A successful FIDO2_0 response (accompanied by a 200 OK if using REST) will look similar to the following:
{
"Response": {
"rp": {
"name": "FIDOServer",
"id": "strongkey.com"
},
"user": {
"name": "johndoe",
"id": "IS_cmMEf9B6qP5bCEpTzkotQ6ek9FzG7JkfnzpoRA3g",
"displayName": "Initial Registration"
},
"challenge": "mvCa7PatHg-9y3jZe7hrCA",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
},
{
"type": "public-key",
"alg": -35
},
{
"type": "public-key",
"alg": -36
},
{
"type": "public-key",
"alg": -8
},
{
"type": "public-key",
"alg": -47
},
{
"type": "public-key",
"alg": -257
},
{
"type": "public-key",
"alg": -258
},
{
"type": "public-key",
"alg": -259
},
{
"type": "public-key",
"alg": -37
},
{
"type": "public-key",
"alg": -38
},
{
"type": "public-key",
"alg": -38
}
],
"excludeCredentials": [
{
"type": "public-key",
"id": "8wfZB45Xf2hXFt5VVjtVbnmXm4BLgkiPRfji9m1g_WxvIsRG--ldheHyCMVenwevgB_vxB3NBuAIkbeW8FngAyBYOx36Fjys4QYz_dfCLtlzJeoj-yoHrC_DgH2xcFDpKRgBbHfD1LiEd56V-JzCBkHz0olHiu0TLBWp10QEoV44De_k72gxgPOP4GUwyafbqy71I7i0Ak7HdtXoV0Dmgm1vKdVYpSAiMopL7ROMm_rptQj0QPYJeT_n05AesVzQ",
"alg": -7
},
{
"type": "public-key",
"id": "djEB2mIMKt3SifYwy3ZuY7800VWpPJG8Ir_WTel2cacmze4cF8uOrCAvTc55robM9y_LbISUlEAdhvWQNI9j9fW7d_RE-p_i4qcDqtqj2-cN7j2ZWPTYk42LrwMT6bFJ3KvN3emuWZ9lmbOelbGBq0tOIh7zlQQFYI2GzK-iEOpsyePTAaoGforhYKB4LfZf1thXpQU4c6r8N8t2DNCI-dHBuiilUwkX_jtQc-ylwprfGuI-1Z2yWwPDho9dXTTe",
"alg": -7
}
],
"attestation": "direct"
},
"responseCode": "FIDO-MSG-0002",
"skfsVersion": "4.13.0",
"skfsFQDN": "example.strongkey.com",
"TXID": "1-1-74-1717788283064",
"appTXID": "exampleappTXID"
}
Value |
Explanation |
---|---|
name |
This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application with whom the user is interacting. |
id |
This attribute contains the Domain Name System (DNS) name of the site hosting the application. This is usually a string containing the “top level domain” + “1 sub-domain”, conforming to RFC-6454. |
Value |
Explanation |
name |
This attribute contains the name assigned by the web application to the user account registering the FIDO credential. |
id |
This attribute contains the unique identifier assigned by SKFS to the user account |
displayName |
This attribute contains the label assigned to the unique Authenticator used by the user when registering with the SKFS. |
Value |
Explanation |
challenge |
This attribute contains a Base64Url encoded random “number used once” (nonce), generated by the SKFS, to challenge the Authenticator to sign it with the newly generated Private Key of the FIDO credential. |
publicKeyCredParams |
This attribute contains an array of JSON objects, each of which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm numbers correspond to the following: -7: ES256 or ECDSA with SHA-256 message digests -8: EdDSA -35: ES384 or ECDSA with SHA-384 message digests -36: ES512 or ECDSA with SHA-512 message digests -47: ES256K or ECDSA using secp256k1 curve and SHA-256 |
excludeCredentials |
This attribute contains an array of JSON objects, each of which describes the credential identifiers (credentialId) the SKFS has already registered for this specific user.
|
attestation |
This attribute contains a value intended to provide notice to the platform (browser or app) that the SKFS requires the attestation object be conveyed through the manner specified by this value.
|