Creating a HaapiAccessor#

HaapiAccessor is the SDK Layer’s entry point. It wraps HaapiManager (flow stepping) and OAuthTokenManager (OAuth lifecycle) and selects the right access strategy — attestation or Dynamic Client Registration fallback — based on device capabilities and your configuration. Build one per authentication flow.

Construction#

HaapiAccessorBuilder is the recommended constructor on iOS:

let baseURL = URL(string: "https://idsvr.example.com")!

let haapiConfiguration = HaapiConfiguration(
    name: "ios-client",
    clientId: "haapi-ios-client",
    baseURL: baseURL,
    tokenEndpointURL: URL(string: "/oauth/v2/oauth-token", relativeTo: baseURL)!,
    authorizationEndpointURL: URL(string: "/oauth/v2/oauth-authorize", relativeTo: baseURL)!,
    appRedirect: "app://haapi",
    httpHeadersProvider: nil,
    authorizationParametersProvider: nil
)

let haapiAccessor = HaapiAccessorBuilder(haapiConfiguration)
    .buildForHaapi()

let haapiManager = haapiAccessor.haapiManager
let oAuthTokenManager = haapiAccessor.oAuthTokenManager

Dispose of the accessor via haapiAccessor.close() before re-creating it.

HaapiAccessorFactory is the recommended constructor on Android. Create the accessor inside a coroutine because the factory may perform attestation or DCR registration during construction:

val baseURLString = "https://idsvr.example.com"
val baseUri = URI.create(baseURLString)

val haapiConfiguration = HaapiConfiguration(
    keyStoreAlias = "haapi-android-key",
    clientId = "haapi-android-client",
    baseUri = baseUri,
    tokenEndpointUri = URI.create("$baseURLString/oauth/v2/oauth-token"),
    authorizationEndpointUri = URI.create("$baseURLString/oauth/v2/oauth-authorize"),
    appRedirect = "app://haapi"
)

GlobalScope.launch(Dispatchers.IO + coroutineExceptionHandler) {
    val haapiAccessor = HaapiAccessorFactory(haapiConfiguration)
        .createForHaapi(onCoroutineContext = this.coroutineContext)

    val haapiManager = haapiAccessor.haapiManager
    val oAuthTokenManager = haapiAccessor.oAuthTokenManager
}

initializeForHaapi is the async factory on React Native. It builds the native iOS or Android accessor across the bridge and returns a HaapiAccessor carrying both managers:

import {
    initializeForHaapi,
    createHaapiConfiguration,
    createIOSConfiguration,
    createAndroidConfiguration,
    noAuthentication,
    getRNLogger,
    RNLogLevel,
} from 'identityserver.haapi.reactnative.sdk'

const haapiConfiguration = createHaapiConfiguration({
    baseUrl: 'https://idsvr.example.com',
    tokenEndpointUrl: 'https://idsvr.example.com/oauth/v2/oauth-token',
    authorizationEndpointUrl: 'https://idsvr.example.com/oauth/v2/oauth-authorize',
    iosConfig: createIOSConfiguration({
        clientId: 'haapi-ios-client',
        appRedirect: 'app://haapi',
        clientAuthenticationMethodConfiguration: noAuthentication(),
    }),
    androidConfig: createAndroidConfiguration({
        clientId: 'haapi-android-client',
        appRedirect: 'app://haapi',
        clientAuthenticationMethodConfig: noAuthentication(),
    }),
})

const accessor = await initializeForHaapi(
    haapiConfiguration,
    getRNLogger({ logLevel: RNLogLevel.Info })
)

const { haapiManager, oauthTokenManager } = accessor

Dispose of the accessor via accessor.close() before re-initialising; initializeForHaapi throws with HaapiErrorCode.AccessorAlreadyInitialized if an accessor is already held.

Access Patterns#

The builder/factory exposes multiple construction methods. Pick the one that matches the operation you are about to perform:

.buildForHaapi() — returns a HaapiAccessor with both managers. Use for a full authorization flow.
.buildForOAuth() — returns an OAuthAccessor with only OAuthTokenManager. Use for token-only operations (refresh, revoke) — for example, from an App Extension that cannot run the full HAAPI flow.

.createForHaapi(...) — returns a HaapiAccessor with both managers. Use for full authorization flows (and for DCR fallback — see DCR ).
.createForOAuth() — returns an accessor with only OAuthTokenManager. Use for token-only operations from app widgets that cannot run the full HAAPI flow.

The single-argument .create(...) is deprecated and will be removed in a future major release; use .createForHaapi(...) instead.

initializeForHaapi(config, logger?) — returns a HaapiAccessor with both managers. Use for a full authorization flow.
initializeForOAuth(config, logger?) — returns an OAuthAccessor with only oauthTokenManager. Use for token-only operations (refresh, revoke) without running the HAAPI flow.

DCR fallback does not require a separate factory — pass a dcrConfiguration inside createIOSConfiguration / createAndroidConfiguration and continue to use initializeForHaapi (see DCR ).

How to implement this: HAAPI Flow · OAuthTokenManager · HaapiTokenManager (Driver Layer)

Administration

System and Operation

Facilities

Profiles

Developer Guide

Configuration Reference

Creating a HaapiAccessor#

Construction#

Access Patterns#