Amster

OATHTokenVerifier

Realm Operations

Resource path:

/realm-config/authentication/authenticationtrees/nodes/OathTokenVerifierNode

Resource version: 2.0

create

Usage

am> create OATHTokenVerifier --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "totpTimeSteps" : {
      "title" : "TOTP Time Steps",
      "description" : "This is the number of time step intervals to check the received OTP against both forward in time and back in time. For example, with 1 time step and a time step interval of 30 seconds the server will allow a code between the previous code, the current code and the next code.",
      "propertyOrder" : 40,
      "type" : "integer",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 50,
      "type" : "string",
      "exampleValue" : ""
    },
    "isRecoveryCodeAllowed" : {
      "title" : "Allow recovery codes",
      "description" : "Allow users to use one of the recovery codes to proceed with the login.",
      "propertyOrder" : 70,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "maximumAllowedClockDrift" : {
      "title" : "TOTP Maximum Allowed Clock Drift",
      "description" : "Number of time steps a client is allowed to get out of sync with the server before manual resynchronization is required. For example, with 3 allowed drifts and a time step interval of 30 seconds the server will allow codes from up to 90 seconds from the current time to be treated as the current time step. The drift for a user's device is calculated each time they enter a new code. If the drift exceeds this value, the user's authentication code will be rejected.",
      "propertyOrder" : 60,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 30,
      "type" : "integer",
      "exampleValue" : ""
    },
    "hotpWindowSize" : {
      "title" : "HOTP Window Size",
      "description" : "This sets the window that the OTP device and the server counter can be out of sync. For example, if the window size is 100 and the servers last successful login was at counter value 2, then the server will accept a OTP from the OTP device that is from device counter 3 to 102.",
      "propertyOrder" : 20,
      "type" : "integer",
      "exampleValue" : ""
    }
  },
  "required" : [ "totpTimeSteps", "algorithm", "totpHashAlgorithm", "isRecoveryCodeAllowed", "maximumAllowedClockDrift", "totpTimeInterval", "hotpWindowSize" ]
}

delete

Usage

am> delete OATHTokenVerifier --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action OATHTokenVerifier --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action OATHTokenVerifier --realm Realm --actionName getCreatableTypes

listOutcomes

List the available outcomes for the node type.

Usage

am> action OATHTokenVerifier --realm Realm --body body --actionName listOutcomes

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "title" : "Some configuration of the node. This does not need to be complete against the configuration schema."
}

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action OATHTokenVerifier --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query OATHTokenVerifier --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read OATHTokenVerifier --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update OATHTokenVerifier --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "totpTimeSteps" : {
      "title" : "TOTP Time Steps",
      "description" : "This is the number of time step intervals to check the received OTP against both forward in time and back in time. For example, with 1 time step and a time step interval of 30 seconds the server will allow a code between the previous code, the current code and the next code.",
      "propertyOrder" : 40,
      "type" : "integer",
      "exampleValue" : ""
    },
    "algorithm" : {
      "title" : "OATH Algorithm",
      "description" : "",
      "propertyOrder" : 10,
      "type" : "string",
      "exampleValue" : ""
    },
    "totpHashAlgorithm" : {
      "title" : "TOTP Hash Algorithm",
      "description" : "The Hmac hash algorithm to be used on generating the OTP codes.",
      "propertyOrder" : 50,
      "type" : "string",
      "exampleValue" : ""
    },
    "isRecoveryCodeAllowed" : {
      "title" : "Allow recovery codes",
      "description" : "Allow users to use one of the recovery codes to proceed with the login.",
      "propertyOrder" : 70,
      "type" : "boolean",
      "exampleValue" : ""
    },
    "maximumAllowedClockDrift" : {
      "title" : "TOTP Maximum Allowed Clock Drift",
      "description" : "Number of time steps a client is allowed to get out of sync with the server before manual resynchronization is required. For example, with 3 allowed drifts and a time step interval of 30 seconds the server will allow codes from up to 90 seconds from the current time to be treated as the current time step. The drift for a user's device is calculated each time they enter a new code. If the drift exceeds this value, the user's authentication code will be rejected.",
      "propertyOrder" : 60,
      "type" : "integer",
      "exampleValue" : ""
    },
    "totpTimeInterval" : {
      "title" : "TOTP Time Step Interval",
      "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.",
      "propertyOrder" : 30,
      "type" : "integer",
      "exampleValue" : ""
    },
    "hotpWindowSize" : {
      "title" : "HOTP Window Size",
      "description" : "This sets the window that the OTP device and the server counter can be out of sync. For example, if the window size is 100 and the servers last successful login was at counter value 2, then the server will accept a OTP from the OTP device that is from device counter 3 to 102.",
      "propertyOrder" : 20,
      "type" : "integer",
      "exampleValue" : ""
    }
  },
  "required" : [ "totpTimeSteps", "algorithm", "totpHashAlgorithm", "isRecoveryCodeAllowed", "maximumAllowedClockDrift", "totpTimeInterval", "hotpWindowSize" ]
}