Authentication refusal

If the user doesn't approve the authentication request, the PKSA will send a refusal message to the HAS. The HAS will then forward the following message to the APP:

auth_nack

{
    cmd: "auth_nack",
    uuid: string,
    data: string
}

uuid: the request identifier
data: the uuid encrypted with auth_key and converted to Base64

The data can be decrypted by the APP using the auth_key to ensure the auth_nack message comes from a PKSA it has previously shared the auth_key with. This prevents a malicious actor operating a HAS server from faking requests' refusal.

PreviousAuthentication approval NextErrors

Last updated 2 years ago