Credential Renewals
A credential is used when performing a two way TLS authentication against a URL listed in the RapidWhiteList or when using the SDK signData method.
Before the SDK performs these operations; the renewal workflow checks the expired status of the credential and will attempt a renewal as required.
Note: The developer will not need to do anything to action renewal except to ensure the RapidWhiteList is correctly populated.
End User Experience
Renewal requires access to the network to connect to the Rapid renewal service. The renewal process is meant to be seamless with as little disruption as possible. The end user will see a modal progress dialog with the text Applying security updates…. The renewal process should only take seconds but this will depend on network speed and the device being used. See dialog customization on how and what can be customized for this dialog.
Grace period
Currently a grace period of 31 days is built into the credentials. This means if renewal fails the two way TLS authentication and signData operations will
continue to work. However after 31 days has elapsed and the credential has not been renewed, the operations will fail with a RapidStatus returning
RapidClientAuthCertExpired. This grace period exists only to ensure the user experience has minimal disruption when renewal fails, and to give enough time for a
renewal to try again and succeed within your app.
Note: There is no grace period for credentials disabled for renewal.
Disable renewal collection
You can stop the credential from being renewed. In this scenario the server will return a RapidServerCollectionNotPermitted response to the RapID SDK.
Regardless of grace period the two way TLS authentication and signData will not perform the operation and will instead return a RapidStatus of RapidServerCollectionNotPermitted.
Retry attempts
In the scenario where credential renewal fails, the RapID SDK will attempt renewal differently depending on the reason for failure. Below is a complete list of failed reasons and the expected SDK retry behavior.
| Failure Reason | Behavior |
|---|---|
| Failure Scenario | Renewal behavior on next signData or two way TLS authentication. |
| Network error during renewal | The SDK will retry renewal the next time two way TLS authentication or signData is performed. |
| Collection not permitted | The SDK will not retry renewal until the app is restarted. |
| Licenses not available | The SDK will not retry renewal until the app is restarted. |
| Rapid service in maintenance | The SDK will retry renewal the next time two way TLS authentication or signData is performed |