Value

Explanation

did

Unique identifier for a cryptographic domain within SKFS. Unless using a StrongKey Tellaro appliance, this defaults to 1.

protocol

The FIDO protocol to be used in this request (FIDO2_0).

authtype

The type of authentication supplied in this service request—it must be PASSWORD or HMAC (see API Security for details); the example shown here is for PASSWORD type of authentication.

svcusername

The username of the service credential requesting this web service.

svcpassword

The password of the service credential requesting this web service.

When PASSWORD authtype is used, SKFS uses entries in a previously configured Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) to authenticate the credential (see Manage Credentials under [SKFS ⇒ Administration ⇒ Security] for details).

Value

Explanantion

id

The identifier of the FIDO credential. Also known as credentialId within the JavaScript API—Web Authentication (WebAuthn)—it returns a Base64url encoding of the FIDO credential.

NOTE: This value is used by FIDO authenticators to uniquely identify a specific credential registered at a specific RP site. In this use-case, it identifies the credential that provided the response to the authentication challenge.

rawid

An implementation of an ArrayBuffer containing the raw byte sequence of the credentialId.

type

This attribute specifies the credential type represented by this object; this is always public-key in the case of FIDO/WebAuthn protocols.

authenticatorData

A complex data structure with information an RP should use to determine if they will accept the assertion and use the digital signature to authenticate the user.

NOTE: SKFS relies heavily on this object to determine if the generated credential—and the authenticator that generated it—conform to the security policy defined within SKFS. As a result, RP applications that must comply with regulations such as GDPR, PSD2, etc.—or who require high levels of security—must ensure requiring an attestation object within the SKFS policy.

signature

This attribute contains the raw signature returned from the authenticator. See §6.3.3 The authenticatorGetAssertion Operation.

userHandle

This attribute contains the user handle returned from the authenticator, or null if the authenticator did not return a user handle. See §6.3.3 The authenticatorGetAssertion Operation.

clientDataJSON

A serialized representation of a JSON structure whose message digest (a.k.a. hash) is digitally signed by the FIDO authenticator in response to a FIDO signing operation. This attribute is also embedded inside a response object within publicKeyCredential.

NOTE: This object represents the most important result of a FIDO signing operation—it is what provides cryptographic evidence that the right challenge was signed with the right credential registered at this RP.

Value

Explanation

version

This attribute describes the version number of the strongkeyMetadata JSON object embedded in the web service request. This JSON object provides useful information to the RP application that are not critical to the FIDO capabilities—but something applications can extend and rely upon for business use-cases.

create_location

If available and enabled on the client device, this attribute provides the resolution of Global Positioning System (GPS) coordinates ascertained by applications.

origin

This is a string of the RP origin (RFC-6525 representation of the application’s URL), so it can be easily accessible to the web application.

username

This is an string of the name of the application user, so it can be easily accessible to the web application.

clientIp

[OPTIONAL]: This is client IP address string. This option is only required if JWT is enabled and you wish to override the default value sent in the request.

clientUserAgent

[OPTIONAL] :This is the User-Agent header string. It is only required if JWT is enabled and you wish to override the default value sent in the request.

appTXID

An optional string within any SKFS web service request body's payload JSON object that, if added, will attach the appTXID value to the TXID logged by the server.