In the Trusona app, these properties are not used. NOTE - The URL should include a randomized segment so it cannot be guessed and abused by third-parties e.g.Īrbitrary properties that can be added to the Trusonafication. The body will be the trusonafication object along with a Signed JWT in the jwt field. The Trusonafication object that needs to be createdĪ HTTPS URL to POST to when the trusonafication has been completed (accepted, rejected, or expired). Create a Trusonafication (legacy endpoint) With the base64 signature value, and the result should be placed in theĬontact Email : 3.7. Once you have the signature, the unsigned base64 value should be combined Combine the unsigned thumbprint/nonce with the signature Once you have the raw signature bytes, they should be converted into base64 3.4. The base64 value computed in the previous step should be signed using theĭevice key that was generated on the device. The two values should be combined together with a colon:Īfter the two values are combined, the resulting value should beĬonverted to base64. It is recommended to use a standard UUID for the nonce. Combine the JWK thumbprint with a nonceĪfter computing the JWK thumbprint, a nonce (a unique value for one time use)
Is sent in a request header called X-Device-Sig. To be signed with the device key generated on the device.
The API services intended for communication with mobile devices require requests Header will look similar to the following:Īuthorization: TRUSONA : 3. Set this value as the Authorization header on the request. Add base 64 value and token as auth headerįinally, join the server token received from Trusona to the base64 signature with a colon, and add a prefix of Note that the hex string itself should be encoded, not the binary signature. YjFjZDQ0NTQ4NTkzMjM0MGZkMmNkMDMxNzkxNzRhYzUyMDUzYjk2ZTkyNGM5NTczZGE2YWM2ODk4MTcxYzgyNw= When all of the items are joined together, the final string will look similar to the following:
Take each of the following request attributes Get the hex representation of the hash.Īfter the body hash is computed, the string to be signed is built.Collect the request body into a variable.Important to make sure the body is used after any processing is applied to it, so it is hashed exactly the JSON document) and generate a hash of the body. The first step is to take the request body (i.e. These can be acquired at the Trusona Developer’s site at ,Ĭreating the correct Authorization header requires several steps. Most of the Trusona API services require the request to include an Authorization header The Trusona API - create devices, register users, trusonafy them. Get keys used to sign device identifier JWTs Create a binding between a user and an RP identifier, from a scanned TruCode Register an identity document with Trusona Look up a Trusonafication (legacy endpoint) Add base 64 value and token as auth header Use the HMAC-SHA256 algorithm to generate a signature
0 kommentar(er)
