Authorize FIDO Transaction Signing

Authorize Transaction Signing function that verify user’s username with FIDO 2 key together with transaction id and details.

Below is the URL to access the API functions:

POST /v2/CentagateWS/webresources/auth/authFidoTrans

Parameters

Parameters	Occurence	Descriptions
username	Required	Registered Username in CENTAGATE Cloud
transactionId	Required	The user’s Transaction Id that have sent during request.
details	Required	The user`s transaction details
fidoChallenge	Required	The fido challenge key
assertion	Required	The FIDO key public key credentials
authToken	optional	The previous generated authToken
integrationKey	Required	Integration Key Of The App That The User Wants To Authenticate
unixTimestamp	Required	Current Time In Unixtimestamp
supportFido	Optional	FIDO Authentication Option, Pass True To Enable And False To Disable. Or Leave It Empty
ipAddress	Optional	IP Address From Where The Authentication Request Is Originated.
userAgent	Optional	Platform Information Of Authentication Request is made of.
browserFp	Optional	Browser Fingerprint
HMAC	Required	Hmac Generated From Combination (username + transactionId + details + fidoChallenge + assertion + authToken + userAgent + integrationKey + supportFido + browserFp + unixTimeStamp + ipAddress) Using Secretkey (Can Be Obtained From The App Page) As The Key

Sample Code

As in below there are some examples of source code of access the API functions:

Java

Node Js

PHP

Java

public static void main(String[] args) {

	ClientConfig config = new DefaultClientConfig ();
	Client client = Client.create ( config );
	WebResource service = client.resource ("https://<domain_name>/v2/CentagateWS/webresources");
			
	Gson gson = new Gson();
			
	String hmac = convertHmacSha256("secretkey","username" + "details" + "transactionId" + "fidoChallenge" + "assertion" + "authToken" + "integrationKey" + "unixTimestamp" + "supportFido" + "ipAddress" + "userAgent" + "browserFp");

	HashMap<String, String> map = new HashMap<String, String>();
	map.put("username", "username");
	map.put("details", "details");
	map.put("transactionId", "transactionId");
	map.put("fidoChallenge", "fidoChallenge");
	map.put("assertion", "assertion");
	map.put("authToken", "authToken");
	map.put("integrationKey", "integrationKey");
	map.put("unixTimestamp", "unixTimeStamp");
	map.put("ipAddress", "ipAddress"); 
	map.put("userAgent", "userAgent"); 
	map.put("browserFp", "browserFp"); 
	map.put("supportFido", "supportFido");
	map.put("hmac", hmac); 

	ClientResponse response = service.path ("auth").path("authFidoTrans").accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, gson.toJson(map));
				
	String retJson = response.getEntity(String.class);

	HashMap<String, Object> returnData = (HashMap<String, Object>) gson.fromJson(retJson, HashMap.class);

	String code = returnData.get("code").toString();
	String message = returnData.get("message").toString();
	String object = returnData.get("object").toString();
}

public static String convertHmacSha256(String secretKey, String params) throws NoSuchAlgorithmException, 
            InvalidKeyException,IllegalStateException, SignatureException, NoSuchProviderException, Exception
{
	try
	{
		final SecretKeySpec secret_key = new SecretKeySpec ( StringUtils.getBytesUtf8 ( secretKey ) , "HmacSHA256" );
		final Mac mac = Mac.getInstance ( "HmacSHA256" );
		mac.init ( secret_key );
		final byte[] bytes = mac.doFinal ( StringUtils.getBytesUtf8 ( params ) );
		return Hex.encodeHexString ( bytes );
	}
	catch ( NoSuchAlgorithmException e )
	{
		throw new NoSuchAlgorithmException ( e );
	}
	catch ( InvalidKeyException e )
	{
		throw new InvalidKeyException ( e );
	}
	catch ( IllegalStateException e )
	{
		throw new IllegalStateException ( e );
	}
	catch ( Exception e )
	{
		throw new Exception ( e );
	}
}

