Backup methods

A guide that goes over all of the various backup methods your users can use.

Passkey + Enclave Backup

Allow customers to create a native passkey on their device that is used to authenticate into a secure enclave that holds the encryption key for the user. Customer's passkeys are backed up to the native cloud storage for their device.

Implementation Requirements

  1. Initialize passkey storage as a backup option in the Portal Config Object.

  2. Configuring the relying party

Use Portal as your relying party

  1. Add portalhq.io as a web credential domain in your app.

  2. Share your app bundle id with the Portal Team.

Use your own domain as the relying party

Ensure you have set up your associate domain correctly in your app and that you are serving an aasa file from whatever your relying party domain is set to. You will need to be sure you have the webcredential field set properly for your app in your aasa file.

Resources from apple:

Relying party

A relying party is a trusted domain that is tied to the public key credentials of your users for their passkey . We offer the option to use portalhq.io as your relying party domain. It requires you to add portalhq.io as an Associated Domain in your iOS application and share your team id + application bundle id. If you already have your domain as a webcredential for your application then you can simply pass in your domain as the relying party and everything should work.

import PortalSwift

class ViewController: UIViewController {
  public var portal: Portal?
  public var yourApiUrl: String = "https://YOUR_API_URL.com"
  
  @IBAction func handlePasskeyBackup(_: UIButton!) {
    Task {
      do {
        guard let portal = self.portal else {
          throw PortalExampleAppError.portalNotInitialized()
        }

        // Run passkey backup.
        _ = try await self.backup(clientId, withMethod: .Passkey)
      } catch {
        // Handle any errors during the passkey backup flow.
      }
    }
  }

  public func backup(_ userId: String, withMethod: BackupMethods) async throws -> String {
    guard let portal else {
      throw PortalExampleAppError.portalNotInitialized()
    }

    guard let config else {
      throw PortalExampleAppError.configurationNotSet()
    }

    // Run backup.
    let (encryptedClientBackupShare, storageCallback) = try await portal.backupWallet(withMethod) { status in
      // (Optional) Create a progress indicator here in the progress callback.
    }

    // Obtain your API's URL for storing the encrypted user backup share.
    guard let url = URL(string: "\(yourApiUrl)/users/\(userId)/store-encrypted-user-backup-share") else {
      throw URLError(.badURL)
    }

    // Store the encrypted user backup share on your API.
    try await requests.post(
      url,
      andPayload: [
        "backupMethod": withMethod.rawValue,
        "encryptedClientBackupShare": encryptedClientBackupShare,
      ]
    )

    // Call the storageCallback to notify Portal you stored the user backup share successfully.
    try await storageCallback()
    
    // ✅ The user has now backed up with their passkey successfully!
  }
}

Password/Pin Backup

Allow customers to create a password/pin. Customers can either remember the password or store it in a password storage manager.

Implementation Requirements

  1. Create a UI for password input.

  2. Enforce password requirements. Customer can choose between password, PIN code, passcode, or any other text-based input.

  3. If user forgets password there are no additional recovery options.

import PortalSwift

class ViewController: UIViewController {
  public var portal: Portal?
  public var yourApiUrl: String = "https://YOUR_API_URL.com"
  
  @IBAction func handlePasswordBackup(_: UIButton!) {
    Task {
      do {
        guard let portal = self.portal else {
          throw PortalExampleAppError.portalNotInitialized()
        }

        // Obtain the user's password.
        guard let enteredPassword = await requestPasswordFromUser() else {
          return
        }

        // Set the user's password.
        try portal.setPassword(enteredPassword)

        // Run backup.
        _ = try await self.backup(clientId, withMethod: .Password)
      } catch {
        // Handle any errors during the password backup flow.
      }
    }
  }

  public func backup(_ userId: String, withMethod: BackupMethods) async throws -> String {
    guard let portal else {
      throw PortalExampleAppError.portalNotInitialized()
    }

    guard let config else {
      throw PortalExampleAppError.configurationNotSet()
    }

    // Run password backup.
    let (encryptedClientBackupShare, storageCallback) = try await portal.backupWallet(withMethod) { status in
      // (Optional) Create a progress indicator here in the progress callback.
    }

    // Obtain your API's URL for storing the encrypted user backup share.
    guard let url = URL(string: "\(yourApiUrl)/users/\(userId)/store-encrypted-user-backup-share") else {
      throw URLError(.badURL)
    }

    // Store the encrypted user backup share on your API.
    try await requests.post(
      url,
      andPayload: [
        "backupMethod": withMethod.rawValue,
        "encryptedClientBackupShare": encryptedClientBackupShare,
      ]
    )

    // Call the storageCallback to notify Portal you stored the user backup share successfully.
    try await storageCallback()
    
    // ✅ The user has now backed up with their password successfully!
  }
}

iCloud

See the docs on how to Configure iCloud storage.

Google Drive

See the docs on how to Configure GDrive storage.

Last updated