Skip to main content
Version: 8.2411.x.x RR

Registration Service

This chapter describes the request and response messages between the FIDO2 Relying Party client and Server when calling the Registration Service.

info

It is recommended to protect this service using a SecToken.

Base URL

All URLs referenced in this section have the following base:

https://fido.siven.ch/nevisfido/fido2/attestation/result

HTTP Methods

POST and OPTIONS are the only supported HTTP method.

Request Headers

The following request headers are mandatory:

NameDescription
AcceptAccept header, must be application/json.
Content-TypeContent type header, must be application/json.

Request Body

The Registration Service requires from the FIDO2 Relying Party client a JSON payload with a PublicKeyCredential object as defined in the WebAuthn specification. Also mentioned as ServerPublicKeyCredential in the Conformance test API. Has the following structure:

AttributeTypeDescriptionOptional
typeStringType of credential. It is an extension point, currently only support public-key.false
idStringA probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions.false
responseObjectThis attribute contains the authenticator's response to the JS client's request to create a public key credential. Also referred as ServerAuthenticatorAttestationResponse in the Conformance API.false
response.clientDataJSONStringJSON-compatible serialization of JS client data passed to the authenticator to generate this credential.false
response.attestationObjectStringThe attestation object contains both authenticator data and an attestation statement. The contents of the attestation statement are determined by the attestation statement format used by the authenticator.false
userFriendlyNameStringUser friendly name for the authenticator. (Proprietary)true
userAgentStringUser agent used to initiate the current request. (Proprietary)true
info

Note that nevisFIDO includes proprietary extensions on the top of what is defined by the Conformance Test API:

  • userFriendlyName
  • userAgent

Response Headers

The following response headers will be set:

NameDescription
Content-TypeContent type header, fixed to application/json.

Response Body

The Registration Service returns a JSON body with a ServerResponse object which is defined by the Conformance testing API and has been extended by nevisFIDO with a session ID. The ServerResponse object has the following structure:

AttributeTypeDescription
statusStringDescribing the status of the response. Can be set to either "ok" or "failed".
errorMessageStringError message in case the status is failed.
fido2SessionIdStringIdentifier of the FIDO2 session in nevisFIDO. Can be used to query the status from the status service.

Example Request

POST /nevisfido/fido2/attestation/result HTTP/1.1
Accept: application/json
Content-Type: application/json
Host: fido.siven.ch
Content-Length: 330

{
"type" : "public-key",
"id" : "Y3JlZElk",
"response" : {
"clientDataJSON" : "dW5wYXJzYWJsZSBjbGllbnQganNvbiBkYXRh",
"attestationObject" : "dW5wYXJzYWJsZSBhdHRlc3RhdGlvbiBkYXRh"
},
"userFriendlyName" : "MyAuthenticator",
"userAgent" : "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
}

cURL:

$ curl 'https://fido.siven.ch/nevisfido/fido2/attestation/result' -i -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"type" : "public-key",
"id" : "Y3JlZElk",
"response" : {
"clientDataJSON" : "dW5wYXJzYWJsZSBjbGllbnQganNvbiBkYXRh",
"attestationObject" : "dW5wYXJzYWJsZSBhdHRlc3RhdGlvbiBkYXRh"
},
"userFriendlyName" : "MyAuthenticator",
"userAgent" : "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
}'

Example Response

HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:31:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Content-Length: 105

{
"status" : "ok",
"errorMessage" : "",
"fido2SessionId" : "7fea6065-17fd-47d4-a5b0-85f513687c8d"
}
info

Note that nevisFIDO includes proprietary extensions on the top of what is defined by the Conformance Test API:

  • fido2SessionId

HTTP Status Codes

The following HTTP status codes are returned by the Registration Service:

HTTP CodeDescription
200OK The server processed the request successfully. A ServerResponse JSON object is returned.
405Method Not Allowed The method of the received request was not POST.
406Not Acceptable The Accept header is not properly set to application/json.
415Unsupported Media Type The Content-Type header is not properly set to application/json.