Add invalidCustomClaims device binding status

FRDeviceBinding/FRDeviceBinding/Sources/Callbacks/DeviceBindingCallback.swift

@@ -152,7 +152,13 @@ open class DeviceBindingCallback: MultipleValuesCallback, Binding {
                    completion: @escaping DeviceBindingResultCallback) {
 
         let authInterface = deviceAuthenticator?(deviceBindingAuthenticationType) ?? deviceAuthenticatorIdentifier(deviceBindingAuthenticationType)
-        let dispatchQueue = DispatchQueue(label: "com.forgerock.concurrentQueue", qos: .userInitiated)
+
+        guard authInterface.validateCustomClaims(customClaims) else {
+            handleException(status: .invalidCustomClaims, completion: completion)
+            return
+        }
+
+        let dispatchQueue = DispatchQueue(label: "com.forgerock.serialQueue", qos: .userInitiated)
         dispatchQueue.async {
             self.execute(authInterface: authInterface, customClaims: customClaims, completion)
         }
@@ -180,11 +186,6 @@ open class DeviceBindingCallback: MultipleValuesCallback, Binding {
             return
         }
 
-        guard authInterface.validateCustomClaims(customClaims) else {
-            handleException(status: .unsupported(errorMessage: "Invalid custom claims"), completion: completion)
-            return
-        }
-
         let startTime = Date()
         let timeout = timeout ?? 60
 

FRDeviceBinding/FRDeviceBinding/Sources/Callbacks/DeviceSigningVerifierCallback.swift

@@ -182,7 +182,7 @@ open class DeviceSigningVerifierCallback: MultipleValuesCallback, Binding {
         }
 
         guard authInterface.validateCustomClaims(customClaims) else {
-            handleException(status: .unsupported(errorMessage: "Invalid custom claims"), completion: completion)
+            handleException(status: .invalidCustomClaims, completion: completion)
             return
         }
 

FRDeviceBinding/FRDeviceBinding/Sources/DeviceBindingStatus.swift

@@ -20,6 +20,7 @@ public enum DeviceBindingStatus: LocalizedError, Equatable {
     case unsupported(errorMessage: String?)
     case clientNotRegistered
     case unAuthorize
+    case invalidCustomClaims
 }
 
 struct BindingStatusConstants {
@@ -48,6 +49,8 @@ public extension DeviceBindingStatus {
             return BindingStatusConstants.clientNotRegistered
         case .unAuthorize:
             return BindingStatusConstants.abort
+        case .invalidCustomClaims:
+            return BindingStatusConstants.abort
         }
     }
 
@@ -65,6 +68,8 @@ public extension DeviceBindingStatus {
             return "PublicKey or PrivateKey Not found in Device"
         case .unAuthorize:
             return "Invalid Credentials"
+        case .invalidCustomClaims:
+            return "Invalid Custom Claims"
         }
     }
 }

FRDeviceBinding/FRDeviceBindingTests/DeviceBindingCallbackTests.swift

@@ -833,7 +833,7 @@ class DeviceBindingCallbackTests: FRAuthBaseTest {
                 case .success:
                     XCTFail("Callback bind succeeded instead of unsupported (invalid custom cliams)")
                 case .failure(let error):
-                    XCTAssertEqual(error.clientError, DeviceBindingStatus.unsupported(errorMessage: "Invalid custom claims").clientError)
+                    XCTAssertEqual(error, DeviceBindingStatus.invalidCustomClaims)
                     XCTAssertTrue(callback.inputValues.count == 1)
                 }
                 expectation.fulfill()
@@ -953,7 +953,7 @@ class DeviceBindingCallbackTests: FRAuthBaseTest {
                     XCTFail("Callback bind succeeded instead of unsupported (invalid custom cliams)")
                 case .failure(let error):
                     // even though we don't overrid any of the existing claims, it fails as validateCustomClaims method always returns false
-                    XCTAssertEqual(error.clientError, DeviceBindingStatus.unsupported(errorMessage: "Invalid custom claims").clientError)
+                    XCTAssertEqual(error, DeviceBindingStatus.invalidCustomClaims)
                     XCTAssertTrue(callback.inputValues.count == 1)
                 }
                 expectation.fulfill()