Node Js

const https = require('https')

var crypto = require('crypto');
var username = "<username>";
var details = "<details>";
var transactionId = "<transactionId>";
var fidoChallenge = "<fidoChallenge>";
var assertion = "<assertion>";
var integrationKey = "<integration key>";

var time = Math.round((new Date()).getTime() / 1000);
var unixTimestamp = time.toString();
var authToken = "<authToken>";

var supportFido = "<supportFido>";
var ipAddress = "<ipAddress>";
var userAgent = "<userAgent>";
var browserFp = "<browserFp>";

var secretKey    = "<secretKey>";  
var hmacText = username + details + transactionId + fidoChallenge + assertion + authToken + integrationKey + unixTimestamp + supportFido + ipAddress + userAgent + browserFp;
var hash, hmac;

/* generate hmac value*/
hmac = crypto.createHmac(sha256, secretKey);    
hmac.write(hmacText);
hmac.end();      
hash = hmac.read().toString('hex');    

const data = JSON.stringify({
	username: username,
	details: details,
	transactionId: transactionId,
	fidoChallenge: fidoChallenge,
	assertion: assertion,
	authToken: authToken,
	integrationKey: integrationKey,
	unixTimestamp: unixTimestamp,
	ipAddress: ipAddress,
	supportFido: supportFido,
	userAgent: userAgent,
	browserFp: browserFp,
	hmac: hash
})

const options = {
	hostname: "<domain_name>",
	port: 443,
	path:'/v2/CentagateWS/webresources/auth/authFidoTrans',
	method: 'POST',
	headers: {
		'Accept': 'application/json',
		'Content-Type': 'application/json',
	}
}

const req = https.request(options, res =>{
	console.log(`HTTP Status Code: ${res.statusCode}`)
	var body = '';
	res.on('data', function(d){
		
	body += d;
	var parsed = JSON.parse(body);
	
	if (parsed.code == 0){
	   console.log('Authentication Succeed');
	   console.log('Response:');
	   console.log(body);
	}
	else {
	  console.log('Authentication Fail, ' +'Message:' + parsed.message);
	  console.log('Code:' + parsed.code); 
	}
		
	})
})

req.on('ERROR', error => {
	console.error(error)
})

req.write(data)
req.end()

PHP

<?php

    $url = 'https://<domain_name>/v2/CentagateWS/webresources/auth/authFidoTrans';
    
    $ch = curl_init($url);
    
    $secretKey = "<secretkey>";
    $username ="<username>";
    $details = "<details>";
    $transactionId = "<transactionId>";
    $fidoChallenge = "<fidoChallenge>";
    $assertion = "<assertion>";
    $integrationKey = "<integrationkey>";
    $time = time(); // get current timestamp
    $unixTimestamp = strval($time); //convert timestamp to String
    $authToken = "<authToken>";
    $supportFido = "<supportFido>";
    $ipAddress = "<ipAddress>";
    $userAgent = "<userAgent>";
    $browserFp = "<browserFp>";
    
    $hmac_text = $username.$details.$transactionId.$fidoChallenge.$assertion.$authToken.$integrationKey.$unixTimestamp.$supportFido.$ipAddress.$userAgent.$browserFp;
    $hmac = hash_hmac('sha256', $hmac_text, $secretKey); // calculate hmac value
    
    $jsonData = array (
    	'username'=> $username,
    	'details'=> $details,
    	'transactionId'=> $transactionId,
    	'fidoChallenge'=> $fidoChallenge,
    	'assertion'=> $assertion,
    	'authToken'=> $authToken,
    	'integrationKey'=> $integrationKey,
    	'unixTimestamp'=> $unixTimestamp,
    	'supportFido'=> $supportFido,
    	'ipAddress'=> $ipAddress,
    	'userAgent'=> $userAgent,
    	'browserFp'=> $browserFp,
    	'hmac' => $hmac
    );
    
    $jsonDataEncoded = json_encode($jsonData);
    
    curl_setopt($ch, CURLOPT_POST,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    
    $result = curl_exec($ch);
    
    
    $obj = json_decode($result); 
    if ($obj->{'code'} != 0){
    	print "Authentication fail";
    	print "Message: ".$obj->{'message'}; 
    	echo " <br>"; 
    	print "Code: ".$obj->{'code'};
    }
    else {
    	print "Authentication succeed";
    	echo " <br>"; 
    	print "Message: ".$obj->{'message'}; 
    	echo " <br>"; 
    	print "Code: ".$obj->{'code'}; 
    	echo " <br>"; 
    	print "Result:" ;
    	echo " <br>"; 
    	print $result;
    }
    
    curl_close($ch);

?>