Explain that first factor is up to you as to how you want to implement it.
Sequence Diagram
Both the U2F Register and Authenticate have the same general sequence of events that occur.
First the application must obtain a U2F Request from the U2F Server.
That U2F Request is then passed to the U2F Client. which handles special processing of that Request and passing the
The U2F Client takes the Request and properly formats it and sends it to the U2F Authenticator.
Obtain U2F Request
The first thing that the application needs to to for both Register and Authenticate is obtain a U2F Request from the U2F Server. This is done with an ObtainU2fRequest. There is a SurePassID U2F Client API class that encapsulates this functionality. It is the ObtainU2fRequestTask.
| Code Block | ||||
|---|---|---|---|---|
| ||||
dictionary ObtainU2fRequest {
DOMString type;
DOMString username; // TODO(mirko): need to get this another way.
}; |
type of type DOMString
The type of U2F Request to obtain is either "pre_sign" or "pre_enroll".
username of type DOMString
The username to obtain a Request for. This needs to be authenticated instead.
The response is a U2F Request dictionary. (see fido-u2f-javascript-api; 3.1.1 Dictionary Request Members) Below is the code related to processing a FIDO U2F sign operation.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
import com.surepassid.fido.u2f.FidoClientListener;
import com.surepassid.fido.u2f.SurePassIdU2f;
public class DemoSignInActivity extends Activity implements FidoClientListener {
public static final String SERVER_URL = "https://fidocert.surepassid.com/server.aspx";
private SurePassIdU2f mU2f;
private String mSessionToken;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
initUi();
mU2f = new SurePassIdU2f(this, this);
}
void afterSignInSuccess(String username) {
// After the user has successfully signed in start the U2F Sign process.
mU2f.sign(SERVER_URL, sessionToken);
}
@Override
public void onActivityResult(int requestCode, int resultCode, Intent intent) {
switch (requestCode) {
case U2fClientIntent.REQUEST_CODE_SIGN:
// Forward the result to SurePassIdU2f.onActivityResult
mU2f.onActivityResult(requestCode, resultCode, intent);
break;
}
}
/**
* Called if there not any errors processing the FIDO request. The
* result indicates thte status of the request.
*/
@Override
public void fidoClientResult(Result result){
switch (result) {
case SUCCESS:
gotoTargetActivity();
break;
case CANCELED:
fidoClientCanceled();
break;
case ALTERNATE_VERIFICATION:
gotoAlternateVerificationActivity();
break;
}
}
/**
* Called if there was an error during the U2F Sign Operation.
*
* @param errorMessage The error that occurred.
*/
@Override
public void fidoClientError(CharSequence errorMessage) {
// Handle the error message.
displayMessage(errorMessage);
}
/**
* Method used to go to the app's target activity after U2F Sign succeeds.
*/
public void gotoTargetActivity() {
Intent intent = new Intent(this, DemoAppActivity.class);
intent.putExtra(EXTRA_USERNAME, mUsername);
intent.putExtra(EXTRA_SESSION_TOKEN, mSessionToken);
startActivity(intent);
}
/**
* Method used to go to an activity that provides the user the ability
* to use a different second factor method if they are unable to use
* a U2F Authenticator.
*/
public void gotoAlternateVerificationActivity() {
Intent intent = new Intent(this, DemoEnterOtpActivity.class);
startActivity(intent);
}
/**
* Called if the U2F Sign operation was canceled by the user.
*/
public void fidoClientCanceled() {
resetFormValues();
enableForm();
displayMessage("Sign In canceled.");
}
} |
Upon successfully authenticating the user it should call
protected void u2fSign(String username)
That method will perform all the necessary U2F operations.