Integration of User Login with one-time password (OTP)

OneSpan Cloud Authentication enables users to login to your web application and validate events by generating an one-time password (OTP). An authenticator (hardware or software) that supports Response-Only OTP generation is provisioned for the user.

During the allocation of the authenticator, hardware authenticators can either be defined to use Response-Only or time-based OTPs, and can be modified on an as-needed basis.

You integrate user authentication with OTP with a login request.

To integrate user authentication with OTP

• Issue a login request via the POST /users/{userid@domain}/login endpoint:
  • Method: POST
  • Payload:
    • objecttype: “LoginInput”
    • credentials.authenticator.OTP

The user initiates the login process and provides the Response-Only (RO) OTP generated by their authenticator. OneSpan Cloud Authentication validates the OTP and authenticates the user.

Sequence of a login operation in synchronous login mode with Response-Only OTP

1. The user initiates the login operation which triggers the client application to send a login request This request includes the following parameters:

   • authenticator user
   • authenticator domain
   • Response-Only OTP

2. The web service validates the Response-Only OTP.

   1. OneSpan Cloud Authentication returns the validation result of the OTP.
   2. The Login service forwards the validation result to the web service.
3. The client application checks the status of the login request with the web service.
4. The web service returns to the client application that the authentication has been successful.