To check the FIDO U2F Service you may open the following URL: https://127.0.0.1:8441/api/v1/fidou2f/abort. The service should return: { "result":"ok" } when a FIDO U2F token is connected.
FIDO U2F Service provides the following POST-methods:
https://127.0.0.1:8441/api/v1/fidou2f/sign - Performs the U2F Authenticate operation.
{ "signRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" } ] }
https://127.0.0.1:8441/api/v1/fidou2f/register - Performs the U2F Register operation.
{ "registerRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "appId":"https://demo.yubico.com" } ], "signRequests":[] }
signRequest can be empty, or contain serial of for the key handle validation
{ "challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" }
In case of success both methods above returns JSON reply in the U2F specification format:
or an error:
{ "errorCode"=1, "errorMessage"="Error Text"}
where:
errorCode - error code
errorMessage - additional error text
errorCode description:
Device other error. If the token is missing, errorMessage contains "Please connect a U2F token."
Device bad request. The visited URL doesn't match the App ID or not using HTTPS
Configuration unsupported
Token is not registers - for authentication process or token already registered - for register process, to enable this check, specify "signRequests" in the body of the register request ).
Timeout - no answer from token. (if the user didn't press a button within a given timeout)
And the following GET-methods:
https://127.0.0.1:8441/api/v1/fidou2f/abort - Aborts all pending operations