PASSWORD transaction

This flow describes how to initiate and verify PASSWORD transaction.

1. Initiate password verification IAPI/initiateTransaction
2. Calculate crypto with password
3. Encrypt password hash with RSA key
4. Verify PASSWORD transaction IAPI/verifyTransaction

Initiate password verification

• initiate transaction for specified muid and methodType = PASSWORD
• used parameters:

Parameter	Description	Required	Value example
methodType	type of used method	true	["PASSWORD","SMS","CM"]
muid	user identifier	false	cg2t1
operationType	type of initiated transaction, deafault value is AUTHORIZATION	false	["AUTHENTICATION","AUTHORIZATION"]
tenant	organisation name, if not supplied, default value from configuration is taken	false	Monet+
transactionData.data	WYSIWYS transaction data (base64-encoded)	true	PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=
transactionData.locale	language code according to ISO 639-1	true	cs
transactionData.template	transformation template	true	AUTHENTICATION

• REST API callback: IAPI/initiateTransaction

POST http://${BASE_URL}/case-iapi/v1/initiateTransaction
{
  "tenant": "idport",
  "muid": "cg2t1",
  "methodType": "PASSWORD",
  "operationType": "AUTHENTICATION",
  "transactionData": {
    "data": "PFdZU0lXWVMgeG1sbnM9Imh0dHA6Ly9tZXAubW9uZXRwbHVzLmN6IiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB2ZXJzaW9uPSIxLjIiIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL21lcC5tb25ldHBsdXMuY3ogbWVwX3d5c2l3eXNfMV8yLnhzZCI+DQoJPHQ+DQoJCTxsdlNwZWMgbD0iTsOhemV2IHRyYW5zYWtjZSIgbHdzPSIiIHdzPSIiPlDFmWlobMOhxaFlbsOtIGRvIGFwbGlrYWNlPC9sdlNwZWM+DQoJCTxsdiBpZD0iQVBQX0lEIiBsPSJBcGxpa2FjZSI+QkxVRTwvbHY+DQoJCTxsdiBpZD0iVFJBTlNBQ1RJT05fSUQiIGw9IklEIG9wZXJhY2UiPjE2MDcyNjAwMDAwMDA1NzwvbHY+DQoJCTxsdiBpZD0iQVBQTElDQVRJT05fTkFNRSIgbD0iTsOhemV2IGFwbGlrYWNlIj5CTFVFPC9sdj4NCgkJPGx2IGlkPSJUSU1FU1RBTVAiIGw9IkRhdHVtIGEgxI1hcyB0cmFuc2FrY2UiPjI2LjA3LjIwMTYgMTU6MjQ6MjA8L2x2Pg0KCQk8bHYgaWQ9IkNBU0VfTkFNRSIgbD0iTsOhemV2IHRyYW5zYWtjZSI+UMWZaWhsw6HFoWVuw60gZG8gYXBsaWthY2U8L2x2Pg0KCTwvdD4NCjwvV1lTSVdZUz4=",
    "locale": "cs",
    "template": "AUTHENTICATION"
  }
}
{
  "status": "success",
  "data": {
    "caseId": "Vn+tlfJ/sTMUMDxJmgju6qUwClhDXtSq5fcUPO0KN5kn6Ndzq6i9fNFwc5W0uvfJZZNvz2hW0dDyG20z2t97Pg2iRecBqqiLhhEcvn3ikOlgfzInEUIQOQNLUpurej3F",
    "methodSpecific": {
      "salt": "S4IA9/pt+mOclZ6bRlK48lYktaDdaAJHG16Fot6mXuA=",
      "cipherPublicKey": "MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQCbA+nA4Oyfe4OiFeYGRK8O02+q3ObJ3IZPhYw7SJ5ULhygpZNhIcL5X0c1c2/yHuVoD7PKmoguQUu5Jj5uRC2ovvC8+X+xPRfohrhw8IXQ/DJC8AqRifCCUWshL8qzA4NNzIDIcMG+gLstSHdcMt6+opQb7AemGPfKiWVYw8wsTI9omkfT5QeMWTGJjBD38DFTLzEua/E56lm4MKDM4rk2PxD0Va0h2aZG7T0F6RwqhM7YYLhbc9LVwr840U9/EfUCAwEAAQ==",
      "algType": 2,
      "nonce": "JhcAyHHnWcA3JcWNgS2bXAerspEAN24yMmnk/KPvP7tkA4Qzf9ZxM4r5OZNpxK9D"
    }
  }
}

