Product Documentation
  • A successful FIDO2_0 response (accompanied by a 200 OK) will look similar to the following::
    <?xml version='1.0' encoding='UTF-8'?>
      <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
        <S:Body>
          <ns2:preauthorizeResponse xmlns:ns2="http://soap.skfs.strongauth.com/">
            <return>
            {
              "Response":{
                "challenge":"iyGXibfntC0SRrIK-vYSyTo3Q69Z78KFMSgnUHdM3dc",
                "allowCredentials":[{
                  "type":"public-key",
                  "id":"4uFwaAc6Bh-6sB0W17VYpoc3q40KC2vijosli0otd-s2-uInAjjVNFJBXsm_JZwCanh3__5FLGi2LlOqUD0BuZ3QfwnDc7prMxvk3c9NSMMx-9mTH31vyFQy_o2HjzoNvYqsuRldpo2kpxGpTJQGMcGcYViUBa4PzHZUbIW2PR2dUMPPMDNNw_PA7jBTAj9bsRrZyaY6kUAFRqOLQ9p1iAYHxAxETsFCU7Fs8BeMoQk",
                  "alg":-7
                },
                {
                  "type":"public-key",
                  "id":"2Vv0iyvlzv9arv4LFCCzeF4ptSCEE7FRA2kQp0tkspfJYTKqWwN1tRibQhlqAx-K6Y1sTHyixQKDUiYXgPL5Eg",
                  "alg":-7
                }],
                "txid":"254900MS6G5FQCUJMZ97-TELLARO-1631149799",
            "txpayload":"ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9",
                "rpId":"strongkey.com"
              },
              "responseCode":"FIDO-MSG-0014",
              "skfsVersion":"4.14.0",
              "skfsFQDN":"example.strongkey.com",
              "TXID":"1-1-169-1679354369053"
            }
            </return>
          </ns2:preauthorizeResponse>
        </S:Body>
      </S:Envelope>

 

Response Description

Value

Explanation

challenge

This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application the user is interacting with

rpid

This attribute contains the RFC-6525 origin that represents the RP’s DNS domain. Only credentials registered to this rpid will qualify for providing an authentication assertion – the digital signature of the challenge, thus providing proof of authentication

txid

A string—with a maximum length of 256 characters—that represents a business application-defined unique transaction identifier. It can be anything that is appropriate to the business application. Some examples are shown below:

  • “123456789”
  • “SFAECO-12345”
  • “254900MS6G5FQCUJMZ97-TELLARO-1631149799”

...but will be precisely what was sent in the Request body parameter of this web service.

txpayload

While this is intended to be free-form text with a maximum length of 10,000 characters, it will be precisely what was sent in the Request body parameter of this web service.

NOTE: It is strongly recommended that it is a JSON object using a structure along the lines of the following (see the NOTE below for more info):
{
   "merchantName": "StrongKey",
   "currency": "USD",
   "totalPrice": "14995",
   "cardBrand": "Amex",
   "cardLast4": "x-1234",
   "txid": "254900MS6G5FQCUJMZ97-TELLARO-1631149799",
   "txdate": "Thu Sep 8 17:02:56 PDT 2021"
}

...and base64url-encode the object into something that resembles the following:

ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9

 

allowCredentials Description

NOTE: This attribute is an array and may have more than one FIDO credential embedded within the attribute as JSON objects (as shown in the example above). Also note that a single challenge will work for any FIDO credential that is used by the user to authorize the transaction.

Value

Explanation

type

This attribute indicates the type of credential from which the RP requires an assertion—the value is always public-key for FIDO/WebAuthn.

id

This attribute contains the unique identifier—credentialId—assigned by FIDO Authenticator to the user’s registered credential

alg

This attribute contains a numerical value, which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following:

-7: ES256 or ECDSA with SHA-256 message digests