Registration Request Service
By calling the Registration Request Service and requesting a RegistrationRequest object from the FIDO server, the user/FIDO client initiates the FIDO registration process. This chapter describes the request and response messages between the FIDO client and Server when calling the Registration Request Service.
It is recommended to protect this service using a SecToken.
Base URL
All URLs referenced in this section have the following base:
https://fido.siven.ch/nevisfido/uaf/1.1/request/registration
HTTP Methods
POST is the only supported HTTP method.
Request Headers
The following request headers are mandatory:
| Name | Description |
|---|---|
Accept | Accept header, must be application/fido+uaf. |
Content-Type | Content type header, must be application/fido+uaf;charset=UTF-8. |
Request Body
The Registration Request Service requires from the FIDO client a JSON payload with a GetUAFRequest structure:
GetUAFRequest object - Registration Request Service
| Attribute | Type | Description | Optional |
|---|---|---|---|
op | String | The request operation, must be set to Reg. | false |
previousRequest | String | If the application is requesting a new UAF request message because the previous one expired, the previous one could be sent to the server. | true |
context | String | The contextual information must be a stringified JSON object that conforms to the Registration Context. | false |
The previousRequest parameter is ignored and not handled by nevisFIDO.
Context
The Context dictionary contains all attributes that can be included in the context part of the request body.
| Attribute | Type | Description | Optional |
|---|---|---|---|
username | String | Identity information regarding the user on whose behalf the FIDO client is operating. In the case of the idm credential repository, the accepted type of username (loginId, email, etc.) depends on how the username mapper of the credential repository is configured. | false |
policy | String | The name of the policy to be use to register. If not specified, the default policy will be used. | true |
Response Headers
The following response headers will be set:
| Name | Description |
|---|---|
Content-Type | Content type header, fixed to application/fido+uaf;charset=UTF-8. |
Response Body
e Registration Request Service returns a JSON body with a ReturnUAFRequest object as defined in the FIDO UAF HTTP Transport Specification
. The ReturnUAFRequest object has the following structure:
| Attribute | Type | Description |
|---|---|---|
statusCode | Number | UAF status code for the operation. |
uafRequest | String | The new UAF request message if the server decides to issue one. |
op | String | Hint to the client regarding the operation type of the message, must be set to Reg. |
lifetimeMillis | Number | Hint informing the client application of the lifetime of the message in milliseconds. Absent if the operation was not successful. |
The uafRequest part of the ReturnUAFRequest object contains the RegistrationRequest object. The
RegistrationRequest dictionary includes the attributes that define a RegistrationRequest object. The following table describes the RegistrationRequest dictionary:
| Attribute | Type | Description | Optional |
|---|---|---|---|
header | OperationHeader | The header defines the operation header of the UAF messages coming from the Registration Request Service. Within the header, the operation header attributes are specified. For a description of these attributes, see Operation Header. Note that the attribute header.op must be set to "Reg". | false |
challenge | String | Server-provided challenge value. | false |
username | String | A human-readable username intended to allow the user to distinguish and select from among different accounts at the same relying party. | false |
policy | Policy | Describes which types of authenticators are acceptable for this registration operation. | false |
Example Request
POST /nevisfido/uaf/1.1/request/registration HTTP/1.1
Accept: application/fido+uaf
Content-Type: application/fido+uaf;charset=UTF-8
Host: fido.siven.ch
Content-Length: 59
{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}
cURL:
$ curl 'https://fido.siven.ch/nevisfido/uaf/1.1/request/registration' -i -X POST \
-H 'Accept: application/fido+uaf' \
-H 'Content-Type: application/fido+uaf;charset=UTF-8' \
-d '{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}'
Example Response
HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:30:57 GMT
Content-Type: application/fido+uaf;charset=UTF-8
Transfer-Encoding: chunked
Content-Length: 750
{
"lifetimeMillis" : 300000,
"uafRequest" : "[{\"header\":{\"serverData\":\"Cs9wyAKco_XEnd1WvJ7KzEtdaMzxyQrgX8Qp1mUycLFTm_J0fPwab2l1q188-NhpbXYSS07ltP8WFnBwZdCCDw\",\"upv\":{\"major\":1,\"minor\":1},\"op\":\"Reg\",\"appID\":\"https://www.siven.ch/appID\",\"exts\":[{\"id\":\"ch.nevis.auth.fido.uaf.sessionid\",\"data\":\"887ae70b-7498-4de0-b0aa-bb1e4f4425a6\",\"fail_if_unknown\":false}]},\"challenge\":\"3FK8D9j4w-TfKNUf_bRrBbRrzEbhuQ6nm94KldbPxuoG__ZzQ-68t2Cc03c9uAgRAFXxDuOZAu1E-c3UGSAhaA\",\"username\":\"jeff\",\"policy\":{\"accepted\":[[{\"userVerification\":1023,\"authenticationAlgorithms\":[1,2,3,4,5,6,7,8,9],\"assertionSchemes\":[\"UAFV1TLV\"]}]],\"disallowed\":[{\"aaid\":[\"ABCD#1234\"]}]}}]",
"statusCode" : 1200,
"op" : "Reg"
}
Note that nevisFIDO includes a proprietary extension in the header part of the RegistrationRequest object. This extension provides the session ID that can be used to retrieve the registration status. The following JSON snippet represents the session ID extension. Refer to Extensions
and Proprietary Extensions for details.
{
"id": "ch.nevis.auth.fido.uaf.sessionid",
"data": "d61e461e-c597-4ed3-9d71-12d1c0e3556c",
"fail_if_unknown": false
}
HTTP Status Codes
The following HTTP status codes are returned by the Registration Request Service:
| HTTP Code | Description |
|---|---|
| 200 | OK The server processed the request successfully. A ReturnUAFRequest JSON object containing a RegistrationRequest object is returned. |
| 405 | Method Not Allowed The method of the received request was not POST. |
| 406 | Not Acceptable The Accept header is not properly set to application/fido+uaf. |
| 415 | Unsupported Media Type The Content-Type header is not properly set to application/fido+uaf;charset=UTF-8. |