Skip to main content
Version: 2.4.x.x Java 8 ELS

Registration Response Service

The FIDO client calls the Registration Response Service when it has processed the RegistrationRequest object coming from the FIDO server. The client invokes the Registration Response Service by providing a RegistrationResponse object that must be processed by nevisFIDO. This chapter describes the request and response messages between the FIDO client and server when calling the Registration Response Service.

info

The client can send to nevisFIDO the ASM Status Code received by the ASM in the registration response. In case of error, the Registration Response will contain no assertions, but the rest of its contents must be specification compliant. This is not part of the standard specification and can be used notably together with the Status Service.

Base URL

All URLs referenced in this section have the following base:

https://fido.siven.ch/nevisfido/uaf/1.1/registration

HTTP Methods

POST is the only supported HTTP method.

Request Headers

The following request headers are mandatory:

NameDescription
AcceptAccept header, must be application/fido+uaf.
Content-TypeContent type header, must be application/fido+uaf;charset=UTF-8.

Request Body

The Registration Response Service requires a JSON payload with a SendUAFResponse object as defined in the FIDO UAF HTTP Transport Specification . The SendUAFResponse object has the following structure:

AttributeTypeDescriptionOptional
contextStringThe contextual information must be a stringified JSON object that conforms to the Registration Response Context dictionary. It contains the status code returned by the ASM (Authenticator Specific Module) in the authenticating device.true
uafResponseStringThe stringified JSON containing the registration response sent by the UAF client.false

The uafResponse part of the SendUAFResponse object consists of an array with a single The RegistrationResponse object contains a registration response for a specific protocol version.

The RegistrationResponse dictionary includes all attributes that define a RegistrationResponse object. The following table describes the RegistrationResponse dictionary:

AttributeTypeDescriptionOptional
headerObjectSee Operation Header Dictionary. The operation header of the uafResponse.false
fcParamsStringBase64url-encoded final challenge parameters using UTF-8 encoding, see Final Challenge Dictionary.false
assertionsArrayArray of required assertion response data for each authenticator being registered.true. The assertions can be empty if an error occurred and the client provides the ASM status code in the [Context Registration Response].
assertions[].assertionSchemeStringName of the assertion scheme used to encode the assertion. The only currently supported mandatory assertion scheme is: UAFV1TLV.false
assertions[].assertionStringBase64url-encoded TAG_UAFV1_REG_ASSERTION object, contains the newly generated UAuth.pub key and is signed by the attestation's private key.false
assertions[].tcDisplayPNGCharacteristicsStringSupported transaction PNG type for the definition of the DisplayPNGCharacteristicsDescriptor.true
assertions[].extsArrayExtensions prepared by the authenticator.true
info

If an error occurs on the client side, the client may return a RegistrationResponse containing an empty assertions array. In this case, the server will respond with UAF status code "1498" ("Unacceptable Content"). This is intended behavior: The response is not valid according to the specification.

Context

The client can provide the ASM Status Code and the Client Error Code in the context. These codes are exposed by the Status Service. The Status Service uses the codes to better identify problems on the client side, which occur during the authentication with the FIDO authenticators.

The client can also optionally provide information required to create a Dispatch Target together with the to-be-registered FIDO UAF credentials. This prevents the client from having to authenticate twice to create a dispatch target. This is particularly useful in the out-of-band scenarios (with the Create Token Service and the Dispatch Token Service).

