurred.

To send a DEV-Events™ event on Android, simply send a broadcast:

Bundle data = new Bundle();
data.putString(key, value);
Intent intent = new Intent(eventID);
intent.putExtras(data);
context.sendBroadcast(intent);

To receive an event on Android, simply create a BroadcastReciever and register it for events you need to receive:

BroadcastReceiver eventsReceiver = new BroadcastReceiver() {
    @Override
    public void onReceive(Context context, Intent intent) {
         Bundle extras = intent.getExtras();
         String event = intent.getAction();
         if(event.compareTo("NexmoverifyError") == 0) {
             if(extras != null && extras.containsKey("error")) {
                String errorText = extras.getString("error");
                //handle the error
            }   
         } else if(event.compareTo("NexmoverifyPincodeNeeded") == 0) {
            //get the PIN code and return it to appdome with DEV-Events event
         } else if(event.compareTo("NexmoverifyDone") == 0) {
            if(extras != null && extras.containsKey("success")) {
                String wasVerified = extras.getString("success"));
                //handle verification status
            } 
        }
    }
};
//Register the broadcast receive in onResume() and Unregister it in onPause ()
@Override
protected void onResume() {
      super.onResume();
      context.registerReceiver(eventsReceiver, new IntentFilter("NexmoverifyError"));
      context.registerReceiver(eventsReceiver, new IntentFilter("NexmoverifyPincodeNeeded"));
      context.registerReceiver(eventsReceiver, new IntentFilter("NexmoverifyDone"));
}

@Override
protected void onPause() {
      if(eventsReceiver != null) {
            unregisterReceiver(eventsReceiver);
      }
      super.onPause();
}

To send a DEV-Events™ event on iOS, simply post a notification with one of the event IDs and eventInfo dictionaries as explained above, and to receive events, create an observer, for example:

NSString *context = nil;

- (void)setUpListeners {
  // after Appdome sends the phone number to the Nexmo service, and kicks off the verification process,
  // it will notify the application that a Nexmo verification code is needed, and give the context which needs to be added to the reply.
  // see method "(void)sendPincode" below
    [[NSNotificationCenter defaultCenter] addObserverForName: @"NexmoverifyPincodeNeeded" object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification *note) {
        context = [[note userInfo] objectForKey:@"context"];
        // in PINCODE request from Appdome, we received the context we need to send back to verify the Nexmo verification code we will recieve via SMS or voice call
    }];
    // this notification will indicate verification process is done and notify us of success or failure of verification
    [[NSNotificationCenter defaultCenter] addObserverForName: @"NexmoverifyDone" object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification *note) {
        bool success = [[[note userInfo] objectForKey: @"success"] boolValue];
        // verification is done, "success" indicates success of verification operation
    }];
}
// this method will initiate the verification process. We send the phone number we want to verify.
- (void)verifyPhoneNumber {
    NSMutableDictionary *userInfo = [[NSMutableDictionary alloc] init];
    [userInfo setObject: @"12025550177" forKey: @"phoneNumber"];
    [[NSNotificationCenter defaultCenter] postNotificationName: @"NexmoverifyVerify" object:nil userInfo: userInfo];
}
// user got the Nexmo verification code via SMS or voice call, app collected it from the user and wants to send it to Nexmo for verification
- (void)sendPincode {
    NSMutableDictionary *userInfo = [[NSMutableDictionary alloc] init];
    // send the code you received from Nexmo via SMS or voice call
    [userInfo setObject: @"1234" forKey: @"pin"];
    [userInfo setObject: context forKey: @"context"];
    [[NSNotificationCenter defaultCenter] postNotificationName: @"NexmoverifyPincode" object:nil userInfo: userInfo];
}

Fusing the mobile app on Appdome

Follow these step-by-step instructions to add the Nexmo Verify service to any mobile app using Appdome DEV-Events™  (in the Appdome UI, this is known as the ‘Custom’ implementation).

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

From the Build tab, select the Identity category 

1. Expand Appdome for Mobile Identity+ category
2. Toggle “ON” Identity Services select Nexmo Verify from the list
3. Enter the API Key you got from Nexmo Dashboard
4. Enter the API Secret you got from Nexmo Dashboard
5. Expand Adaptive MFA category
6. Toggle “ON” Custom MFA
7. Toggle “ON” Authenticate on Resource if you want the Nexmo Verify API to be triggered whenever the mobile user accesses a protected resource.  (Optional)
8. Enable Customize Login Detect and choose the method by which to detect the login and extract the phone number (optional)
9. Brand ID (optional): enter a string up to 18 characters which will be included in the verification SMS or voice call. If it is left blank, Appdome Nexmo implementation will use your application name, and the SMS show “<YourApplication> code: 1234. Valid for 5 minutes”.
10. API URL (optional): If you are using an alternative Nexmo server, enter here. Otherwise, leave blank. By default, Appdome’s Nexmo Verify implementation will use “https://api.nexmo.com“

Click the Build My App button to complete Appdome’s Nexmo integration with DEV-Events into the app.

The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add Nexmo Verify MFA to the mobile app in seconds.

Congratulations! Now you have a mobile app fully integrated with Nexmo Verify Custom MFA (with DEV-Events).

What’s next:    

After you have added Nexmo Verify to your mobile app, there are a few additional steps needed to complete your mobile integration project.

Add Context™ to the Appdome-Built App

Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand, configure or further customize Appdome-built app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.

Sign the app (Required)

In order to deploy an Appdome-Built app, it must be signed. Signing iOS apps and Signing Android apps is easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.

Kai Kenan