User Consent for Secure ID Verification
Some environments using the Secure ID Verification services will have a requirement to capture user consent for identity data processing. Where the environment does not already manage that consent in another way, the Secure ID Verification service provides a way for that consent to be managed within the service.
If user consent is required, then consent must be explicitly granted before identity verification using personally identifiable information. Consent may also be explicitly withdrawn by the user.
If identity verification is attempted before consent has been provided, in an environment when such consent is required to be managed by the service, the attempt will result in a ConsentRequiredException
.
It is permissible to provide and withdraw consent to the service even in environments where consent is not required to be managed in this manner, however in this case such consent will not be checked.
Determine whether User Consent is Required
To determine whether user consent is required to be managed by the Secure ID Verification service in the current environment, create an identityVerificationClient, and query the SDK:
do {
let consentRequired = try await identityVerificationClient.isConsentRequiredForVerification()
} catch {
// Handle error. An error may be thrown if the backend is unable to perform
// requested operation due to availability or security issues.
// An error might be also be thrown for unrecoverable circumstances arising
// from programmatic error or configuration error. For example, if the keychain
// access entitlement is not set up correctly or basic system resources are
// unavailable.
}
The isConsentRequiredForVerification()
API returns a boolean value.
Determine User Consent Status
To check the consent status of a user, create an identityVerificationClient, and query the SDK:
do {
let consentStatus = try await identityVerificationClient.getIdentityDataProcessingConsentStatus()
} catch {
// Handle error. An error may be thrown if the backend is unable to perform
// requested operation due to availability or security issues.
// An error might be also be thrown for unrecoverable circumstances arising
// from programmatic error or configuration error. For example, if the keychain
// access entitlement is not set up correctly or basic system resources are
// unavailable.
}
As well as returning a boolean indicator of the current consent status, the status response also provides the following information about the state of user consent:
the
consentedAtEpochMs
property, if present, indicates when consent was provided. If consent has not been provided, this value will be empty.the
consentWithdrawnAtEpochMs
property, if present, indicates when consent was withdrawn. If consent has not been withdrawn, this value will be empty.the
content
property, if present, includes the agreement that the user consented to. If consent has not been provided, this value will be empty.the
contentType
property, if present, indicates the content type of the consent agreement provided incontent
. If consent has not been provided, this value will be empty.the
locale
property, if present, indicates the locale of the consent agreement provided incontent
. If consent has not been provided, this value will be empty.
Collect and Provide User Consent
When collecting user consent, create an identity verification client and query the SDK for the consent to be displayed to the user.
Provide the user's preferred locale - likely from their current system settings - and a content type usable by the application. The service will attempt to provide the consent content in a content type and locale most closely matching the preferences, but will fall back to a default which may not match if necessary.
Display the content to the user for agreement. Once agreement has been received, the consent information should be provided back to the SDK for recording.
do {
let preferredLocale = "en-US" // provide the user's current locale
let preferredContentType = "text/plain" // provide the application's preferred content type
let input = IdentityDataProcessingConsentContentInput(
preferredContentType: preferredContentType,
preferredLocale: preferredLocale)
let consentContent = try await
identityVerificationClient.getIdentityDataProcessingConsentContent(
input:input
)
// display consent content to the user to grant their consent
} catch {
// Handle error.
}
do {
// provide consent input based on response of consent content above
let content = consentContent.content
let contentType = consentContent.contentType
let locale = consentContent.locale
let input = IdentityDataProcessingConsentInput(
content: content,
contentType: contentType,
locale: locale
)
let provideConsentResult = try await
identityVerificationClient.provideIdentityDataProcessingConsent(
input:input
)
} catch {
// Handle error.
}
Withdraw User Consent
To withdraw the consent status of a user, create an identityVerificationClient, and invoke the SDK:
do {
let withdrawStatus = try await identityVerificationClient.withdrawIdentityDataProcessingConsent()
} catch {
// Handle error. An error may be thrown if the backend is unable to perform
// requested operation due to availability or security issues.
// An error might be also be thrown for unrecoverable circumstances arising
// from programmatic error or configuration error. For example, if the keychain
// access entitlement is not set up correctly or basic system resources are
// unavailable.
}
Withdrawing of consent does not invalidate any previously verified identity, but it does prevent further secure ID verification for that user.
Last updated