CM verification with OTP - monetplus/IDport GitHub Wiki
CM verification with OTP
This flow describes how to initiate transaction for authentication and verify it with OTP generated in offline mobile device.
- Initiate offline verification
IAPI/initiateTransaction
- Get OTP from mobile app
- Verify CM offline transaction
IAPI/verifyTransaction
Initiate offline verification
- initiate authentication transaction with OTP from offline mobile instance
- specific parameters setting:
operationType = AUTHENTICATIONtype = PIN for PIN only authorization, type = ALT_SECRET for PIN and biometric authorizationprocessingOptions.authorizationFlow = OFFLINEprocessingOptions.offlineChallenge = QR to return data for QR code, or NONE to expecting OTP without any data
- used parameters:
| Parameter |
Description |
Required |
Value example |
methodType |
type of used method |
true |
["PASSWORD","SMS","CM"] |
muid |
user identifier |
false |
cg2t1 |
operationType |
type of initiated transaction, deafault value is AUTHORIZATION |
false |
["AUTHENTICATION","AUTHORIZATION"] |
tenant |
organisation name, if not supplied, default value from configuration is taken |
false |
Monet+ |
type |
secret that can be used for transaction verification, secrets hierarchy: PIN > ALT_SECRET > NO_PIN, stronger secret can be used always, default value is PIN |
false |
["PIN","NO_PIN","INFORMATION_MESSAGE","ALT_SECRET_ACTIVATION"] |
processingOptions.authorizationFlow |
distinguishes how the transaction can be verified, default value is ONLINE_OFFLINE |
false |
["ONLINE","OFFLINE","ONLINE_OFFLINE"] |
processingOptions.offlineChallenge |
type of challenge for offline authorization flow, default value is QR |
false |
["QR","NONE","QR_NONE"] |
transactionData.data |
WYSIWYS transaction data (base64-encoded) |
true |
PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4= |
transactionData.locale |
language code according to ISO 639-1 |
true |
cs |
transactionData.template |
transformation template |
true |
AUTHENTICATION |
- REST API callback:
IAPI/initiateTransaction
POST http://${BASE_URL}/case-iapi/v1/initiateTransaction
{
"tenant": "idport",
"muid": "cg2t1",
"methodType": "CM",
"operationType": "AUTHENTICATION",
"type": "PIN",
"transactionData": {
"data": "PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=",
"locale": "cs",
"template": "AUTHENTICATION"
},
"processingOptions": {
"authorizationFlow": "OFFLINE",
"offlineChallenge": "NONE"
}
}
{
"status": "success",
"data": {
"caseId": "80YQ45FNPVFGpuU+kPF6a0za/miBo1yIApQdtOS0Ch5zAmtEwJkiD8uLaOBDYXWCg7/qe5lj6a60FgL1YZ95GCFgsDieSIKIf320VOKddzmlDf8xYfEFyYiq04TO+/yY",
"methodSpecific": {
"qrData": "UVIyfDJ8QkMzNENDMEZ8UElOfDB8MOKUjEJMVUXilIzilIx8MHw4VEE3MU88UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8PEJMVUU8PDF8RGF0dW0gYSDEjWFzIHRyYW5zYWtjZXwyNi4wNy4yMDE2IDE1OjI0OjIwPjF8SUQgdHJhbnNha2NlfDE2MDcyNjAwMDAwMDA1Nw==",
"cipherPublicKey": "MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQCbA+nA4Oyfe4OiFeYGRK8O02+q3ObJ3IZPhYw7SJ5ULhygpZNhIcL5X0c1c2/yHuVoD7PKmoguQUu5Jj5uRC2ovvC8+X+xPRfohrhw8IXQ/DJC8AqRifCCUWshL8qzA4NNzIDIcMG+gLstSHdcMt6+opQb7AemGPfKiWVYw8wsTI9omkfT5QeMWTGJjBD38DFTLzEua/E56lm4MKDM4rk2PxD0Va0h2aZG7T0F6RwqhM7YYLhbc9LVwr840U9/EfUCAwEAAQ=="
}
}
}
Get OTP from mobile app
- either scan QR code or enter PIN (resp. use biometrics) to get OTP from mobile application
Verify CM offline transaction
- authorization of transaction identified by
caseId
code is transaction verification code (OTP) obtained from mobile application (previous step)code can be optionally encrypted with RSA methodSpecific.cipherPublicKey from IAPI/initiateTransaction response (if provided)- used parameters:
| Parameter |
Description |
Required |
Value example |
caseId |
transaction identifier |
true |
41QHE14SDOdId+d+g9isQVRgpkPKRRAoYWcaLVt//BdW4VjjSf0QfEmMMPzRGo6wl1TCcx5GUtGFr8sfh315Tuj4AT/ea4sSyv9z7Tgklo2RhV9zMhDOh7bBI5vp+uPf |
code |
transaction verification code |
false |
kuxejDzuNbSh1z6VGzYqo7Bv90IpfRavzGfxBYN9yl6D549zaSawq6+Cb0RDQLUz+vpFCgPBMHs73AQO1TpkVCACO/XiDfAf6P2ad61pPlXN02+L6fARtxXcOqowuM5AdPQioV4Byo1/guSjsT/BGNL0MpIjw5NgMtpB5NNw24+2PYx+8lzZM25NPTNaylTJNXBiCL3kBV/p68hc2p4EDzSSRjgA0uTH1oNMIqyNXXPOFGCKU9RSylrBnwLpCUkq |
methodType |
type of used method |
true |
["PASSWORD","ACTIVATION_CODE","SMS","CM","SPNEGO","TLS_CLIENT"] |
muid |
user identifier |
true |
cg2t1 |
tenant |
organisation name, if not supplied, default value from configuration is taken |
false |
Monet+ |
- REST API callback:
IAPI/verifyTransaction
POST http://${BASE_URL}/case-iapi/v1/verifyTransaction
{
"tenant": "idport",
"muid": "cg2t1",
"methodType": "CM",
"caseId": "80YQ45FNPVFGpuU+kPF6a0za/miBo1yIApQdtOS0Ch5zAmtEwJkiD8uLaOBDYXWCg7/qe5lj6a60FgL1YZ95GCFgsDieSIKIf320VOKddzmlDf8xYfEFyYiq04TO+/yY",
"code": "UJgRqB2x01pO3XwxWapu1PJZcLeaS9BQ0sJ/cZKnl9KoEK1oP1VLDU0xL3gTSvvaV/zJpwpX5IzKb6HRSR+1BxujII8Omt5GwR3i0hXNmadqwaXlnMDmdNvBbW093IKSmbNfFHEL6tfr8nxM5G8GP/4cjmNYaGalRj1ukEVPSeyoAR3M9XFnSKUiqedNkBCcAq8meiJRpWSMfm9hNwOGkgrdZFkvwYmOtB6kwCYCP5A5NVSZmgaLfsJnPoYhc30d"
}
{
"status": "success",
"data": {
"instanceInfo": {
"@type": "cz.monetplus.idport.component.model.mobile.InstanceInfoCM",
"instanceId": "ae18de2086382367313745c09539c7baf55a6fe18de84b3306138fcd53b4631c",
"state": "ACTIVE",
"instanceName": "LGE LG-H440n",
"lastAccess": "2020-07-30T00:23:39.996100Z",
"threatFlags": "AAAAAAAAAAA=",
"hwId": "eeb0dba54e565f99-1486128428103--121527461765273515",
"osVersion": "6.0",
"deviceModel": "LG-H440n",
"manufacturer": "LG",
"platform": "ANDROID"
}
}
}