Explain that first factor is up to you as to how you want to implement it.
Sequence Diagram
Both the U2F Register and Authenticate have the same general sequence of events that occur.
First the application must obtain a U2F Request from the U2F Server.
That U2F Request is then passed to the U2F Client. which handles special processing of that Request and passing the
The U2F Client takes the Request and properly formats it and sends it to the U2F Authenticator.
Obtain U2F Request
The first thing that the application needs to to for both Register and Authenticate is obtain a U2F Request from the U2F Server. This is done with an ObtainU2fRequest. There is a SurePassID U2F Client API class that encapsulates this functionality. It is the ObtainU2fRequestTask.
dictionary ObtainU2fRequest {
DOMString type;
DOMString username; // TODO(mirko): need to get this another way.
};
type of type DOMString
The type of U2F Request to obtain is either "pre_sign" or "pre_enroll".
username of type DOMString
The username to obtain a Request for. This needs to be authenticated instead.
The response is a U2F Request dictionary. (see fido-u2f-javascript-api; 3.1.1 Dictionary Request Members)