Authentication refusal

If the user doesn't approve the authentication request, the PKSA will send a refusal message to the HAS. The HAS will then forward the following message to the APP:


    cmd: "auth_nack",
    uuid: string,
    data: string
  • uuid: the request identifier

  • data: the uuid encrypted with auth_key and converted to Base64

The data can be decrypted by the APP using the auth_key to ensure the auth_nack message comes from a PKSA it has previously shared the auth_key with. This prevents a malicious actor operating a HAS server from faking requests' refusal.

Last updated