User Identity
The User Identity object contains information regarding the user's identity and accounts on a BlackBerry smartphone.
Identity Service SDK Overview - interfaces for using Identity Services from 3rd Party applications
What functionality does this Identity Service SDK provide to apps?
This SDK provides a series of functions that enable an application to choose an identity provider(s) for their application, and to request authentication tokens from that provider, as well as information about the user.
At present, the only Identity Provider available is BlackBerry ID. As more identity providers become available, this SDK will provide access to those providers.
Why integrate with Identity Service?
If your app needs to interact with an off-device service that requires user authentication, you can integrate with Identity Service to provide seamless access to the off-device service. The interaction from the app to the off-device service is 'seamless' because the user is not prompted within the app for the username and password required by the off-device service. Instead, BlackBerry ID can pass back a 'token' that authenticates the user's identity, and that token can be read and understood by the off-service device, thus allowing the user access to that off-device content WITHOUT requiring user interaction for authentication.
Fictitious Example: Imagine an app called 'MyPics' that has a user's photo content stored off-device, and the content is accessible from the web and from BlackBerry devices. If 'MyPics' is integrated with BlackBerry ID (i.e. we've created a token specifically for them), the app can request a token from BlackBerry ID to confirm the user's identity. The app can send that token to the off-device content service for 'MyPics', as a way of 'signing in' that user to their MyPics account WITHOUT requiring the user to enter a username and password within the 'MyPics' app. The result is a seamless user experience for the app; the user will get their photos on the device without having to sign in to the 'MyPics' service. Since they are already signed in to their device with their BlackBerry ID, and since the app is integrated with BlackBerry ID to use tokens, it all happens without any user annoyance of being prompted to 'sign in' to MyPics.
Even if your app doesn't need to communicate with off-device services using tokens, there are other useful APIs in this SDK that provide access the user's account information (first name, last name, screen name, or username).
The next section provides a more detailed technical overview of the APIs that
provide this functionality.
Identity Service SDK functionality - API overview
This Identity Service WebWorks SDK provides an interface for applications to make use of BlackBerry ID functionality from within their app.
The APIs provided in this SDK enable apps to do the following: - retrieve the account information of the user who is signed in with their BlackBerry ID on the BB10 device. The API getProperties() can be used to retrieve the user's first name, last name, username, and screenname.
- retrieve tokens that prove the user's identity for off-device services (known as 'relying parties', because they are relying on BlackBerry ID to confirm the user's identity), so that the user can have seamless access to that off-device service without being required to enter their username and password. These tokens are used by the off-device service (relying party) to confirm the identity of the user. NOTE: The APIs getToken() and clearToken() can only be used if the relying party has gone through integration process with RIM to have tokens defined for that relying party.
- for background services where it doesn't make sense to show any screens to the user (i.e. background services that do not have any UI), suppress the ability for the Identity Service to pop up an authentication/password confirmation dialog box. The API setOption() is provided to ensure that the Identity Service does not present a pop up screen for authentication/password verification within background services where that wouldn't make sense.
Important: There is never a need for an application to present a "sign in" screen to the user. All the IDS APIs listed above will check to see if their is a BlackBerry ID associated with the device, and if there isn't one, they will pop an authentication (sign in) screen on the device (unless the calling app runs in the background and has 'set_GUI_allowed = False' to specifically prevent this from happening.)
About Callback functions
Several IDS APIs have the following 2 parameters: - Success callback function - Failure callback function
The Identity Service responds asynchronously to API calls made by an application. Upon detection of a response, the IDS library will parse the response (which will either be success or failure), and invoke the corresponding callback function that the app has provided for the success or failure case.
So the callback functions are a mechanism for IDS library to pass the parsed response from the daemon back to the calling application. The callback functions cannot be NULL; the app must specify what to do in both the success and failure scenarios.
Integrating an application with IDS APIs
The calling app uses the function registerProvider() which will connect the app to an Identity Service. This step must be done before the app calls any of the IDS APIs described above (getToken(), clearToken(), etc). After the app makes an API call to one of the IDS APIs listed above (i.e. getToken), the IDS library will asynchronously process that request, and call the success/failure callback provided.
Supported Platform(s)
| - BlackBerry 10 |
| API | BB5.0 | BB6.0 | BB7.0 | PB1.0 | PB2.0 | BB10 | Ripple |
|---|---|---|---|---|---|---|---|
| blackberry.user.identity.clearToken | Y | ||||||
| blackberry.user.identity.getProperties | Y | ||||||
| blackberry.user.identity.getToken | Y | ||||||
| blackberry.user.identity.getVersion | Y | ||||||
| blackberry.user.identity.registerProvider | Y | ||||||
| blackberry.user.identity.setOption | Y |
Configuration Document Settings
|
To use all of the API described for this object, you must ensure the following settings are in your configuration document: |
|
You must declare the feature element(s) below in your configuration document: |
| Feature ID | BB5.0 | BB6.0 | BB7.0 | PB1.0 | PB2.0 | BB10 | Ripple |
|---|---|---|---|---|---|---|---|
| <feature id="blackberry.user.identity" /> | Y |
| Permission Elements (PlayBook Only) |
|---|
| You must declare the permission element(s) below in your configuration document: |
|
- <rim:permit>access_bbid_pii</rim:permit>
Permits your app to access user identity information. |
Functions
static
void
blackberry.user.identity.clearToken
(provider : String, tokenType : String, appliesTo : String, successCallback: function(result : JSON), failureCallback: function(result : JSON))
Issue a clear token request. In cases where the token seems to be invalid or too close to expiry to be deemed useful, an application can clear out the currently cached token in order to retrieve a newly generated token in the next getToken() call.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
| Parameters | |
|---|---|
| provider | The identity provider to send this request to. |
| tokenType | A token type. It must be NOT NULL and 32 characters >= tokenType > 0 character |
| appliesTo | The application or service to which the token applies. It must be NOT NULL and 96 characters >= applies_to > 0 character |
| successCallback |
Function which is invoked upon successful operation of this
method.
