This has been removed as of v4.14.0 - Please refer SKFS v4.14.0 release notes for more information.
All the web services available in the SKFS APIs accept an HMAC authentication scheme. Currently, HMAC-based authentication in the FIDO Server is available, but HMAC authorization is not yet implemented. The credential (secret key/access key) must be stored by the calling application, which uses it to calculate HMAC and send it as part of the authorization header.
Follow the steps below to create the authorization header:
Create the request body with the required parameters. For example:
{
"svcinfo": {
"did": 1,
"protocol": "FIDO2_0",
"authtype": "HMAC"
},
"payload": {
"username": "johndoe",
"displayname": "Initial Registration",
"options": {
"attestation": "direct"
},
"extensions": "{}"
}
}
Calculate the sha256 digest of the body and then base64 encode the value. The base64 body digest is:
sspvPRwaaKt+OBh8DudEADNV00r/tPO1h2Y2gDxet34=
Calculate HMAC over the concatenation of the following parameters:
HTTP Method + "\n" + base64 body hash + "\n" + contentType/mimetype + "\n" + Current Date + "\n" + api version + "\n" + HTTP URI
Example request to HMAC:
“POST sspvPRwaaKt+OBh8DudEADNV00r/tPO1h2Y2gDxet34= application/json Wed, 25 Sep 2019 18:12:30 PDT SK3_0 /skfs/rest/preregister”
Once the HMAC is calculated, add the following headers to the request:
Authorization: HMAC [access key]:[HMAC] strongkey-content-sha256: [base64 encoded sha256 digest of the request body] Date: [Date used in request to HMAC] strongkey-api-version: SK3_0
Example headers:
Authorization: HMAC 162a5684336fa6e7:3dlT0yJD0zJoSo+2bBu0ANbZBDPhNZTHpX1Uyc1tWlg= strongkey-content-sha256: sspvPRwaaKt+OBh8DudEADNV00r/tPO1h2Y2gDxet34= Date: Tue, 7 Sep 2021 13:21:01 EDT strongkey-api-version: SK3_0