Complete Authentication

To complete registration you'll need the same header values as used in Initiate Authentication

Request Spec

HTTP Method: POST

Headers:
- X-Scope-Id: A UUID string representing the application scope.
- X-Encrypted-Key: A string containing the encrypted key for secure communication.
- X-Encrypted-User: The user input encrypted using the encryption key
Body:
- encrypted_assertion: A string containing the encrypted user assertion data.

To create an encrypted_assertion, first have to decrypt the encrypted_request_challenge from the response in Initiate Authentication, with the following functions.

const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto;

const decrypt = async (algo, key, data) => {
  try {
    const decryptedResult = await cryptoObj.subtle.decrypt(algo, key, data);
    return decryptedResult;
  } catch (error) {
    console.error("Decryption error:", error);
    throw error;
  }
};

const aesDecrypt = async (
  cipherText: string,
  encryptionKey: BufferSource,
  keyFormat: "raw" = "raw",
  keyLength: number = 256
) => {
  if (!encryptionKey) {
    throw Error("Encryption key not initialized");
  }
  let cryptoKey: CryptoKey;
  let decryptedData: ArrayBuffer;

  try {
    const combined = Uint8Array.from(atob(cipherText), (c) => c.charCodeAt(0));
    const iv = combined.slice(0, 12);
    const encryptedData = combined.slice(12);

    cryptoKey = await importKey(keyFormat, encryptionKey, { name: "AES-GCM", length: keyLength }, [
      "decrypt",
    ]);

    decryptedData = await decrypt({ name: "AES-GCM", iv }, cryptoKey, encryptedData);

    const decoder = new TextDecoder();
    return decoder.decode(new Uint8Array(decryptedData));
  } catch (error) {
    console.error("AES-GCM Decryption error:", error);
    throw error;
  }
};

const request_challenge_str = await aesDecrypt(
      initAuthResponse.result.encrypted_request_challenge,
      aesKey
);

const request_challenge_json = JSON.parse(request_challenge_str) 

// Once you have the credential creation options you can create a webauthn compatible 
// assertion / signature e.g by using the broswer navigator.credentials.get
// function

const assertion = navigator.credentials.get(request_challenge_json);

You can then encrypt the attestation with your AES Key and send it as part of the request

const encrypted_attestation = await aesEncrypt(JSON.stringify(assertion), aesKey);

challenge_id: A UUID string representing the unique challenge for this authentication request, returned from Initiate Authentication

Encrypt user for headers.

const params = {
    username: "test_user",
    userDisplayName: "test_user"
}

// Same aesKey created with `generateAesKey`
const encrypted_user = await aesEncrypt(JSON.stringify(params), aesKey);

Response Spec

Body:
- encrypted_jwt: A string containing the encrypted JSON Web Token (JWT) if authentication is successful.

Request Example

POST / HTTP/1.1
Host: https://tiramisu.0xpass.i
Content-Type: application/json
X-Scope-Id: 123e4567-e89b-12d3-a456-426614174000
X-Encrypted-Key: jp6t2GVOvzltN+4VGc21ZKPIbLjEvitE34cFYDvVNrcmF2ukcKMTO8R/F0wbonGZM0NZBg2X94FvirH6Hi2U1zFlXN5srkOdvQL3lVNZ86gbfEtJFPOEAeZkxtTOKOsH4ZXPtUbFOjT2Niblo8njOKibOoAMRKIhtsNTTvRXjHRxnNqVs3QcSe7XbO1DbH/pdRgq+YZN13znlSRsupu4G/h/KBEZr98wXFo8PeDV9F8ZV56F90GqQ3wKzFUBwC9rJihGz0omH+eJA0jB/K7BYt30fhWDnqaLNP2eb1mbIjBCmv6sXqu2jtghr3ejl0YwjP9lCO+aVD7bophfb/IyKg==
X-Encrypted-User: JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg==
{
  "jsonrpc": "2.0",
  "method": "completeAuthentication",
  "params": {
    "encrypted_assertion": "JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg==",
    "challenge_id": "123e4567-e89b-12d3-a456-426614174000",
  },
  "id": 1
}

Response Example

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 128

{
  "jsonrpc": "2.0",
  "result": {
    "encrypted_jwt": "JZVjZw33OGoQDEMcbOdckx4TzspQEKP5j+iAGqf6b6gPleziY/Noyd4uW6KMSujq0HKP2Rb69p9Wi8ic5O8LZl9oTmmWk4op0CUKejqcV5DsNDp83PYzUg=="
  },
  "id": 1
}

PreviousInitiate Authentication NextDeveloper Owned Auth

Last updated 10 months ago

Was this helpful?