# Parent Lock

The Parent Lock feature is intended to secure access to a specific screen. In accordance with the COPPA (Children’s Online Privacy Protection Rule), Publishers are required to restrict access to external websites and other sections through an age gate.

![](./parent_lock/parent_lock.png)

### Verification Modes

Parent Lock supports two modes for verifying a user's identity before granting access:

**Local Challenge (default)** The user is presented with a simple math challenge (e.g., "What is 3 × 4?"). The answer is calculated and validated entirely on the device — no network request is made. The challenge format (digits vs. words) and the maximum multiplier are configurable in the plugin settings.

**Remote PIN Verification** When Remote PIN Verification is enabled, the math challenge is replaced by a numeric PIN input. After the user enters a PIN of the required length, it is sent to a configured server endpoint using a cloud event. The server is responsible for both setting and validating the PIN. See [PIN Code (`com.applicaster.pin.v1`)](/integrations/cloud-events#pin-code-comapplicasterpinv1) in the Cloud Events reference and the full [PIN Code](/integrations/pin-code) guide.

The server response determines the outcome:
- **Success (HTTP 200/201):** Access is granted. If the response includes a status message (e.g., "PIN set" or "Valid PIN"), it is briefly displayed before the user proceeds.
- **Invalid PIN (HTTP 400):** The server's error message is shown and the user may try again.
- **Network or server error:** A generic error message is shown and the user may try again.

The PIN is also cached in session storage after a successful verification, so the user is not asked again within the same session.

:::info 
Known limitation
Users cannot tell whether they are setting a new PIN or verifying an existing one.
This is determined server-side, based on the response (e.g., “PIN set”, “Valid PIN”, “Invalid PIN”).
:::

:::tip
See the [PIN Code (`com.applicaster.pin.v1`)](/integrations/cloud-events#pin-code-comapplicasterpinv1) cloud event reference and the [PIN Code integration guide](/integrations/pin-code) for full integration details.
:::

#### Configuration

Remote PIN Verification is configured in the **Data** section of the plugin settings:

| Field | Description | Default |
|---|---|---|
| Enable Remote PIN Verification | Toggle to switch from local challenge to remote PIN mode | Off |
| PIN Verification Endpoint | Data source pointing to the cloud event endpoint that handles PIN requests | — |
| PIN Length | Number of digits required for the PIN | 4 |

The instruction text shown on the PIN screen is customizable via the **"Instructions Text (PIN Code)"** localization key.

## Mobile and Tvs

Add the parent lock plugin to your versions. 

![](parent_lock/plugin.png)

Add the Parent lock screen to the layout.

![](parent_lock/screen_plugin.png)

To localize the texts according to your needs, open the “Localization” modal on the right panel of the Parent lock screen.

![](./parent_lock/localization.png)

Modify the challenge by using digits (1,2,3) or words (one, two, three). Please note that the maximum multiplier is 10, even if the higher number is set in the field.

![](./parent_lock/challenge.png)

Design the screen. If you choose to display a background image, its size should be 1125x2436px, and the close button size should be 100x100 px.

![](parent_lock/design.png)

Once it's done, add the screen as a pre-hook to the relevant screens by going to the “Screen Storyboard” section and select the parent lock screen. 

![](./parent_lock/screen_hook.png)

## Parent Lock Hook Behavior Details

The behavior of the Parent Lock hook depends on how the target content is accessed:

#### 1. Screen Launched via Navigation
- If the Parent Lock hook target is a screen opened directly from navigation (i.e., no specific video or entry is referenced in the call), the Parent Lock screen is **always** presented to the user.

#### 2. Entry-Based Target (e.g., Video Clicked)
- When the target is specifically defined by an entry (for example, the user selects a video):
  - The system checks the entry’s `requires_authentication` flag and evaluates `free` extension:
    - If **authentication is not required** and the entry is free, the Parent Lock is **skipped**.
    - Otherwise, the following applies:
      - **If "Check User Authentication" is enabled in the plugin configuration:**
        - Additional authentication checks (from the specified login and storefront screens) are performed in the background to decide whether to present the Parent Lock.
      - **If "Check User Authentication" is disabled:**
        - The Parent Lock will be presented for all non-free entries that require authentication, even if the user has access and is already logged in (i.e., forced presentation).

#### Summary Table

| Scenario                                              | Parent Lock Presented?                  |
|------------------------------------------------------|:----------------------------------------|
| Screen opened via navigation (no entry)              | Always                                 |
| Entry is free & does NOT require authentication      | Skipped                                |
| Entry requires authentication or is not free:        |                                        |
| — "Check User Authentication" is enabled             | Depends on background authentication & access checks |
| — "Check User Authentication" is disabled            | Always (forced presentation)            |

**Note:**  
- The "Check User Authentication" setting provides flexibility for platforms that wish to skip Parent Lock if the user is already authenticated and allowed access to the content.
- Forced presentation ignores authentication state, requiring the Parent Lock even for authenticated users.
