JoshDavisFromNC

Login / Challenge / Response

0 votes

I'm trying to piece all of the elements together to build workflows with your APIs, but there are some gaps in my understanding that I need to fill in. The workflows I'm trying to build are Digipass Activation and Login/Challenge/Response. I posted my questions about the Digipass Activation in another thread.

I'm using "Overview of Intelligent Adaptive Authentication", "Integrating End-User Login with Static Password", and"Secure-Channel-Based Authentication" as guides, but there are several things I'm not clear on, and I'm not able to match all of the steps in the sequence diagrams to API calls.

Should I call /users/{userID@domain}/login first and then call /users/{userID@domain}/events/validate to assess the risk, or should I validate first and then login only if I get a sessionStatus of "accepted"?

In "Integrating End-User Login with Static Password", the first step of the synchronous and asynchronous flow say to "login without providing any credentials (including Digipass user, Digipass domain, CDDC data, and session Identifier)", but those fields are required for the /users/{userID@domain}/login API and I get errors if I omit them.

When I call /users/{userID@domain}/generate-secure-challenge, how do I know what I need to pass in as the customRequestBody? What are the valid object schemas for this field? It says to "use this to provide a request body generated with the Secure Messaging SDK as basis for the request message", but I don't know what that the Secure Messaging SDK is or where to find it so I can install and use it. A search on your site for the phrase "Secure Messaging SDK" returned no results.

Once I've generated the secure challenge, what is the next step? It returns a requestID and a requestMessage, but I don't know what to do with them. Does the generate secure challenge API handle the challenge for me, based on the contents of the customRequestBody, or do I need to make API calls to handle perform the challenge from my application? If it's the former, how is my application notified when the user passes or fails the challenge, by polling /sessions/{requestID} until I get a sessionStatus other than "unknown" or "pending"?

That's all I have for now, but I'm sure I'll have more questions once I get past this point.


Reply to: Login / Challenge / Response

0 votes

Hello,

I am also learning Cloud Authentication Flow.
have you see the interactive API Reference?

https://community.onespan.com/products/onespan-cloud-authentication/sandbox

 

Maybe you can found the body specification you need there

Regards!

Thanks!


Reply to: Login / Challenge / Response

0 votes

Appreciative for sharing such information. It's useful to in login. CFA Home


Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off