AE Mobile Wiki

HID — Apple Wallet issuance (iOS)

apple walletios20 steps6 actorsCandidate
Triggers
  • User receives invitation email with credentials and AE Wallet App link
  • User signs into AE Wallet App on the device that will hold the credential
00 / 20
TLSAPI-keymTLSmTLSUseruserAE Wallet AppserviceHID Origo iOS S…serviceAE NFC CloudserviceHID OrigoplatformApple Walletwallet1User opens AE Wallet App2Sign in (email + temporary password from invitation)3POST /authenticate/verifyCrosses trust boundary4api/auth/twofactor/generate (optional 2FA)5api/auth/verifyuser2f (validate OTP)6Auth token returned7Save token to iOS Keychain · enable biometric if available8api/mobilecred/user/me (get user profile)9api/binaryresource/download (cardholder photo)10User taps "Add to Apple Wallet"11api/mobilecred/card/add12Issue credential (POST /organization/{orgId}/users · Mobile ID)Crosses trust boundary13Issuance token14Issuance token relayed to app15createInitializedMobileKeysManager · listWalletPasses · getAvailableT…16origoKeysManager?.setupEndpoint (issuance token, target .appleWallet)Crosses trust boundary17Deliver Seos credential to Apple Pay (HID Origo Integration Service)Crosses trust boundary18Pass provisioned on device19api/mobilecred/card/save (mark issued)20Status confirmation
TLS· TLS 1.2+ · Bearer JWT (refreshed by request interceptor)API-key· OTP code over TLSmTLS· mTLS · OAuth 2.0 client_credentials · Application-ID headermTLS· HID SDK proprietary channel
Crosses a trust boundary
Source
Verifying access