Skip to main content
Version: 7.2405.x.x LTS

Create Token Service

caution

Do not use the Create Token Service for out-of-band scenarios. Instead, use the Dispatch Token Service.

You use the Create Token Service to generate tokens. To trigger the generation of a token, provide a GetUAFRequest object to the Create Token Service when accessing the service.

HTTP Methods

POST is the only supported HTTP method.

Base URL

All URLs referenced in this section have the following base:

https://fido.siven.ch/nevisfido/token/create/<operation>

The <operation> in the base URL can be registration, authentication or deregistration.

Having split endpoints allows you to protect nevisFIDO differently for each operation, by means of nevisProxy and nevisAuth. d nhe registration and deregistration endpoints must be protected or it would be easy for malicious clients to register new credentials and deregister existing ones.

Request Headers

The following request headers are mandatory:

NameDescription
AcceptAccept header, must be application/json.
Content-TypeContent type header, must be application/fido+uaf;charset=UTF-8.

Request Body

The Create Token Service requires a JSON payload with a GetUAFRequest object as defined in the FIDO UAF HTTP Transport Specification . The GetUAFRequest object has the following structure:

AttributeTypeDescriptionOptional
opStringThe request operation, must be set to either one of Reg, Auth, or Dereg.false
previousRequestStringIf the application is requesting a new UAF request message because the previous one expired, the previous one could be sent to the server.true
contextStringThe contextual information must be a stringified JSON object that conforms to the relevant Context dictionary.false

Response Headers

The following response headers will be set:

NameDescription
Content-TypeContent type header, fixed to application/json.

Response Body

The body of the response message coming from the Create Token Service contains the token (in the token attribute). The statusCode attribute shows the HTTP status code of the token creation. If the token creation was successful, the code is "1200". If the token creation was not successful, the status code indicates why. The table below lists all elements of the response body.

AttributeTypeDescription
tokenStringThe token generated by nevisFIDO. This is the token that can be used by a client to trigger the UAF operation (registration, authentication or deregistration). Therefore, the token must be sent to the corresponding endpoint ("/nevisfido/token/redeem/registration" for registration, "/nevisfido/token/redeem/authentication" for authentication and "/nevisfido/token/redeem/deregistration" for deregistration), to redeem the token and trigger the FIDO UAF operation with the GetUAFRequest sent in this request.
sessionIdStringThe identifier of the session generated by nevisFIDO. This session identifier can be used by a client to retrieve the status of the authentication. The session ID must be sent to the "/nevisfido/status" endpoint to get the operation status.
statusCodeNumberThe result of the token creation. Possible values: +

1,200 if the token could be created. + 1,400 if the token could not be created because the request was not a valid GetUAFRequest. + 1,401 if the user did not provide authentication credentials or if the credentials were invalid. + 1,403 if the user is not allowed to create a token or the user does not exist in the credential repository. + 1,498 if there was a problem with the contents of the GetUAFRequest. For example the operation (registration, authentication, deregistration) was not sent to the correct endpoint. + 1,500 if the token could not be created because of an unexpected error in the server. |

Example Request

POST /nevisfido/token/create/registration HTTP/1.1
Accept: application/json
Content-Type: application/fido+uaf;charset=UTF-8
Host: fido.siven.ch
Content-Length: 59

{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}

cURL:

$ curl 'https://fido.siven.ch/nevisfido/token/create/registration' -i -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/fido+uaf;charset=UTF-8' \
-d '{
"context" : "{\"username\":\"jeff\"}",
"op" : "Reg"
}'

Example Response

HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:30:03 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Content-Length: 133

{
"token" : "0a3cb482-1386-4e0f-a7f0-d438c7d3b3e3",
"sessionId" : "a4bd4e72-83c6-480a-ba49-5083bf08953c",
"statusCode" : 1200
}

HTTP Status Codes

The following HTTP status codes are returned by the Create Token Service:

HTTP CodeDescription
200OK The server processed the request successfully.
405Method Not Allowed The method of the received request was not POST.
406Not Acceptable The Accept header is not properly set to application/json.
415Unsupported Media Type The Content-Type header is not properly set to application/fido+uaf;charset=UTF-8.