Create Token Service
Do not use the Create Token Service for out-of-band scenarios. Instead, use the Dispatch Token Service.
You use the Create Token Service to generate tokens. To trigger the generation of a token, provide a GetUAFRequest object to the Create Token Service when accessing the service.
HTTP Methods
POST is the only supported HTTP method.
Base URL
All URLs referenced in this section have the following base:
https://fido.siven.ch/nevisfido/token/create/<operation>
The <operation> in the base URL can be registration, authentication or deregistration.
Having split endpoints allows you to protect nevisFIDO differently for each operation, by means of nevisProxy and nevisAuth. d nhe registration and deregistration endpoints must be protected or it would be easy for malicious clients to register new credentials and deregister existing ones.
Request Headers
The following request headers are mandatory:
| Name | Description |
|---|---|
Accept | Accept header, must be application/json. |
Content-Type | Content type header, must be application/fido+uaf;charset=UTF-8. |
Request Body
The Create Token Service requires a JSON payload with a GetUAFRequest object as defined in the
FIDO UAF HTTP Transport Specification
. The GetUAFRequest object has the following structure:
| Attribute | Type | Description | Optional |
|---|---|---|---|
op | String | The request operation, must be set to either one of Reg, Auth, or Dereg. | false |
previousRequest | String | If the application is requesting a new UAF request message because the previous one expired, the previous one could be sent to the server. | true |
context | String | The contextual information must be a stringified JSON object that conforms to the relevant Context dictionary. | false |
Response Headers
The following response headers will be set:
| Name | Description |
|---|---|
Content-Type | Content type header, fixed to application/json. |
Response Body
The body of the response message coming from the Create Token Service contains the token (in the token attribute).
The statusCode attribute shows the HTTP status code of the token creation. If the token creation was successful, the code is "1200". If the token creation was not successful, the status code indicates why. The table below lists all elements of the response body.
| Attribute | Type | Description |
|---|---|---|
token | String | The token generated by nevisFIDO. This is the token that can be used by a client to trigger the UAF operation (registration, authentication or deregistration). Therefore, the token must be sent to the corresponding endpoint ("/nevisfido/token/redeem/registration" for registration, "/nevisfido/token/redeem/authentication" for authentication and "/nevisfido/token/redeem/deregistration" for deregistration), to redeem the token and trigger the FIDO UAF operation with the GetUAFRequest sent in this request. |
sessionId | String | The identifier of the session generated by nevisFIDO. This session identifier can be used by a client to retrieve the status of the authentication. The session ID must be sent to the "/nevisfido/status" endpoint to get the operation status. |
statusCode | Number | The result of the token creation. Possible values: + |
1,200 if the token could be created. +
1,400 if the token could not be created because the request was not a valid GetUAFRequest. +
1,401 if the user did not provide authentication credentials or if the credentials were invalid. +
1,403 if the user is not allowed to create a token or the user does not exist in the credential repository. +
1,498 if there was a problem with the contents of the GetUAFRequest. For example the operation (registration, authentication, deregistration) was not sent to the correct endpoint. +
1,500 if the token could not be created because of an unexpected error in the server. |
Example Request
POST /nevisfido/token/create/registration HTTP/1.1
Accept: application/json
Content-Type: application/fido+uaf;charset=UTF-8
Host: fido.siven.ch
Content-Length: 59
{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}
cURL:
$ curl 'https://fido.siven.ch/nevisfido/token/create/registration' -i -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/fido+uaf;charset=UTF-8' \
-d '{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}'
Example Response
HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:30:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Content-Length: 133
{
"token" : "0a3cb482-1386-4e0f-a7f0-d438c7d3b3e3",
"sessionId" : "a4bd4e72-83c6-480a-ba49-5083bf08953c",
"statusCode" : 1200
}
HTTP Status Codes
The following HTTP status codes are returned by the Create Token Service:
| HTTP Code | Description |
|---|---|
| 200 | OK The server processed the request successfully. |
| 405 | Method Not Allowed The method of the received request was not POST. |
| 406 | Not Acceptable The Accept header is not properly set to application/json. |
| 415 | Unsupported Media Type The Content-Type header is not properly set to application/fido+uaf;charset=UTF-8. |