JoshDavisFromNC

Digipass Activation Workflow with Platform API's

0 votes

I'm trying to piece all of the elements together to build workflows with your APIs, but there are some gaps in my understanding that I need to fill in. The workflows I'm trying to build are Digipass Activation and Login/Challenge/Response. I'll post my questions about the Login/Challenge/Response in another thread.

I'm using Integrating End-User Registration and Digipass Activation as a guide. While the sequence diagrams that are very helpful, I'm not able to match all of the steps to API calls.

This is what I think I have so far for the Digipass Activation workflow.

  1. Call /users/register to put the user into the system.
    * I get activationPassword, riskResponse, and serialNumber, but I don't get a registrationID. Is this expected? I think I might not need it since I get one when I call /registrations in step 3.
    * I'm not sure what to do with the activationPassword. None of the other API's I think I need for this workflow seem to require it.
  2. Call either /authenticators/{serialNumber}/generate-activation-data or /authenticators/{serialNumber}/generate-activation-message, using the serialNumber from /users/register.
    * What is the difference between /authenticators/{serialNumber}/generate-activation-data and /authenticators/{serialNumber}/generate-activation-message? When would I use one vs the other?
    * Is this where I get the deviceCode I will need to call /registrations?

     
  3. Call /registrations with the activationData or activationMessage from step 2 as the deviceCode and the serialNumber from step 1.
    * I'm not sure about steps 2 and 3. I believe I need to call this one to get a registrationID, but I'm not sure what I need to pass in as the deviceCode parameter. If it isn't the activationData or activationMessage from step 2, then where do I get the deviceCode?
     
  4. Call /visualcodes/render with the activationMessage2 as the message parameter to generate the CRONTO image.
    * Is this the correct value to use as the message parameter, or where else should I get this?
     
  5. Display the CRONTO image to the user through my application.
  6. Does the device become activated automatically when the user scans the CRONTO image, or do I need to poll /registrations/check-status until I get an activationStatus of "activated" and then call /registrations/{registrationID}/activate myself?

 


Reply to: Digipass Activation Workflow with Platform API's

1 votes

Hello,

I am trying to test the same flow but i have some differences:

  1. Register user pretty much as you do
  2. In step 2 i call /authenticators/{serialNumber}/generate-activation-message
  3. The response from Step 2 is pass down to render the CRONTO image.
  4. Then i should call /registrations and put the code readed from the CRONTO image as deviceCode
  5. Make a new call to render CRONTO image using activationMessage2 returned in registrations response
  6. call /registrations/{registrationID}/activate

I attached two images showing the flow i am trying to implement

I am currently at step 3 trying to get de code from CRONTO image so i have not tested the entire flow.

Hope this will help you out!

Regards!

Thanks!


Attachments
flow 1.png59.21 KB
flow2.png57.33 KB

Reply to: Digipass Activation Workflow with Platform API's

0 votes

Hi Josh,

In order to help you with your questions, could you please provide the JSON payload for the calls, to see the registration flow that you have followed?

Thank you!

 

 


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Request and response bodies for /user/register are attached.

My question is more about what workflow to follow to activate a digipass. The API sandbox lists all of the API's, but I can't find a doc that says what order I need to call them to implement specific workflows, and I have questions about what I'm supposed to pass in for some of the arguments.

Thanks


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Hi Josh, 

It seems that you are following an online activation flow.  For that, you won't need the DeviceCode or the /registrations endpoint call.  All you need to do for a secure activation is to enter your userID and the activationPassword that you acquired from/users/register endpoint, into the mobile app that you have the Orchestration SDK integrated to. The deviceCode will then be embedded in the orchestration command, and the device will be automatically activated in this flow.

Please notice that the activationPassword is time limited to 10 minutes after the generation.

I hope that helps

Hakim


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Digipass Activation Workflow with Platform API's 

Hi, 

I'm attempting to test a similar stream yet I have a few contrasts: 

Register client practically as you do 

In sync 2 I call/authenticators/{serialNumber}/create actuation message 

The reaction from Step 2 is pass down to deliver the CRONTO picture. 

Then, at that point I should call/enlistments and put the code readed from the CRONTO picture as deviceCode 

Settle on another decision to deliver CRONTO picture utilizing activationMessage2 returned in enrollments reaction 

call/enlistments/{registrationID}/actuate 

I appended two pictures showing the stream I'm attempting to carry out 

I'm as of now at stage 3 attempting to get de code from CRONTO picture so I have not tried the whole stream. 

Expectation this will take care of you! 

Respects! 

Much obliged!


Reply to: Digipass Activation Workflow with Platform API's

0 votes

Josh, Oscar, Hiyef,

 

It seems you're mixing both the /users/register flows and the /authenticators flows, which are different use cases.

Historically when using our on-premise solutions you would have to puzzle an enrollment together "manually":

  • Create a user
  • Look up a free authenticator
  • Assign the authenticator
  • Do the activation (for authenticators that need activation)

This exact same process is still possible in the platform API by using:

  • PUT on /users (not /users/register, I'll come to that later)
  • GET /authenticators to query for a free license
  • /authenticators/{serialNumber}/assign
  • etc, etc

However, especially when wanting to enroll a mobile device, this is all overkill.

We've created /users/register to overcome all of this. This will create a user, find a license, assign it and immediately start the activation.

By default, you get an activationPassword back. This is mean to be plugged into the mobile app and registration will complete fully.

You can find a demo mobile app here: https://community.onespan.com/products/mobile-security-suite/sdks

 

If you have further questions, don't hesitate to reach out to our sales engineers, who will happily help you.

 

Kind regards,

Peter

 

Peter Vanderborght

OneSpan


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off