HiveAuth
HomeGitHub
  • Introduction
    • Authentication
    • Signing and Broadcasting Transactions
    • Why use Hive Authentication Services?
  • Support
  • Developer documentation
    • Protocol description
      • Authentication
      • Transactions
      • Challenge
    • HAS for Applications
      • Connection
      • Encryption key (auth_key)
      • Authentication
        • Authentication request
        • Authentication payload
        • Authentication approval
        • Authentication refusal
        • Errors
        • Expiration
      • Transactions
        • Transaction request
        • Feedback to user
        • Transaction approval
        • Transaction refusal
        • Errors
        • Expiration
      • Challenge
        • Challenge request
        • Feedback to user
        • Challenge approval
        • Challenge refusal
        • Errors
        • Expiration
      • Attach
  • HAS for Wallets (PKSA)
    • Connection
    • Server Encryption Key retrieval
    • Proof of Key
    • Account registration
    • Authentication
      • Authentication payload
      • Authentications request
      • Feedback to user
      • Authentication approval
      • Authentication refusal
      • Errors
    • Transactions
      • Transaction request
      • Feedback to user
      • Transaction approval
      • Transaction refusal
      • Errors
    • Challenge
      • Challenge request
      • Feedback to user
      • Challenge approval
      • Challenge refusal
      • Errors
  • Tutorials
    • App code example
      • HAS Wrapper library
      • HTML code example
      • .NET code example
    • PKSA code example
      • Service Mode
  • Resources
    • Materials
Powered by GitBook
On this page
  • challenge_ack_data
  • challenge_ack
  1. HAS for Wallets (PKSA)
  2. Challenge

Challenge approval

If the user approves the challenge request, the PKSA must create a challenge_ack_data object

The structure of the challenge_ack_data is:

challenge_ack_data

{
    pubkey: string,
    challenge: string
}
  • pubkey: the account public key

  • challenge: the signed challenge

The PKSA will then encrypt the challenge_ack_data object using the encryption key previously shared with the APP (auth_key).

Finally, the PKSA then inform the HAS of the user's approval by sending the following message:

challenge_ack

{
    cmd: "challenge_ack",
    uuid: string,
    data: string,
    pok: string
}
  • uuid: the challenge_req request identifier

  • data: challenge_ack_data encrypted with the auth_key and converted to Base64

PreviousFeedback to userNextChallenge refusal

Last updated 1 year ago

pok: the uuid encrypted using the account private key and the HAS server public key (see )

Proof of Key