Skip to content

Change Passcode

The ChangePasscodeStep allows the end user to change the passcode of the application store. This step is not used in the onboard scenario.

For the restore scenario, this step checks if the passcode policy stored in the application store during the onboarding equals the passcode policy downloaded from the server during the restore flow. If they are not equal, the end user is prompted to change the passcode in order to fulfill the new passcode policy.

This step also supports the change scenario which can be used in order to implement a change passcode scenario initiated by the end user.

Input Parameters

Mandatory input parameters: * client policy – Specifies the passcode policy set on the flowContext, typically provided by the SettingsDownloadStep.

  • context – Specifies the android context initiating the flow such as the caller Activity. This setting has to be provided on the initial FlowContext.

  • flowPresentationActionHandler – Specifies the Action Handler for the Flow Presentation. If the user does not want to specify it's functionality, the default implementation can be used instead. This is set on the flowContext by the app developer at the start of the flow.

Optional input parameters:

  • EnterPasscodeSettings – Specifies the settings for the Enter Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

  • SetPasscodeSettings – Specifies the settings for the Create Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

  • ConfirmPasscodeSettings – Specifies the settings for the Verify Passcode Screen. If there are no specified values passed for the view objects of the screen, the default string values are set. Please note that there is no need to set the action handler because the flows implementation sets a default action handler if one is not set.

Output Parameters

  • secure store – Properly initialized and opened secure store implementation.

Using ChangePasscodeStep

  1. Set the policy data in the flowContext.

    1
       flowContext.setPolicy(policy);
    
  2. Initiate the step:

    1
      ChangePasscodeStep changePasscodeStep = new ChangePasscodeStep();
    
  3. Specify the execute method's FlowActionHandler parameter's "onFailure" and "onSuccess" behaviour:

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
        flowManagerService.execute(flow, flowContext, new FlowActionHandler() {
                @Override
                public void onFailure(Throwable t) {
                    //set the status, update the caller activity
                }
    
                @Override
                public void onSuccess(FlowContext result) {
                    //set the status, update the caller activity
                    //read the result
                }
            });
    

Behaviour of ChangePasscodeStep

For the change scenario, first the Enter Passcode is displayed. If the end user provides a valid passcode, then the Create Passcode is displayed where a new passcode can be provided. At the end, the Verify Passcode has to be used to re-enter the new passcode and then to encrypt the application store using the new passcode.

For the restore scenario, first the passcode policy stored in the application store during onboarding is checked to see if it equals the passcode policy downloaded from the server during the restore flow. If it does not, then Create Passcode is displayed where a new passcode can be provided.

At the end, the Verify Passcode has to be used to re-enter the new passcode and then to encrypt the application store using the new passcode. If the end user cannot provide a new passcode fulfilling the new passcode policy, then the restore flow fails.

If a fingerprint-based unlock was used in the StoreManagerStep and there was any change in the passcode policy—the downloaded one does not equal the persisted one—then the Enter Passcode should be displayed first in order to ask the end user to re-enter the old passcode as well.

The reason for this is to check that the old passcode still fulfills the new passcode policy. If it does, then the new passcode policy is stored in the application store. If it does not, then the change passcode process is forced: the new passcode policy is stored if and only if the new passcode meets the new policy requirements. Otherwise the unlock fails, and the already opened application store is closed.

If the new passcode policy no longer allows the use of a fingerprint, then after the Enter Passcode screen the fingerprint-based unlock should be disabled.