AttributeTypeDescriptionOptional
asmStatusCodenumberThe ASM Status Codetrue
clientErrorCodenumberThe Client Error Codetrue
dispatchTargetObjectThe Dispatch Target information.true
deviceIdStringThe string identifying the device, such as a mobile phone, where the dispatch target and the FIDO UAF credentials are stored. The goal of this attribute is to allow administration tools to link the FIDO UAF credentials and the dispatch targets. This identifier should not change during the whole lifetime of the device. If a deviceId and a dispatch target are provided, the device identifier will also be used for the created dispatch target.true
AttributeTypeDescriptionOptional
name`StringThe name describing the dispatch target. It can be used as a user-friendly representation that helps the end-user to identify this target. It must be unique for all the dispatch targets defined for the user.false
dispatcherStringThe name of the default [Dispatcher] as configured in nevisFIDO that must be associated with this dispatch target. This value corresponds to the value of the type attribute in the nevisFIDO YAML configuration. If the client does not provide the dispatcher to be used in the dispatch token request, this is the dispatcher that will be invoked. This attribute is deprecated and will be ignored in future releases.true
targetStringThe information required by the dispatcher to dispatch a token. Currently, this is only required when using the FCM dispatcher: it is the Firebase push registration token that nevisFIDO uses to send a push notification. If the FCM dispatcher is not used (i.e. if no push notifications are required), this attribute can be omitted when creating the dispatch target.true
signatureKeyObjectThe public key that is used by nevisFIDO to verify the signature of the messages sent by the client to modify the dispatch target. It must be provided as a JWS object as described in the {jws-spec}. The use attribute of the JWS must be set to sig and the key_ops attribute must contain the value sign.true
encryptionKeyObjectThe public key used by nevisFIDO to encrypt the tokens sent to the dispatch target. It must be provided as a JWS object as described in the {jws-spec}. The use attribute of the JWS must be set to enc and the key_ops attribute must contain the value encrypt.true
info

Suppose the following scenario: The client provides a Dispatch Target in the context, the FIDO UAF contents are successfully validated, but it is not possible to create the dispatch target. In this case, the server will return UAF status code "1498" ("Unacceptable Content"). Furthermore, also no FIDO UAF credential will be created, as the whole operation is handled atomically.

Response Headers

The following response headers will be set:

NameDescription
Content-TypeContent type header, fixed to application/fido+uaf;charset=UTF-8.

Response Body

The Registration Response Service will return a ServerResponse object as described in the FIDO UAF HTTP Transport Specification

The ServerResponse object has the following structure:

AttributeTypeDescription
statusCodeNumberUAF status code for the operation, see UAF Status Codes. If the client provided a dispatchTarget in the SendUAFResponse context, the validation of the FIDO UAF contents was successful, but the dispatch target could not be created, nevisFIDO will return a UAF status code UNACCEPTABLE_CONTENT (1498).
descriptionStringDetailed message containing a user-friendly description of the registration result and the dispatch target ID (if one was created). This is the stringified representation of the JSON described in the [Registration Server Response].
additionalTokensArrayNew authentication or authorization token(s) for the client that are not natively handled by HTTP transport.
locationStringIf present, indicates to the client web application that it should navigate to the URI contained in this field.
postDataStringIf present, and in combination with location, indicates the client should POST the contents to the specified location.
newUAFRequestStringServer may return a new UAF protocol message with this field. This might be used to supply a fresh request to retry an operation in response to a transient failure, to request additional confirmation for a transaction, or to send a deregistration message in response to a permanent failure.
info

The following attributes are ignored and not handled by nevisFIDO:

  • additionalTokens
  • location
  • postData
  • newUAFRequest
AttributeTypeDescriptionOptional
messageStringA user-friendly description of the result of the registration operation.true
dispatchTargetIdStringThe identifier of the dispatch target (if created).true

Example Request

POST /nevisfido/uaf/1.1/registration HTTP/1.1
Accept: application/fido+uaf
Content-Type: application/fido+uaf;charset=UTF-8
Host: fido.siven.ch
Content-Length: 3636

