Encryption key (auth_key)
To secure the authentication process, the data exchanged between the APP and the PKSA will be encrypted using an encryption key (
auth_key). By encrypting these data, the HAS will be unaware of what's going on between the APP and the PKSA and unable to tamper with the authentication request.
Before initiating the authentication process, the APP must create an
auth_keyfor each account it manages. We recommend using a uuid to strengthen security.
For the PKSA to be able to decrypt the payload sent to it by the APP, the APP will have to share it with the PKSA. This can be done in two ways: