Skip to main content

Intro

Welcome to the documentation for the Real-Time Authentication Service (or RTAS).

If you are here, you were probably implementing the TrustFactor SDK and came across the need to notify in real-time your application's users with the results of their TrustFactor callbacks, be it during registration or authentication workflows.

RTAS handles all the backend to frontend communication in real-time packing animations out of the box reacting to TrustFactor's different callbacks. It supports both logic and UI/UX custom implementations in order to properly fit your application's requirements.

Sequence Diagram of TrustFactor Callbacks WITHOUT "Real-Time Authentication Service"

Authentication Flow (CreateTransaction)

Transaction diagram without RTAS - Fig. 1

In the diagram above, we show how the transaction flow would work without RTAS.

Steps:

  • A request starts from the end-user of your application to your application server, requesting to execute something that is protected by TrustFactor MFA (doMFAProtectedOperation)
  • The application server in turn uses the TrustFactor SDK to create a new transaction (AuthenticationRequest) and returns the deep-link URL to the application, while sending the AuthenticationRequest to the TrustFactor mobile agent through push notification
  • The application server returned the transaction ID to the end user and now the end user calls another service to query the status of this AuthenticationRequest in a loop, until it gets a "final status".
  • When the user accepts, rejects or lets the AuthenticationRequest expire, a callback is sent from the TrustFactor Cloud Services into your application, which you can then use to update the status of the AuthenticationRequest for the end-user.

As far as the TrustFactor SDK is concerned, the workflow described in the loop in the diagram is left up to the implementer.

RTAS is our standard, scalable and highly-available solution to reach your end-users in real-time, without having to re-architect your product or application or handle the load associated with this user flow.

Sequence Diagram of TrustFactor Callbacks WITH "Real-Time Authentication Service"

Authentication Flow (CreateTransaction)

Transaction diagram with RTAS - Fig. 2

With RTAS, all the traffic that was heading to your application in order to update the end-user with the result of their transaction or registration is now redirected to the RTAS servers, leaving your application only to call RTAS when you start the asynchronous flow and when you end it.

In Fig. 2 above, you can see the differences in the authentication flow.

Steps:

  • A request starts from the end-user (Application Users) of your application to your application server, requesting to execute something that is protected by TrustFactor MFA (doMFAProtectedOperation)
  • The application server in turn uses the TrustFactor SDK to create a new transaction (AuthenticationRequest) and returns the deep-link URL to the application, while sending the AuthenticationRequest to the TrustFactor mobile agent through push notification.
  • After getting this information from TrustFactor SDK, the application now calls RTAS using the RTAS OpenAPI client to get an authentication token and real-time endpoint URL. These will be used by the front-end module to connect directly with RTAS servers.
  • At this point, the front-end receives its response and uses the RTAS connection data to initialize the tf-realtime module. This module now connects to RTAS servers and waits for an asynchronous result for the authentication request sent earlier.
  • When the user accepts, rejects or lets the AuthenticationRequest expire on the TrustFactor Mobile Agent, a callback is sent from the TrustFactor Cloud Services into your application. You can then use this to send a request to the RTAS servers to notify the end-user that is waiting for the result, in real-time.

Registration Flow

Registration diagram with RTAS - Fig. 3

In Fig. 3 above, you can see how the registration flow works.

Steps:

  • A request starts from the end-user of your application to your application server, requesting to enroll a new TrustFactor App to his profile
  • The application server in turn uses the TrustFactor SDK to create a new QR-code (RegistrationRequest) and returns the deep-link URL and QR-code information
  • After getting this information from TrustFactor SDK, the application now calls RTAS using the RTAS OpenAPI client to get an authentication token and real-time endpoint URL. These will be used by the front-end module to connect directly with RTAS servers.
  • At this point, the front-end receives its response and uses the RTAS connection data to initialize the tf-realtime module. This module now connects to RTAS servers and waits for an asynchronous result for the registration request sent earlier.
  • When the user scans the QR-code or opens the deep-link URL with the TrustFactor Mobile Agent, a callback is sent from the TrustFactor Cloud Services into your application. You can then use this to send a request to the RTAS servers to notify the end-user that is waiting for the result, in real-time.