{
"uafResponse" : "[{\"header\":{\"serverData\":\"serverdata\",\"upv\":{\"major\":1,\"minor\":1},\"op\":\"Reg\",\"appID\":\"appID\"},\"fcParams\":\"eyJjaGFsbGVuZ2UiOiJjaGFsbGVuZ2UiLCJjaGFubmVsQmluZGluZyI6eyJjaWRfcHVia2V5IjoicHVia2V5In0sImFwcElEIjoiYXBwSUQiLCJmYWNldElEIjoiZmFjZXRJRCJ9\",\"assertions\":[{\"assertionScheme\":\"UAFV1TLV\",\"assertion\":\"AT5TAAM-PgALLgkAQUJCQiM5OTk5Di4HAAEAAQMAAAEKLgAACS4FAGtleUlkDS4IAAEAAAAFAAAADC4JAHB1YmxpY0tleQc-DQAGLgkAc2lnbmF0dXJl\"}]}]",
"context" : "{\"asmStatusCode\":0,\"clientErrorCode\":0,\"dispatchTarget\":{\"name\":\"My Mobile Phone\",\"target\":\"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P198aDPO\",\"dispatcher\":\"firebase-cloud-messaging\",\"signatureKey\":{\"kty\":\"RSA\",\"x5t#S256\":\"Gdx2FPL7iCmnm7w9oZMIB5uAIJqD4_GTk9Opj4eWPig\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"12815362391007865962\",\"x5c\":[\"MIICuzCCAaOgAwIBAgIJALHZUDIn7KxqMA0GCSqGSIb3DQEBCwUAMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjAeFw0yMjA3MjQxMzMwMjFaFw0yNDA3MjUxMzMwMjFaMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOIqpTA7FrpxZrGWF8aLSrAD4UQanypOZmPA8PmVL9p+nDEG93/kD3iV/RBGvdL6IWhaCDZB2U/kZNID8vcgfwrAESNHhJaK3dcxV87E1D5H1oRnIv/R9dkS/WExErivRtk1qFXT+GKQf4j9oEKu8YsPaRHeZvvBc9oksQWbEDJPAkjXxEb/2+HJvu2tv6AC5K7f2GOwslkBV/LFQ4Iv1NYPdzD6kIYjAb+//KwJGCkRx5b4lVONobB2KY+6sBHVSYoWTakaSUhy44Ci550d16hpZ7xObdNgiX4am+2bLj4F2ZD3LYKs3171hIk2XlhhuYxiGaCU5ieHjZuqcP6rq8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATkTYXOHdu1Eg5q8SjSOC3Xb1grg36RCa7W1v9vqoGP4qKdoe1a7giOHe9YIWhcwXKtlkWiE687wO3ZvzLTWLSwMTRpI3wO6bBsYfYWNWb60Q4uR9XEw5GbVprqQnXb7cNvrdCFsXcYwO4G/nX08s+vRsZkn710sVey9X/u4SuVPac8gavTXvLMz2Nitivkjn/luKhKzUfPLxlqOWjmyeLNs5FFEqzYBasiuU+2QOasoXahqtg7j34ODS9ZkDYVvBMwpesmm3Mz3K+ovWBflQa/PAmGIMlZhcmhTQ/JxnkjukUNWhfD6vNvQuY9y/Anc5JgnicoOWFIDA65jtnlT0Dg==\"],