The following request body is sent during the authenticate call:
{
"svcinfo": {
"did": 1,
"protocol": "FIDO2_0",
"authtype": "PASSWORD",
"svcusername": "svcfidouser",
"svcpassword": "Abcd1234!"
},
"payload": {
"publicKeyCredential": {
"id": "wZJwKI7v3wzm42RLEXq1VWCF_74bogrCdh74l2Ay93xKHkuDDd8VfC9Ibe62y9meVHhsEP4KHKiLG49G-I_KX8wrHCLuI0JL9JTxYC6-zt-t3eDyYmtYAWQfYCz954_1ofoxWDWWc08zUKQa_K3fXtKoZbkXykmvZhQuUOH-JSP_aL-us9K1vp8btpBiLG5D__LzPDMZUKU3zdPJl-nVP9flMXmitLpEnuEcb-Trc7FlvP_8qxpHmWwh-V5Fay8h",
"rawId": "wZJwKI7v3wzm42RLEXq1VWCF_74bogrCdh74l2Ay93xKHkuDDd8VfC9Ibe62y9meVHhsEP4KHKiLG49G-I_KX8wrHCLuI0JL9JTxYC6-zt-t3eDyYmtYAWQfYCz954_1ofoxWDWWc08zUKQa_K3fXtKoZbkXykmvZhQuUOH-JSP_aL-us9K1vp8btpBiLG5D__LzPDMZUKU3zdPJl-nVP9flMXmitLpEnuEcb-Trc7FlvP_8qxpHmWwh-V5Fay8h",
"response": {
"authenticatorData": "WnTBrV2dI2nYtpWAzOrzVHMkwfEC46dxHD4U1RP9KKMEAAAAEg",
"signature": "MEYCIQCm9j6Lhh_ikuWjeKtoQiBHbZrDd2mpuRzy3nWdV1mVBAIhAOEzV5XtitgK3ZCwfDT7X5r93Z4KHbmMu3_DvclLzjR_",
"userHandle": "",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRDV3MXZFQlVnbE14LXFDOWg0VkhEdyIsIm9yaWdpbiI6Imh0dHBzOi8vcWEtc2FrYTQtMDEuc3Ryb25na2V5LmNvbSIsImNyb3NzT3JpZ2luIjp0cnVlfQ"
},
"type": "public-key"
},
"strongkeyMetadata": {
"version": "1.0",
"last_used_location": "Cupertino,CA",
"username": "johndoe",
"origin": "https://example.strongkey.com",
"clientIp": "10.0.1.20",
"clientUserAgent": "Apache-HttpClient/4.5.6 (Java/21.0.3)"
},
"ssoRequest": {
"saml": "PHa6........NoPg=="
},
"appTXID": "exampleappTXID"
}
}
Value |
Explanation |
did |
Unique identifier for a cryptographic domain within SKFS. Unless using a StrongKey Tellaro appliance, this defaults to 1. |
protocol |
The FIDO protocol to be used in this request (FIDO2_0). |
authtype |
The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication. |
svcusername |
The username of the service credential requesting this web service. |
svcpassword |
The password of the service credential requesting this web service. When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [SKFS ⇒ Administration ⇒ Security] for details). |
Value |
Explanantion |
id |
The identifier of the FIDO credential. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn)—it returns a Base64url encoding of the FIDO credential.
|
rawid |
An implementation of an ArrayBuffer containing the raw byte sequence of the credentialId. |
type |
This attribute specifies the credential type represented by this object; this is always public-key in the case of FIDO/WebAuthn protocols. |
Value |
Explanation |
---|---|
authenticatorData |
A complex data structure with information an RP should use to determine if they will accept the assertion and use the digital signature to authenticate the user.
|
signature |
This attribute contains the raw signature returned from the authenticator. See §6.3.3 The authenticatorGetAssertion Operation. |
userHandle |
This attribute contains the user handle returned from the authenticator, or null if the authenticator did not return a user handle. See §6.3.3 The authenticatorGetAssertion Operation. |
clientDataJSON |
A serialized representation of a JSON structure whose message digest (a.k.a. hash) is digitally signed by the FIDO authenticator in response to a FIDO signing operation. This attribute is also embedded inside a response object within publicKeyCredential.
|
Value |
Explanation |
version |
This attribute describes the version number of the strongkeyMetadata JSON object embedded in the web service request. This JSON object provides useful information to the RP application that are not critical to the FIDO capabilities—but something applications can extend and rely upon for business use-cases. |
create_location |
If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications. |
origin |
This is a string of the RP origin (RFC-6525 representation of the application’s URL), so it can be easily accessible to the web application. |
username |
This is a string of the name of the application user, so it can be easily accessible to the web application. |
clientIp |
[OPTIONAL]: This is client IP address string. This option is only required if JWT is enabled and you wish to override the default value sent in the request. |
clientUserAgent |
[OPTIONAL] :This is the User-Agent header string. It is only required if JWT is enabled and you wish to override the default value sent in the request. |
Value |
Explanation |
saml |
This attribute contains the Base64 encoded SAML Request sent by a service provider in a SP initiated Single Sign On (SSO) flow. |
appTXID |
An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server. |