Secure Channel–based authentication
The authentication transaction process via Secure Channel is as follows:
- OneSpan Authentication Server generates a request message, based on the transaction details provided via the client application or a custom request body, and delivers it to the client application. The request message is generated by OneSpan Authentication Server upon the Get Secure Challenge and Get Signing Request commands and is bound to the authenticator selected for the relevant transaction.
- The client application generates either a QR code or a color QR code, which represents this request message, and delivers it to the end user.
- The user scans this image, using an authenticator that complies with Secure Channel.
- The authenticator generates a response for this request message, which the end user enters into the client application.
- OneSpan Authentication Server validates this response and returns the result to the client application which completes the signature authentication process.