<?xml version='1.0' encoding='UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns2:preauthorizeResponse xmlns:ns2="http://soap.skfs.strongauth.com/">
<return>
{
"Response":{
"challenge":"iyGXibfntC0SRrIK-vYSyTo3Q69Z78KFMSgnUHdM3dc",
"allowCredentials":[{
"type":"public-key",
"id":"4uFwaAc6Bh-6sB0W17VYpoc3q40KC2vijosli0otd-s2-uInAjjVNFJBXsm_JZwCanh3__5FLGi2LlOqUD0BuZ3QfwnDc7prMxvk3c9NSMMx-9mTH31vyFQy_o2HjzoNvYqsuRldpo2kpxGpTJQGMcGcYViUBa4PzHZUbIW2PR2dUMPPMDNNw_PA7jBTAj9bsRrZyaY6kUAFRqOLQ9p1iAYHxAxETsFCU7Fs8BeMoQk",
"alg":-7
},
{
"type":"public-key",
"id":"2Vv0iyvlzv9arv4LFCCzeF4ptSCEE7FRA2kQp0tkspfJYTKqWwN1tRibQhlqAx-K6Y1sTHyixQKDUiYXgPL5Eg",
"alg":-7
}],
"txid":"254900MS6G5FQCUJMZ97-TELLARO-1631149799",
"txpayload":"ewogICAgIm1lcmNoYW50TmFtZSI6ICJTdHJvbmdLZXkiLAogICAgImN1cnJlbmN5IjogIlVTRCIsCiAgICAidG90YWxQcmljZSI6ICIxNDk5NSIsCiAgICAiY2FyZEJyYW5kIjogIkFtZXgiLAogICAgImNhcmRMYXN0NCI6ICJ4LTEyMzQiLAogICAgInR4aWQiOiAiMjU0OTAwTVM2RzVGUUNVSk1aOTctVEVMTEFSTy0xNjMxMTQ5Nzk5IiwKICAgICJ0eGRhdGUiOiAiVGh1IFNlcCA4IDE3OjAyOjU2IFBEVCAyMDIxIgp9",
"rpId":"strongkey.com"
},
"responseCode":"FIDO-MSG-0014",
"skfsVersion":"4.14.0",
"skfsFQDN":"example.strongkey.com",
"TXID":"1-1-169-1679354369053"
}
</return>
</ns2:preauthorizeResponse>
</S:Body>
</S:Envelope>
Value |
Explanation |
---|---|
challenge |
This attribute contains the name assigned by the web application to the name of the Relying Party (RP)—the company or application the user is interacting with |
rpid |
This attribute contains the RFC-6525 origin that represents the RP’s DNS domain. Only credentials registered to this rpid will qualify for providing an authentication assertion – the digital signature of the challenge, thus providing proof of authentication |
txid |
A string—with a maximum length of 256 characters—that represents a business application-defined unique transaction identifier. It can be anything that is appropriate to the business application. Some examples are shown below:
...but will be precisely what was sent in the Request body parameter of this web service. |
txpayload |
While this is intended to be free-form text with a maximum length of 10,000 characters, it will be precisely what was sent in the Request body parameter of this web service. NOTE: It is strongly recommended that it is a JSON object using a structure along the lines of the following (see the NOTE below for more info): |
NOTE: This attribute is an array and may have more than one FIDO credential embedded within the attribute as JSON objects (as shown in the example above). Also note that a single challenge will work for any FIDO credential that is used by the user to authorize the transaction.
Value |
Explanation |
---|---|
type |
This attribute indicates the type of credential from which the RP requires an assertion—the value is always public-key for FIDO/WebAuthn. |
id |
This attribute contains the unique identifier—credentialId—assigned by FIDO Authenticator to the user’s registered credential |
alg |
This attribute contains a numerical value, which describes the Public Key algorithm from the set of COSE Algorithms the SKFS will accept for generated keys. In the example shown, the algorithm number corresponds to the following: -7: ES256 or ECDSA with SHA-256 message digests |