Mobile Developer Guide#
The Mobile Developer Guide documents the Curity Hypermedia Authentication API client SDKs across iOS, Android, and React Native. It is the single source of truth for integrating the Curity Identity Server‘s Hypermedia Authentication API into a mobile app.
Who This Guide Is For#
- Mobile app developers integrating a Curity SDK into iOS, Android, or React Native apps
- Curity solution engineers referencing canonical examples and migration guidance
- Authors and reviewers maintaining the guide as the SDKs evolve
How the Guide Is Organized#
Each platform’s SDK is structured as three layers, from highest to lowest abstraction:
- UI Layer (
UIKiton iOS,UIWidgeton Android — not available for React Native) — prebuilt, themable screens that drive the entire authentication flow. Most iOS and Android apps start here. - SDK Layer (
HaapiManager,OAuthTokenManager) — structured flow stepping with your own UI. Drop here when you need full UI control but want Curity to handle protocol mechanics. React Native apps always start here — RN does not ship a UI Layer. - Driver Layer (
HaapiTokenManager, DPoP) — direct token and DPoP-proof access for fully custom HTTP transports. Escape hatch; most apps never need it. iOS and Android only.
The guide mirrors that hierarchy:
| Section | What’s there |
|---|---|
| Choose Your Layer | Decision tree to pick UI, SDK, or Driver based on your needs |
| Concepts (listed below) | What things are (Token Binding, DPoP, attestation, DCR, and more); read once, no SDK code |
| Driver Layer | iOS and Android per-platform pages and shared concepts; no React Native |
| SDK Layer | iOS, Android, and React Native per-platform pages and shared concepts |
| UI Layer | iOS UIKit and Android UIWidget per-platform pages and shared concepts; no React Native |
| How-To (listed below) | Task-driven recipes (<Tabs> per platform) |
| Platform Notes (listed below) | Truly platform-only quirks (AutoFill, manifest flags, cookies) |
| Upgrade Guides (listed below) | Migration notes spanning layers and platforms |
| Reference (listed below) | Deep-link out to the per-layer reference sites at curity.io |
Where to Start#
If you are integrating for the first time, head to Choose Your Layer . It walks you through three quick questions and points you at the right starting page for your platform and chosen layer.
If you already know which layer you want, the per-platform quickstarts are the fastest entry point:
- iOS: Quickstart — iOS
- Android: Quickstart — Android
- React Native: Quickstart — React Native
Concepts#
Cross-cutting explanations of the protocols and patterns that the SDKs implement. Read these once; no SDK code lives here.
- Attestation and Fallback
- Client Authentication
- Dynamic Client Registration (DCR)
- DPoP and Nonces
- Error Handling
- Logging and Observability
- Risk Assessment
- Token Binding
How-To#
Task-driven recipes. Each page opens with a one-sentence goal, then platform-tabbed step-by-step instructions.
- How to Configure DCR Fallback
- How to Configure Token Binding
- How to Customize Logging
- How to Handle Errors
- How to Integrate Risk Assessment
- How to Use the SDK in an App Extension or App Widget
Platform Notes#
Truly platform-only quirks worth knowing.
Upgrade Guides#
Migration notes spanning layers and platforms.
- Upgrade — DPoP Nonce Auto-Management
- Upgrade — HaapiLogger setLogType Migration
- Upgrade — iOS UIKit v5
- Upgrade — Android UIWidget v5
- Upgrade — React Native vN
Reference#
Pointers to the per-layer auto-generated reference sites at curity.io.