Lockout Authenticators require Oomph version 20 or later. Please contact your Account Manager for more information.
If you enable a lockout authenticator for your app, then a modal authenticator dialog is displayed to the user when the app launches, prompting them to sign in. This dialog displays exactly the same msite as that for a "normal" authenticator.
To continue, the user can choose from an option in the UI provided by the authenticator Msite:
- By signing in: this works in the same way as in a normal authenticator. Both public and the private issues available to that user will be shown upon successful sign-in.
- By selecting “guest mode”: this dismisses the dialog & allows the app to be used without authentication. In this mode, all public issues are shown to a user, but no private issues are displayed. This mode could also be thought of as public or unauthenticated mode.
By signing in or choosing guest mode, the authenticator dialog will no longer be shown on app startup. However, the authenticator will continue to be displayed on startup if the user presses the Done button, the rationale being that the user needs to explicitly select a mode.
The dialog will only be re-shown on app launch, not when the app regains focus from the background.
While possible, it is not expected that lockout authenticators be used to force a user to sign into an app, implementors are expected to provide a guest mode in their authenticator implementation. Note that failing to provide a mechanism for the public to use the app without authenticating may violate Apple's review guidelines and cause your app to be rejected.
The authenticator Msite can use any appropriate terminology for the guest mode feature, for example it could be called “public access” or “free”.
It is possible to configure an Oomph app so that the "Done" button on the msite dialog is not displayed to the user, requiring the user to either authenticate or choose guest mode. In the case where the "Done" button is not present, you will need to also implement the API call in your msite (see below) to dismiss the authenticator dialog. For more information about this feature, please contact your account manager.