Challenge approval

If the user approves the challenge request, the PKSA must create a challenge_ack_data object

The structure of the challenge_ack_data is:

{
    pubkey: string,
    challenge: string
}

The PKSA will then encrypt the challenge_ack_data object using the encryption key previously shared with the APP (auth_key).

Finally, the PKSA then inform the HAS of the user's approval by sending the following message:

{
    cmd: "challenge_ack",
    uuid: string,
    data: string,
    pok: string
}

uuid: the challenge_req request identifier
data: challenge_ack_data encrypted with the auth_key and converted to Base64
pok: the uuid encrypted using the account private key and the HAS server public key (see Proof of Key)

Last updated 1 year ago