Registration Service
This chapter describes the request and response messages between the FIDO2 Relying Party client and Server when calling the Registration Service.
It is recommended to protect this service using a SecToken.
Base URL
All URLs referenced in this section have the following base:
https://fido.siven.ch/nevisfido/fido2/attestation/result
HTTP Methods
POST and OPTIONS are the only supported HTTP method.
Request Headers
The following request headers are mandatory:
| Name | Description |
|---|---|
Accept | Accept header, must be application/json. |
Content-Type | Content type header, must be application/json. |
Request Body
The Registration Service requires from the FIDO2 Relying Party client a JSON payload with a PublicKeyCredential object as defined in the WebAuthn specification. Also mentioned as ServerPublicKeyCredential in the Conformance test API. Has the following structure:
| Attribute | Type | Description | Optional |
|---|---|---|---|
type | String | Type of credential. It is an extension point, currently only support public-key. | false |
id | String | A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions. | false |
response | Object | This attribute contains the authenticator's response to the JS client's request to create a public key credential. Also referred as ServerAuthenticatorAttestationResponse in the Conformance API. | false |
response.clientDataJSON | String | JSON-compatible serialization of JS client data passed to the authenticator to generate this credential. | false |
response.attestationObject | String | The attestation object contains both authenticator data and an attestation statement. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. | false |
userFriendlyName | String | User friendly name for the authenticator. (Proprietary) | true |
userAgent | String | User agent used to initiate the current request. (Proprietary) | true |
Note that nevisFIDO includes proprietary extensions on the top of what is defined by the Conformance Test API:
- userFriendlyName
- userAgent
Response Headers
The following response headers will be set:
| Name | Description |
|---|---|
Content-Type | Content type header, fixed to application/json. |
Response Body
The Registration Service returns a JSON body with a ServerResponse object which is defined by the Conformance testing API and has been extended by nevisFIDO with a session ID. The ServerResponse object has the following structure:
| Attribute | Type | Description |
|---|---|---|
status | String | Describing the status of the response. Can be set to either "ok" or "failed". |
errorMessage | String | Error message in case the status is failed. |
fido2SessionId | String | Identifier of the FIDO2 session in nevisFIDO. Can be used to query the status from the status service. |
Example Request
POST /nevisfido/fido2/attestation/result HTTP/1.1
Accept: application/json
Content-Type: application/json
Host: fido.siven.ch
Content-Length: 330
{
"type" : "public-key",
"id" : "Y3JlZElk",
"response" : {
"clientDataJSON" : "dW5wYXJzYWJsZSBjbGllbnQganNvbiBkYXRh",
"attestationObject" : "dW5wYXJzYWJsZSBhdHRlc3RhdGlvbiBkYXRh"
},
"userFriendlyName" : "MyAuthenticator",
"userAgent" : "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
}
cURL:
$ curl 'https://fido.siven.ch/nevisfido/fido2/attestation/result' -i -X POST \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"type" : "public-key",
"id" : "Y3JlZElk",
"response" : {
"clientDataJSON" : "dW5wYXJzYWJsZSBjbGllbnQganNvbiBkYXRh",
"attestationObject" : "dW5wYXJzYWJsZSBhdHRlc3RhdGlvbiBkYXRh"
},
"userFriendlyName" : "MyAuthenticator",
"userAgent" : "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
}'
Example Response
HTTP/1.1 200 OK
Date: Mon, 25 Jul 2022 11:31:11 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Content-Length: 105
{
"status" : "ok",
"errorMessage" : "",
"fido2SessionId" : "7fea6065-17fd-47d4-a5b0-85f513687c8d"
}
Note that nevisFIDO includes proprietary extensions on the top of what is defined by the Conformance Test API:
- fido2SessionId
HTTP Status Codes
The following HTTP status codes are returned by the Registration Service:
| HTTP Code | Description |
|---|---|
| 200 | OK The server processed the request successfully. A ServerResponse JSON object is returned. |
| 405 | Method Not Allowed The method of the received request was not POST. |
| 406 | Not Acceptable The Accept header is not properly set to application/json. |
| 415 | Unsupported Media Type The Content-Type header is not properly set to application/json. |