/// <summary> /// Illustrate recovery using a not-normal-"consumer mode" recovery agent. /// </summary> /// <param name="tokenClient">SDK client</param> /// <param name="alias">Alias of member to recover</param> /// <returns>recovered member</returns> public TppMember RecoverWithComplexRule( Tokenio.Tpp.TokenClient tokenClient, Alias alias) { // complexRecovery begin snippet to include in docs string memberId = tokenClient.GetMemberIdBlocking(alias); ICryptoEngine cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore()); Key newKey = cryptoEngine.GenerateKey(Key.Types.Level.Privileged); string verificationId = tokenClient.BeginRecoveryBlocking(alias); MemberRecoveryOperation.Types.Authorization authorization = tokenClient.CreateRecoveryAuthorizationBlocking( memberId, newKey); // ask recovery agent to verify that I really am this member Signature agentSignature = getRecoveryAgentSignature(authorization); // We have all the signed authorizations we need. // (In this example, "all" is just one.) MemberRecoveryOperation mro = new MemberRecoveryOperation { Authorization = authorization, AgentSignature = agentSignature }; TppMember recoveredMember = tokenClient.CompleteRecoveryBlocking( memberId, (new[] { mro }).ToList(), newKey, cryptoEngine); // after recovery, aliases aren't verified // In the real world, we'd prompt the user to enter the code emailed to them. // Since our test member uses an auto-verify email address, any string will work, // so we use "1thru6". recoveredMember.VerifyAliasBlocking(verificationId, "1thru6"); // complexRecovery done snippet to include in docs return(recoveredMember); }