\"n\":\"4iqlMDsWunFmsZYXxotKsAPhRBqfKk5mY8Dw-ZUv2n6cMQb3f-QPeJX9EEa90vohaFoINkHZT-Rk0gPy9yB_CsARI0eElord1zFXzsTUPkfWhGci_9H12RL9YTESuK9G2TWoVdP4YpB_iP2gQq7xiw9pEd5m-8Fz2iSxBZsQMk8CSNfERv_b4cm-7a2_oALkrt_YY7CyWQFX8sVDgi_U1g93MPqQhiMBv7_8rAkYKRHHlviVU42hsHYpj7qwEdVJihZNqRpJSHLjgKLnnR3XqGlnvE5t02CJfhqb7ZsuPgXZkPctgqzfXvWEiTZeWGG5jGIZoJTmJ4eNm6pw_quryQ\"},\"encryptionKey\":{\"kty\":\"RSA\",\"x5t#S256\":\"Gdx2FPL7iCmnm7w9oZMIB5uAIJqD4_GTk9Opj4eWPig\",\"e\":\"AQAB\",\"use\":\"enc\",\"kid\":\"12815362391007865962\",\"x5c\":[\"MIICuzCCAaOgAwIBAgIJALHZUDIn7KxqMA0GCSqGSIb3DQEBCwUAMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjAeFw0yMjA3MjQxMzMwMjFaFw0yNDA3MjUxMzMwMjFaMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOIqpTA7FrpxZrGWF8aLSrAD4UQanypOZmPA8PmVL9p+nDEG93/kD3iV/RBGvdL6IWhaCDZB2U/kZNID8vcgfwrAESNHhJaK3dcxV87E1D5H1oRnIv/R9dkS/WExErivRtk1qFXT+GKQf4j9oEKu8YsPaRHeZvvBc9oksQWbEDJPAkjXxEb/2+HJvu2tv6AC5K7f2GOwslkBV/LFQ4Iv1NYPdzD6kIYjAb+//KwJGCkRx5b4lVONobB2KY+6sBHVSYoWTakaSUhy44Ci550d16hpZ7xObdNgiX4am+2bLj4F2ZD3LYKs3171hIk2XlhhuYxiGaCU5ieHjZuqcP6rq8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATkTYXOHdu1Eg5q8SjSOC3Xb1grg36RCa7W1v9vqoGP4qKdoe1a7giOHe9YIWhcwXKtlkWiE687wO3ZvzLTWLSwMTRpI3wO6bBsYfYWNWb60Q4uR9XEw5GbVprqQnXb7cNvrdCFsXcYwO4G/nX08s+vRsZkn710sVey9X/u4SuVPac8gavTXvLMz2Nitivkjn/luKhKzUfPLxlqOWjmyeLNs5FFEqzYBasiuU+2QOasoXahqtg7j34ODS9ZkDYVvBMwpesmm3Mz3K+ovWBflQa/PAmGIMlZhcmhTQ/JxnkjukUNWhfD6vNvQuY9y/Anc5JgnicoOWFIDA65jtnlT0Dg==\"],\"n\":\"4iqlMDsWunFmsZYXxotKsAPhRBqfKk5mY8Dw-ZUv2n6cMQb3f-QPeJX9EEa90vohaFoINkHZT-Rk0gPy9yB_CsARI0eElord1zFXzsTUPkfWhGci_9H12RL9YTESuK9G2TWoVdP4YpB_iP2gQq7xiw9pEd5m-8Fz2iSxBZsQMk8CSNfERv_b4cm-7a2_oALkrt_YY7CyWQFX8sVDgi_U1g93MPqQhiMBv7_8rAkYKRHHlviVU42hsHYpj7qwEdVJihZNqRpJSHLjgKLnnR3XqGlnvE5t02CJfhqb7ZsuPgXZkPctgqzfXvWEiTZeWGG5jGIZoJTmJ4eNm6pw_quryQ\"}}}"
}

