OneSpan Auth User Register (Node)

Updated on 25 Oct 2024
2 Minutes to read

Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

Availability: OneSpan Authentication for ForgeRock 1.1.0 and later

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the User Register API (/users/register) and User Unregister API (/users/{userID@domain}/unregister), which validate and process the registration/unregistration of a user.

Outcome paths:

Success
Error

Properties

Property name	Data type	Description
OneSpan Auth User Register properties
Object Type	Enum	Specifies the use case type. Possible values: IAA OCA Default value: IAA
Node Function	Enum	Specifies the node user function. Possible values: UserRegister UserUnregister Default value: UserRegister
User Name In SharedState	String	Specifies the key name in the sharedState object to use as the Intelligent Adaptive Authentication user name. Default value: username
Password In TransientState	String	Specifies the key name in the transientState object to use as the Intelligent Adaptive Authentication user password. Default value: password
Activation Type	Enum	Specifies the workflow to activate the authenticator. Possible values: fido offlineMDL onlineMDL Default value: onlineMDL
Optional Attributes	Map<String,String>	Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload. For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload. Default value: <empty>
Event Expiry	int	Specify the event expiration timeout in seconds. The priority is as follows: ForgeRock session expiry OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry Event expiry Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here. Default value: 60

Data flow

Attribute name	Source	Description
OneSpan Auth User Register CDDC inbound data
As specified in property	Shared state	User name
As specified in property	Transient state	Password
As specified in property	Shared state	Optional. Other attributes.
ostid_cddc_json	Shared state	CDDC JSON
ostid_cddc_hash	Shared state	CDDC hash value
ostid_cddc_ip	Shared state	CDDC client IP address

Case 1: Intelligent Adaptive Authentication use cases, node function is set to UserRegister

Attribute name	Storage	Description
OneSpan Auth User Register outbound data (IAA, UserRegister)
ostid_session_id	Shared state	The session ID
ostid_activationPassword activationPassword	Shared state	User activation code
ostid_cronto_msg	Shared state	The visual code message
ostid_digi_serial	Shared state	The authenticator serial number
ostid_event_expiry_date	Shared state	The event expiration date.

The visual code message follows the particular syntax which is used by the demo app:

“{app_version};{username};{database_userid};{domain_name};{activation_code};{instance_tenant_name}”

{app_version}. The application version. Currently, only version 02 is supported.
{username}. The TID user name.
{database_userid}. The local database user ID, e.g. 111. This value does not need to be accurate, also 1 can be used.
{domain_name}. This is the OCA domain name. In the sandbox environment this is the same as the tenant name.
{activation_code}. The Mobile Security Suite online activation code.
{instance_tenant_name}. The TID tenant name.

The activation code must be passed to the Orchestration SDK library to start the activation process on the mobile device.

To facilitate your integration, you can either use the same syntax in your custom mobile app or store the custom value in the sharedState object. If you build a custom mobile app using the Orchestration SDK, you can use the string with constant values except for the activation code, which changes for each user registration request.

For more information, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties).

Case 2: OneSpan Cloud Authentication use cases, node function is set to UserRegister

Attribute name	Storage	Description
OneSpan Auth User Register outbound data (OCA, UserRegister)
ostid_session_id	Shared state	The session ID
ostid_activationPassword activationPassword	Shared state	User activation code
ostid_cronto_msg	Shared state	The visual code message
ostid_digi_serial	Shared state	The authenticator serial number
ostid_registration_id	Shared state	The registration ID
ostid_event_expiry_date	Shared state	The event expiration date.

Case 3: Node function is set to UserUnregister

Attribute name	Storage	Description
OneSpan Auth User Register outbound data (UserUnregister)
ostid_session_id	Shared state	The session ID

Case 3: Outcome is Error

Attribute name	Storage	Description
OneSpan Auth User Register outbound data (Error case)
ostid_error_message	Shared state	The error message

API references

Was this article helpful?

What's Next

OneSpan Auth Validate Event (Node)

Table of contents

Properties
Data flow
API references