Integration of Push Notification-Based Transaction Data Signing
  • 16 Oct 2024
  • 3 Minutes à lire
  • Sombre
    Lumière

Integration of Push Notification-Based Transaction Data Signing

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Push Notification-based transaction data signing (TDS) is a method to validate transactions. It uses a push mode to enable any activated OneSpan Mobile Authenticator Studio or Mobile Security Suite Orchestration SDK application on a mobile device. This serves to generate a signature for data that is displayed on the mobile device.

For the validation request, a default timeout value of 60 seconds has been defined per tenant. To increase the validation period for Push Notification-based TDS within OneSpan Cloud Authentication, this timeout value can be increased.

Contact OneSpan Support to extend the timeout configuration for your tenant(s).

Integration for Mobile Security Suite Orchestration SDK

Sequence of a Push Notification-based transaction for Mobile Security Suite Orchestration SDK

  1. The user initiates the transaction data signing operation and triggers the client application to send a transaction validation request to the OneSpan Trusted Identity platform API by calling POST /users/{userid@domain}/transactions/validate.

  2. The user receives a Push Notification message on their mobile device.

  3. The user approves the request to sign the data fields. With this, the transaction data fields have been successfully signed.

Configuration of Push Notification

To use OneSpan Cloud Authentication with Push Notification, a few configuration steps are required.

To configure Push Notification

  1. After configuring your mobile app, you provide the configuration data to OneSpan. This data includes:

    • Android: the API keys and/(or certificates for Firebase Cloud Messaging (FCM)

    • iOS: the certificates and the Bundle ID

    You need to generate all the required certificates and provide them to OneSpan. For information how to generate these certificates, refer to the Apple and Android developer documentation.

  2. OneSpan Cloud Authentication uses this data and creates the configuration in the OneSpan Cloud Authentication database. The data is stored under a key referred to as app ID.

  3. The app ID must be set as the name of the mobile app (Mobile Application Name) in your Authentication component domain.

  4. Send a Push Notification. When sending, OneSpan Cloud Authentication uses the app ID that was configured in the domain to retrieve the necessary configuration data. This data is used to contact Google Firebase Cloud Messaging (Android) and APNs (iOS).

    For Android, the pairing to the ID of the Android application happens exclusively inside the PNS configuration of your Firebase Cloud Messaging account to which you provided the credentials.

    iOS: the Bundle ID must be provided to Apple for each request. If the iOS Bundle ID is missing in the mobile app configuration, the app ID configured in the Authentication component is used as Bundle ID.

    Once the Push Notification is sent to Google FCM/iOS APNs, the notification delivery to the mobile device (the user) is handled by these services, i.e., the notification is not controlled by OneSpan Cloud Authentication.

To integrate Push Notification-based transactions for Mobile Security Suite Orchestration SDK

  • Issue a transaction request with the POST /users/{userid@domain}/transactions/validate endpoint:

    • Payload:

      • objectType: “TransactionValidationInput”

      • data.transactionMessage

        • authentMethod: NoPIN, PIN, Fingerprint, Face

      • orchestrationDelivery

        • pushNotification

Integration for OneSpan Mobile Authenticator Studio

Sequence of a Push Notification-based transaction for OneSpan Mobile Authenticator Studio

  1. The user initiates the transaction signing operation and triggers the client application to send a generate-signing request to the OneSpan Trusted Identity platform API by calling the POST /users/{userid@domain}/generate-signing-request endpoint.

  2. The client application sends a transaction validation request to the OneSpan Trusted Identity platform API by calling the POST /users/{userid@domain}/transactions/validate endpoint.

  3. The user receives a Push Notification message on their mobile device.

  4. The user approves the request to sign the data fields. With this, the transaction data fields have been signed successfully.

To integrate Push Notification-based transaction for OneSpan Mobile Authenticator Studio

  1. Issue a generate signing request with the POST /users/{userid@domain}/generate-signing-request endpoint.

    You can select with which cryptographic application to use for response validation by setting one of the following two optional fields:

    • cryptoAppIndex

      Index of the authenticator application to be used for response validation.

    • cryptoAppName

      Name of the authenticator application to be used for response validation.

  2. Issue a transaction request with the POST /users/{userid@domain}/transactions/validate endpoint:

    • Payload:

      • objectType: “TransactionValidationInput”

      • data.secureChannel.requestID

        This is the request ID received from the signing request generation.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle