HomeGitHub

Challenge approval

If the user approves the challenge request, the PKSA must create a challenge_ack_data object

The structure of the challenge_ack_data is:

challenge_ack_data

{
    pubkey: string,
    challenge: string
}

  • pubkey: the account public key

  • challenge: the signed challenge

The PKSA will then encrypt the challenge_ack_data object using the encryption key previously shared with the APP (auth_key).

Finally, the PKSA then inform the HAS of the user's approval by sending the following message:

challenge_ack

{
    cmd: "challenge_ack",
    uuid: string,
    data: string,
    pok: string
}

  • uuid: the challenge_req request identifier

  • data: challenge_ack_data encrypted with the auth_key and converted to Base64

  • pok: the uuid encrypted using the account private key and the HAS server public key (see Proof of Key)

PreviousFeedback to userNextChallenge refusal

Last updated