auth_reqcommand to the HAS.
uuid) and a request expiration time (
auth_payload) which contains the received
uuid, the account
name, a session encryption key (
auth_key) and the URL of the HAS
hostit is connected to.
auth_payloadwill be shared with the PKSA offline using a QR code or deep linking. The APP asks the User to start its PKSA and scan the QR Code or it triggers the PKSA using deep linking when on mobile.
auth_payloadfrom the deep link that triggered it.
name) found in the
auth_reqto the PKSA.
auth_payloadagainst the one from the
auth_reqit receives to ensure it is processing the right request.
uuidwith the key (
key_app) found in the
auth_ack_payloadwith the above data (
uuid) and sends it with an authentication request approval message (
auth_ack) to the HAS.
auth_nack) to the HAS.
auth_ack) or the authentication refusal (
auth_nack) to the APP.
key_app. Therefore, by matching the decrypted
auth_ack_payload.uuidusing its encryption key (
key_app) with the pending request
uuidit received from the HAS with the
sign_waitevent, the APP has 100% certainty that the encryption process was made by the PKSA.