FRDeviceBinding/FRDeviceBindingTests/DeviceSigningVerifierCallbackTests.swift

@@ -693,7 +693,7 @@ class DeviceSigningVerifierCallbackTests: FRAuthBaseTest {
                 case .success:
                     XCTFail("Callback bind succeeded instead of unsupported (invalid custom cliams)")
                 case .failure(let error):
-                    XCTAssertEqual(error.clientError, DeviceBindingStatus.unsupported(errorMessage: "Invalid custom claims").clientError)
+                    XCTAssertEqual(error.clientError, DeviceBindingStatus.invalidCustomClaims.clientError)
                     XCTAssertTrue(callback.inputValues.count == 1)
                 }
             }
@@ -828,7 +828,7 @@ class DeviceSigningVerifierCallbackTests: FRAuthBaseTest {
                     XCTFail("Callback bind succeeded instead of unsupported (invalid custom cliams)")
                 case .failure(let error):
                     // even though we don't overrid any of the existing claims, it fails as validateCustomClaims method always returns false
-                    XCTAssertEqual(error.clientError, DeviceBindingStatus.unsupported(errorMessage: "Invalid custom claims").clientError)
+                    XCTAssertEqual(error, DeviceBindingStatus.invalidCustomClaims)
                     XCTAssertTrue(callback.inputValues.count == 1)
                 }
                 expectation.fulfill()

SampleApps/FRExample/FRExample/ViewController.swift

@@ -16,7 +16,7 @@ import CoreLocation
 import QuartzCore
 import FRDeviceBinding
 
-class ViewController: UIViewController {
+class ViewController: UIViewController, ErrorAlertShowing {
 
     // MARK: - Properties
     @IBOutlet weak var loggingView: UITextView?
@@ -294,13 +294,17 @@ class ViewController: UIViewController {
                         self.present(alert, animated: true, completion: nil)
                         return
                     } else if callback.type == "DeviceBindingCallback", let deviceBindingCallback = callback as? DeviceBindingCallback {
-                        deviceBindingCallback.bind() { result in
+                        deviceBindingCallback.bind(customClaims: ["isCompanyPhone": true, "lastUpdated": Int(Date().timeIntervalSince1970)]) { result in
                             DispatchQueue.main.async {
                                 var bindingResult = ""
                                 switch result {
                                 case .success:
                                     bindingResult = "Success"
                                 case .failure(let error):
+                                    if error == .invalidCustomClaims {
+                                        self.showErrorAlert(title: "Device Binding Error", message: error.errorMessage)
+                                        return
+                                    }
                                     bindingResult = error.errorMessage
                                 }
 
@@ -310,13 +314,17 @@ class ViewController: UIViewController {
                         }
                         return
                     } else if callback.type == "DeviceSigningVerifierCallback", let deviceSigningVerifierCallback = callback as? DeviceSigningVerifierCallback {
-                        deviceSigningVerifierCallback.sign() { result in
+                        deviceSigningVerifierCallback.sign(customClaims: ["isCompanyPhone": true, "lastUpdated": Int(Date().timeIntervalSince1970)]) { result in
                             DispatchQueue.main.async {
                                 var signingResult = ""
                                 switch result {
                                 case .success:
                                     signingResult = "Success"
                                 case .failure(let error):
+                                    if error == .invalidCustomClaims {
+                                        self.showErrorAlert(title: "Device Binding Error", message: error.errorMessage)
+                                        return
+                                    }
                                     signingResult = error.errorMessage
                                 }
 
@@ -1071,7 +1079,7 @@ class WebAuthnCredentialsTableViewController: UITableViewController {
 }
 
 
-class UserKeysTableViewController: UITableViewController {
+class UserKeysTableViewController: UITableViewController, ErrorAlertShowing {
     let identifier = "cell"
     let frUserKeys = FRUserKeys()
     var userKeys: [UserKey] = []
@@ -1167,8 +1175,14 @@ class UserKeysTableViewController: UITableViewController {
 
         self.present(alert, animated: true, completion: nil)
     }
-
-    private func showErrorAlert(title: String, message: String) {
+}
+
+protocol ErrorAlertShowing: UIViewController {
+    func showErrorAlert(title: String, message: String)
+}
+
+extension ErrorAlertShowing {
+    func showErrorAlert(title: String, message: String) {
         let errorAlert = UIAlertController(title: title, message: message, preferredStyle: .alert)
         let cancelAction = UIAlertAction(title: "Ok", style: .cancel, handler:nil)
         errorAlert.addAction(cancelAction)