Amster

PushNotificationResponse

Realm Operations

Push Authentication depends on the secure verification of information sent from the server to the client, and from the client to the server. This allows the server to verify that the notification was received by the original device, and for the device to verify that only the server sent out the original request.

This endpoint provides the place for the device to return responses to the server to requests received either by QR code or by push notification.

Resource path:

/push/sns/message

Resource version: 1.0

authenticate

Message sent from device to server in response to a request for authentication sent to the device via Push notification. This message is generally sent from the ForgeRock Authenticator app.

Usage

am> action PushNotificationResponse --realm Realm --body body --actionName authenticate

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "messageId" : {
      "type" : "string",
      "title" : "Message ID",
      "description" : "Unique message identifier"
    },
    "jwt" : {
      "type" : "string",
      "title" : "JWT",
      "description" : "Signed JWT containing claims:\n* `response`: Response to challenge (Base64 encoding of the HmacSHA256 hashing of the decoded shared secret and the decoded challenge)\n* `deny`: Indication that this auth attempt should be shut down (boolean)"
    }
  },
  "required" : [ "messageId", "jwt" ]
}

register

Message sent from device to server in response to a registration message received on the device via a QR code. This message is generally sent from the ForgeRock Authenticator app.

Usage

am> action PushNotificationResponse --realm Realm --body body --actionName register

Parameters

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "messageId" : {
      "type" : "string",
      "title" : "Message ID",
      "description" : "Unique message identifier"
    },
    "jwt" : {
      "type" : "string",
      "title" : "JWT",
      "description" : "Signed JWT containing claims:\n* `response`: Response to challenge (Base64 encoding of the HmacSHA256 hashing of the decoded shared secret and the decoded challenge)\n* `mechanismUid`: The device-specific identifier for the just-registered mechanism (string)\n* `deviceId`: The registration token used by GCM or APNS (string)\n* `deviceType`: `android` or `ios` (string)\n* `communicationType`: `gcm` or `apns` (string)"
    }
  },
  "required" : [ "messageId", "jwt" ]
}