Mobile Authenticator Service

Issuer Properties

This is a set of properties that have to be set on the service that define an issuer. Once these properties are set and the service is started, you cannot effectively change these properties.

  • url
  • mobileTimeoutInSeconds
  • transactionTimeoutInSeconds
  • issuerName
  • otpLength
  • algorithm
  • qrCodeSizeInPixels

Properties

These are other properties that have to be set on the service.

Property
Description
type
The type of the authenticator service. The type PULLING is already available.
issuerAndTokenStoreJdbcUrl
The jdbc url for the issuerAndTokenStore
issuerAndTokenStoreUsername
The username for the issuerAndTokenStore
issuerAndTokenStorePassword
The password for the issuerAndTokenStore
requestStoreJdbcUrl
The jdbc url for the requestStore
requestStoreUsername
The username for the requestStore
requestStorePassword
The password for the requestStore

Database schema

Functions

pollStatus(actionUID) -> AuthenticationRequest

Fetches the authentication request linked to that actionUID. If there is no authentication request found, you will get null.

fetchAuthenticationRequest(deviceUID) -> AuthenticationRequest

Fetches the oldest new authentication request linked to that deviceUID. If there is no authentication request found, you will get null.

requestAuthentication(issuer, username, actionType, description) -> actionUID

Create an authentication request. actionType has to be AUTHENTICATE.

authenticate(message, actionUID) -> boolean

Confirm the request linked to that actionUID. Returns true if a request was found for that actionUID, otherwise returns false.

cancel(actionUID) -> boolean

Cancel the request linked to that actionUID. Returns true if a request was found for that actionUID, otherwise returns false.

register(issuer, username) -> qr code base64

registrationCallback(identifier, deviceUID) -> boolean

How to use

First, a user has to register. You can use the register function to accomplish that. The mobile app will do a callback call to the url (defined in issuer properties) appended with "/register/callback". That callback request will contain the parameters "deviceUID" and "tbid" in the body, where "tbid" has as value the identifier. These parameters can be used to finalize the registration by calling the registrationCallback function.

When a user is registered that user can try to log in. We can start a login procedure by calling the requestAuthentication function. We can poll for the authentication request with the actionUID. The device polls for the authentication request with the deviceUID to the url (defined in issuer properties) appended with "/poll/{deviceUID}". The response from the device will arrive in the url (defined in issuer properties) appended with "/tokenresponse". The response consists of the properties "status", "message" and "actionUID" in the response body. If the status is not equal to "OK" (case is ignored), the login is cancelled, else the login succeeds.

Data

AuthenticationRequest

The authentication request contains the following fields:

  • issuer
  • username
  • actionType: For now actionType is always AUTHENTICATE
  • deviceUID: UID of the device linked to this authentication request
  • actionUID: UID of the request
  • description
  • authenticationStatus: The authenticationStatus can be any of the following (with accompanying value in the database): NEW(0), VALIDATED(1), CANCELLED(2), OTP_FAILED(3), TIMED_OUT(4), NOT_PRESENT(5)
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.