- 23 Oct 2024
- 3 Minutes to read
- DarkLight
Mobile Authenticator Studio actions
- Updated on 23 Oct 2024
- 3 Minutes to read
- DarkLight
Once the user has activated an instance of the authenticator, action buttons are displayed in the main screen of the app to provide access to each cryptographic application. Actions not relying on cryptographic applications of the authenticator can be configured as well (e.g. phone call to Support, open predefined URL in web browser).
Main screen of the app
In Main screen of the app, several action buttons are displayed. The number of action buttons that can be configured in the app is not limited. For example, two action buttons can use the same cryptographic application of the authenticator in different ways.
The following elements must be set in the app’s configuration file to define an action:
Action identifier
The action identifier is used to call the action from an auto-launch scheme. It is mandatory and needs to be unique. For more information, see Auto-launch.
Index of the cryptographic application
(Optional) This index determines the cryptographic application that will be used to generate authenticator responses. For example, an action can simply be configured to open a URL.
Input data format
If the action uses a cryptographic application that requires input data such as Challenge/Response or e-signature applications. The input data can have the following formats:
Manual input: users need to enter their data in text fields.
Signature: manual input
QR code input
A QR code scanner is launched to scan a QR code that contains the data. The QR code content for signing data fields must have the following format:
<QRCode>
<DTF1> DATA_TO_SIGN_1 </DTF1>
<DTF2> DATA_TO_SIGN_2 </DTF2>
<DTF3> DATA_TO_SIGN_3 </DTF3>
<DTF4> DATA_TO_SIGN_4 </DTF4>
<DTF5> DATA_TO_SIGN_5 </DTF5>
<DTF6> DATA_TO_SIGN_6 </DTF6>
<DTF7> DATA_TO_SIGN_7 </DTF7>
<DTF8> DATA_TO_SIGN_8 </DTF8>
</QRCode>
The QR code for challenge input contains the challenge value only, without additional formatting:
123456
Once scanned, the action can be configured to display the data extracted from the QR code for review by the user. The fields are read-only.
QR code input (Signature screen)
Each action can be configured to support manual data field input, data field input through an image, or combined input. Contextual signing is applied, which means that the data fields to sign are provided from different sources, according to the context in which the authenticator action is used.
In addition to the data field input provided by the user, Mobile Authenticator Studio can sign data fields which are evaluated at runtime:
Supported runtime data | Example |
---|---|
version | 440 (for 4.4.0) |
rootingStatus | 0 (Not Rooted) 1 (Rooted) |
serialNumberSuffix | 1000000 (for VDS1000000) |
Output data format
Once the cryptographic application has generated an authenticator response, the output can be processed in various ways:
The response can be displayed together with a timeout bar. Once the timeout period has elapsed, the response disappears, and users are redirected to the main screen of the app.
You can apply a display pattern to any of the authenticator responses generated by a cryptographic application, as well as to the associated host code. In the pattern definition, an X character represents each authenticator response digit.
With the pattern XX-XX-XX, the response 123456 will be displayed as 12-34-56. If the number of X characters in the pattern is different from the number of digits in the response, the pattern will not be applied.
The response can be displayed with a timeout bar and an additional button for external use:
You can use the response in a web service request. The web service is contacted either silently inside the Mobile Authenticator Studio app, with the message returned by the server being displayed as a pop-up window to the end user. Or the web service is used directly to open a web browser, and the Mobile Authenticator Studio app is closed afterwards.
You can use the response to launch third-party applications that support auto-launch schemes. For more information, see Auto-launch.
In addition to the response, Mobile Authenticator Studio may be configured to provide the registration identifier, the serial number of the authenticator, the challenge, the signed data fields, or an extra user identifier in the web request.
The response may be used externally, without being displayed. In this case, the app is closed directly after the authenticator response has been generated. The response is processed as described above. Without a cryptographic application, this option allows you to configure an action, e.g. to open a specified URL in a web browser, start a phone call, or launch a third-party application.
Users can copy the response to the clipboard if the authorizeCopyPaste attribute of the Functional element in the configuration file has been set to true.