Explain that first factor and other forms of second factor authentication is up to you the developer as to how you they want to implement it.
Sequence Diagram
Both the U2F Register and Authenticate have the same general sequence of events that occur.
First the application must obtain a U2F Request from the U2F Server.
That U2F Request is then passed to the U2F Client. which handles special processing of that Request and passing the
The U2F Client takes the Request and properly formats it and sends it to the U2F Authenticator.
Obtain U2F Request
The first thing that the application needs to to for both Register and Authenticate is obtain a U2F Request from the U2F Server. This is done with an ObtainU2fRequest. There is a SurePassID U2F Client API class that encapsulates this functionality. It is the ObtainU2fRequestTask.
| Code Block | ||||
|---|---|---|---|---|
| ||||
dictionary ObtainU2fRequest {
DOMString type;
DOMString username; // TODO(mirko): need to get this another way.
}; |
type of type DOMString
The type of U2F Request to obtain is either "pre_sign" or "pre_enroll".
username of type DOMString
The username to obtain a Request for. This needs to be authenticated instead.
The response is a U2F Request dictionary. (see fido-u2f-javascript-api; 3.1.1 Dictionary Request Members)The Sign In Activity must extend SurePassIdU2fSignActivity. It must implement the following abstract methods.
protected abstract void displayMessage(int messageId); |
|---|
Upon successfully authenticating the user it should call
protected void u2fSign(String username)
That method will perform all the necessary U2F operations.