Calculate crypto with password

• for algType = 2
  • calculation of transaction verification code = sha256(sha256(salt||password)||nonce) where password is password supplied by user, salt is parameter .data.methodSpecific.salt from IAPI/activateMethod response and nonce is parameter .data.methodSpecific.nonce from IAPI/intiateTransaction response.

Encrypt password hash with RSA key

• code can be optionally encrypted with RSA methodSpecific.cipherPublicKey from IAPI/initiateTransaction response (if provided)
• algorithm RSA/ECB/PKCS1Padding is used for encryption and password hash enters encryption as a Base64 byte array

Verify PASSWORD transaction

• transaction verification with code = transaction verification code calculated with cryptography in previous step
• used parameters:

Parameter	Description	Required	Value example
caseId	transaction identifier	true	41QHE14SDOdId+d+g9isQVRgpkPKRRAoYWcaLVt//BdW4VjjSf0QfEmMMPzRGo6wl1TCcx5GUtGFr8sfh315Tuj4AT/ea4sSyv9z7Tgklo2RhV9zMhDOh7bBI5vp+uPf
code	transaction verification code	false	kuxejDzuNbSh1z6VGzYqo7Bv90IpfRavzGfxBYN9yl6D549zaSawq6+Cb0RDQLUz+vpFCgPBMHs73AQO1TpkVCACO/XiDfAf6P2ad61pPlXN02+L6fARtxXcOqowuM5AdPQioV4Byo1/guSjsT/BGNL0MpIjw5NgMtpB5NNw24+2PYx+8lzZM25NPTNaylTJNXBiCL3kBV/p68hc2p4EDzSSRjgA0uTH1oNMIqyNXXPOFGCKU9RSylrBnwLpCUkq
methodType	type of used method	true	["PASSWORD","ACTIVATION_CODE","SMS","CM","SPNEGO","TLS_CLIENT"]
muid	user identifier	true	cg2t1
tenant	organisation name, if not supplied, default value from configuration is taken	false	Monet+

• REST API callback: IAPI/verifyTransaction

POST http://${BASE_URL}/case-iapi/v1/verifyTransaction
{
  "tenant": "idport",
  "muid": "cg2t1",
  "methodType": "PASSWORD",
  "caseId": "Vn+tlfJ/sTMUMDxJmgju6qUwClhDXtSq5fcUPO0KN5kn6Ndzq6i9fNFwc5W0uvfJZZNvz2hW0dDyG20z2t97Pg2iRecBqqiLhhEcvn3ikOlgfzInEUIQOQNLUpurej3F",
  "code": "aYcztAl2Zf1IJBLLy5zhKOPqMJlZnvzaLb67imDHy01i9eI7jg2iiS1aWSUz9AoXj+VOiiIdOKVth8yE0WsBYgtRS6QC43G3K/xwX9hT0iREO07rZhCTRTgEEf/oDuralbjlI7V8Hr8A7uNPwh6xGnLe8vKKQ9Dk7W2p+NO2kSZ52+eyNDPfQ8FLlsbIBfpn/5YJHMPZOQU/4eqWp27kdk1AxZrLz2i2XUOHetBCh2imeE5xLzDq4cg3+i5xv0sA"
}
{
  "status": "success",
  "data": {
    "instanceInfo": {
      "@type": "cz.monetplus.idport.component.model.InstanceInfo",
      "instanceId": "PASSWORD:2ab8a723-c4df-4e31-b214-ed6d223b9fb1:cg2t1",
      "state": "ACTIVE",
      "instanceName": "JMTest - 2020-07-29 08-23-43.923",
      "lastAccess": "2020-07-30T00:23:44.060378Z"
    }
  }
}