cURL:

$ curl 'https://fido.siven.ch/nevisfido/uaf/1.1/registration' -i -X POST \
-H 'Accept: application/fido+uaf' \
-H 'Content-Type: application/fido+uaf;charset=UTF-8' \
-d '{
"uafResponse" : "[{\"header\":{\"serverData\":\"serverdata\",\"upv\":{\"major\":1,\"minor\":1},\"op\":\"Reg\",\"appID\":\"appID\"},\"fcParams\":\"eyJjaGFsbGVuZ2UiOiJjaGFsbGVuZ2UiLCJjaGFubmVsQmluZGluZyI6eyJjaWRfcHVia2V5IjoicHVia2V5In0sImFwcElEIjoiYXBwSUQiLCJmYWNldElEIjoiZmFjZXRJRCJ9\",\"assertions\":[{\"assertionScheme\":\"UAFV1TLV\",\"assertion\":\"AT5TAAM-PgALLgkAQUJCQiM5OTk5Di4HAAEAAQMAAAEKLgAACS4FAGtleUlkDS4IAAEAAAAFAAAADC4JAHB1YmxpY0tleQc-DQAGLgkAc2lnbmF0dXJl\"}]}]",
"context" : "{\"asmStatusCode\":0,\"clientErrorCode\":0,\"dispatchTarget\":{\"name\":\"My Mobile Phone\",\"target\":\"bk3RNwTe3H0:CI2k_HHwgIpoDKCIZvvDMExUdFQ3P198aDPO\",\"dispatcher\":\"firebase-cloud-messaging\",\"signatureKey\":{\"kty\":\"RSA\",\"x5t#S256\":\"Gdx2FPL7iCmnm7w9oZMIB5uAIJqD4_GTk9Opj4eWPig\",\"e\":\"AQAB\",\"use\":\"sig\",\"kid\":\"12815362391007865962\",\"x5c\":[\"MIICuzCCAaOgAwIBAgIJALHZUDIn7KxqMA0GCSqGSIb3DQEBCwUAMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjAeFw0yMjA3MjQxMzMwMjFaFw0yNDA3MjUxMzMwMjFaMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOIqpTA7FrpxZrGWF8aLSrAD4UQanypOZmPA8PmVL9p+nDEG93/kD3iV/RBGvdL6IWhaCDZB2U/kZNID8vcgfwrAESNHhJaK3dcxV87E1D5H1oRnIv/R9dkS/WExErivRtk1qFXT+GKQf4j9oEKu8YsPaRHeZvvBc9oksQWbEDJPAkjXxEb/2+HJvu2tv6AC5K7f2GOwslkBV/LFQ4Iv1NYPdzD6kIYjAb+//KwJGCkRx5b4lVONobB2KY+6sBHVSYoWTakaSUhy44Ci550d16hpZ7xObdNgiX4am+2bLj4F2ZD3LYKs3171hIk2XlhhuYxiGaCU5ieHjZuqcP6rq8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATkTYXOHdu1Eg5q8SjSOC3Xb1grg36RCa7W1v9vqoGP4qKdoe1a7giOHe9YIWhcwXKtlkWiE687wO3ZvzLTWLSwMTRpI3wO6bBsYfYWNWb60Q4uR9XEw5GbVprqQnXb7cNvrdCFsXcYwO4G/nX08s+vRsZkn710sVey9X/u4SuVPac8gavTXvLMz2Nitivkjn/luKhKzUfPLxlqOWjmyeLNs5FFEqzYBasiuU+2QOasoXahqtg7j34ODS9ZkDYVvBMwpesmm3Mz3K+ovWBflQa/PAmGIMlZhcmhTQ/JxnkjukUNWhfD6vNvQuY9y/Anc5JgnicoOWFIDA65jtnlT0Dg==\"],\"n\":\"4iqlMDsWunFmsZYXxotKsAPhRBqfKk5mY8Dw-ZUv2n6cMQb3f-QPeJX9EEa90vohaFoINkHZT-Rk0gPy9yB_CsARI0eElord1zFXzsTUPkfWhGci_9H12RL9YTESuK9G2TWoVdP4YpB_iP2gQq7xiw9pEd5m-8Fz2iSxBZsQMk8CSNfERv_b4cm-7a2_oALkrt_YY7CyWQFX8sVDgi_U1g93MPqQhiMBv7_8rAkYKRHHlviVU42hsHYpj7qwEdVJihZNqRpJSHLjgKLnnR3XqGlnvE5t02CJfhqb7ZsuPgXZkPctgqzfXvWEiTZeWGG5jGIZoJTmJ4eNm6pw_quryQ\"},\"encryptionKey\":{\"kty\":\"RSA\",\"x5t#