result: A JSON object containing the in the form below: {
"result": true
}
|
| failureCallback |
Function which is invoked when this method fails. This
callback contains an errorCode parameter to specify the failure condition.
result: A JSON object containing details of the failure in the form below: {
"result":"50009",
"errorDescription":"The appliesTo value is not valid"
}
Error Handling: - 49999: An internal error has occurred attempting to process the request. - 50009: The appliesTo value is not valid. - 50008: The tokenType value is not valid. - 50010: There are not enough resources available to process the request. - 50003: The account is currently locked, token access is unavailable while locked. - 50004: The user could not be authenticated. |
Code Example:
|
static
void
blackberry.user.identity.getProperties
(provider : String, propertyList : String, successCallback: function(result : JSON), failureCallback: function(result : JSON))
Issue a request for a property.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
| Parameters | |
|---|---|
| provider | The identity provider to send this request to. |
| propertyList | A comma separated string listing each of the properties requested |
| successCallback |
Function which is invoked upon successful operation of this
method.
result: A JSON object containing the in the form below: {[
{"uri":"urn:bbid:firstname":"value":"john"},
{"uri":"urn:bbid:lastname":"value":"doe"}
}
|
| failureCallback |
Function which is invoked when this method fails. This
callback contains an errorCode parameter to specify the failure condition.
result: A JSON object containing details of the failure in the form below: {
"result":"50004",
"errorDescription":"The user could not be authenticated."
}
Error Handling: - 49999: An internal error has occurred attempting to process the request. - 50010: There are not enough resources available to process the request. - 50003: The account is currently locked, token access is unavailable while locked. - 50004: The user could not be authenticated. - 50011: The service is currently offline and and cannot retreive the requested token. - 50002: The length of a property name in the list exceeds the maximum name length (32). - 50017: The application does not have access to one of the requested properties. |
Code Example:
|
static
void
blackberry.user.identity.getToken
(provider : String, tokenType : String, appliesTo : String, successCallback: function(tokenResult : JSON), failureCallback: function(result : JSON))
Issue a get token request.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
| Parameters | |
|---|---|
| provider | The identity provider to send this request to. |
| tokenType | A token type. It must be NOT NULL and 32 characters >= tokenType > 0 character |
| appliesTo | The application or service to which the token applies. It must be NOT NULL and 96 characters >= applies_to > 0 character |
| successCallback |
Function which is invoked upon successful operation of this
method.
tokenResult: A JSON object containing a token and it's information in the form below: {
"token": "ghdaj23i8rghaepeghk;a",
"params": ["name":"TOKEN_SECRET","value":"oguireqhge"]
}
|
| failureCallback |
Function which is invoked when this method fails. This
callback contains an errorCode parameter to specify the failure condition.
result: A JSON object containing details of the failure in the form below: {
"result":"50009",
"errorDescription":"The appliesTo value is not valid"
}
Error Handling: - 49999: An internal error has occurred attempting to process the request. - 50009: The appliesTo value is not valid. - 50008: The tokenType value is not valid. - 50010: There are not enough resources available to process the request. - 50003: The account is currently locked, token access is unavailable while locked. - 50004: The user could not be authenticated. - 50011: The service is currently offline and and cannot retreive the requested token. - 50012: An error occurred communicating with the service. |
Code Example:
|
static
int
blackberry.user.identity.getVersion
()
The getVersion() function retrieves the version of the IDS library that your application is using.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
Return:
"1000000"
Code Example:
|
static
int
blackberry.user.identity.registerProvider
(name : String)
Applications use this function to register which Identity Provider(s) that they want to use. Once the application has initialized the library, it can register for each of the identity providers it is interested in.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
| Parameters | |
|---|---|
| name | The name of the identity provider that the application wants to use for retrieving user identity information (only BlackBerry ID is supported at this time). |
Return:
result
Code Example:
|
static
int
blackberry.user.identity.setOption
(option : int, value : String)
Configure an option in the Identity Services library. These options allow an application to modify the default behavior of the IDS library as well as configure the way the library and application integrate together.
Available options are:
Set GUI Allowed (option = 0, value = true/false)
Option to set whether or not GUI allowed flag is set. Value is "true" or "false". By default, in cases where user input is required, the Identity Service performs the user interaction on behalf of the calling application. If this has been set to false, and user input is required, the API will return an error. If no user interaction is required to complete the API, this setting has no effect.
Set Group ID (option = 1, value = groupId)
Set the group ID of the calling application for UI dialogs. String version of UI group id. This is required in cases where the Identity Service requires user input from the user and must open an interface in the context of the calling application.
Set Verbosity (option = 2, value = {"Silent", "Normal", "Verbose")
Set the library logging verbosity level. Useful during application development to allow developers to be able to increase logging for diagnostics. Note that IDS logs are generated on stderr, and so should be captured in the application's log file.
| Supported Platforms | |
|---|---|
| - BlackBerry 10 | |
| Parameters | |
|---|---|
| option | The option to be modified. |
| value | The new string value to set |
Code Example:
|