To check the FIDO U2F Service you may open the following URL: https://127.0.0.1:8441/api/v1/fidou2f/abort. The service should return: { "result":"ok" } when a FIDO U2F token is connected.
FIDO U2F Service provides the following POST-methods:
https://127.0.0.1:8441/api/v1/fidou2f/sign - Performs the U2F Authenticate operation.
{
"signRequests":
[
{"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ",
"appId":"https://demo.yubico.com"
}
]
}
https://127.0.0.1:8441/api/v1/fidou2f/register - Performs the U2F Register operation.
{
"registerRequests":
[
{"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"appId":"https://demo.yubico.com"
}
],
"signRequests":[]
}
signRequest can be empty, or contain serial of for the key handle validation
{
"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ",
"appId":"https://demo.yubico.com"
}
In case of success both methods above returns JSON reply in the U2F specification format:
or an error:
{ "errorCode"=1, "errorMessage"="Error Text"}
where:
errorCode - error code
errorMessage - additional error text
errorCode description:
Device other error. If the token is missing, errorMessage contains "Please connect a U2F token."
Device bad request. The visited URL doesn't match the App ID or not using HTTPS
Configuration unsupported
Token is not registers - for authentication process or token already registered - for register process, to enable this check, specify "signRequests" in the body of the register request ).
Timeout - no answer from token. (if the user didn't press a button within a given timeout)
And the following GET-methods:
https://127.0.0.1:8441/api/v1/fidou2f/abort - Aborts all pending operations