Push and login
Push and login consists of an out-of-band authentication initiated on a website and validated with a mobile application. The authentication request is transmitted via a push notification. The user must initiate the push and login process by using the website of an application server communicating with OneSpan Authentication Server. A push notification will be sent to the mobile application, which must implement the following steps:
- Retrieve the login details related to the authentication session from DIGIPASS Gateway.
- Display the login details to the user for approval.
-
If the user approves the login request:
- Authenticate the user with a given authentication method (e.g. PIN or fingerprint recognition).
- Sign the login request and transmit the generated signature to DIGIPASS Gateway.
-
If the user rejects the login request:
- Transmit the cancellation request to DIGIPASS Gateway.
-
Display a status message in the mobile application.
The application server can now display the result of the authentication request to the user on the website.
Push and login workflow (Overview) provides a high-level overview of the integration of OneSpan Mobile Security Suite in the mobile application, and does not show all required calls to the OneSpan SDKs.
For more information, refer to the OneSpan Mobile Security Suite documentation.
Push notification message content
The content of the push notification is contained in a Secure Channel message, which must be decrypted using the Digipass SDK. Once decrypted, the content of the push notification is encoded as a plain text string with each parameter separated by a semicolon (see Push notification content parameters).
"01;03;0123456789"
Login request content
The login details are protected in a Secure Channel message which must be decrypted with the Digipass SDK. Once decrypted, the login details are encoded as a plain text string with each parameter separated by a semicolon (see Login details parameters).
"01;04;myService;3;myUserID;myDomain"
If the user approves the login request and is successfully authenticated, the login request must be signed with the Digipass SDK using the Secure Channel message received from DIGIPASS Gateway that contains the login details.
If the user rejects the login request, the challenge key must be encrypted in a Secure Channel message with the Digipass SDK.