S256\":\"Gdx2FPL7iCmnm7w9oZMIB5uAIJqD4_GTk9Opj4eWPig\",\"e\":\"AQAB\",\"use\":\"enc\",\"kid\":\"12815362391007865962\",\"x5c\":[\"MIICuzCCAaOgAwIBAgIJALHZUDIn7KxqMA0GCSqGSIb3DQEBCwUAMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjAeFw0yMjA3MjQxMzMwMjFaFw0yNDA3MjUxMzMwMjFaMB0xCzAJBgNVBAYTAmNoMQ4wDAYDVQQDEwVzaXZlbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOIqpTA7FrpxZrGWF8aLSrAD4UQanypOZmPA8PmVL9p+nDEG93/kD3iV/RBGvdL6IWhaCDZB2U/kZNID8vcgfwrAESNHhJaK3dcxV87E1D5H1oRnIv/R9dkS/WExErivRtk1qFXT+GKQf4j9oEKu8YsPaRHeZvvBc9oksQWbEDJPAkjXxEb/2+HJvu2tv6AC5K7f2GOwslkBV/LFQ4Iv1NYPdzD6kIYjAb+//KwJGCkRx5b4lVONobB2KY+6sBHVSYoWTakaSUhy44Ci550d16hpZ7xObdNgiX4am+2bLj4F2ZD3LYKs3171hIk2XlhhuYxiGaCU5ieHjZuqcP6rq8kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEATkTYXOHdu1Eg5q8SjSOC3Xb1grg36RCa7W1v9vqoGP4qKdoe1a7giOHe9YIWhcwXKtlkWiE687wO3ZvzLTWLSwMTRpI3wO6bBsYfYWNWb60Q4uR9XEw5GbVprqQnXb7cNvrdCFsXcYwO4G/nX08s+vRsZkn710sVey9X/u4SuVPac8gavTXvLMz2Nitivkjn/luKhKzUfPLxlqOWjmyeLNs5FFEqzYBasiuU+2QOasoXahqtg7j34ODS9ZkDYVvBMwpesmm3Mz3K+ovWBflQa/PAmGIMlZhcmhTQ/JxnkjukUNWhfD6vNvQuY9y/Anc5JgnicoOWFIDA65jtnlT0Dg==\"],\"n\":\"4iqlMDsWunFmsZYXxotKsAPhRBqfKk5mY8Dw-ZUv2n6cMQb3f-QPeJX9EEa90vohaFoINkHZT-Rk0gPy9yB_CsARI0eElord1zFXzsTUPkfWhGci_9H12RL9YTESuK9G2TWoVdP4YpB_iP2gQq7xiw9pEd5m-8Fz2iSxBZsQMk8CSNfERv_b4cm-7a2_oALkrt_YY7CyWQFX8sVDgi_U1g93MPqQhiMBv7_8rAkYKRHHlviVU42hsHYpj7qwEdVJihZNqRpJSHLjgKLnnR3XqGlnvE5t02CJfhqb7ZsuPgXZkPctgqzfXvWEiTZeWGG5jGIZoJTmJ4eNm6pw_quryQ\"}}}"
}'

Example Response

HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:30:22 GMT
Content-Type: application/fido+uaf;charset=UTF-8
Transfer-Encoding: chunked
Content-Length: 226

{
"statusCode" : 1200,
"description" : "{\"message\":\"OK. Operation completed. A device with ID 650b436e-cf43-4e75-88a5-f406535ff253 has been registered.\",\"dispatchTargetId\":\"650b436e-cf43-4e75-88a5-f406535ff253\"}"
}

HTTP Status Codes

The following HTTP status codes are returned by the Registration Response Service:

HTTP CodeDescription
200OK The server processed the request successfully. Check the response body for UAF specific status information.
405Method Not Allowed The method of the received request was not POST.
406Not Acceptable The Accept header is not properly set to application/fido+uaf.
415Unsupported Media Type The Content-Type header is not properly set to application/fido+uaf;charset=UTF-8.