You can browse the following URL to check the FIDO U2F service:
https://127.0.0.1:8441/api/v1/fidou2f/abort
When a FIDO U2F token is connected to the system, the service returns the following response:
{ "result":"ok" }
The following table lists the POST and GET methods and the respective response that the FIDO U2F service returns.
Method |
Syntax |
Description |
Response |
---|---|---|---|
sign |
https://127.0.0.1:8441/api/v1/fidou2f/sign |
This POST method obtains an identity assertion from the connected U2F token and performs the authentication |
{ "signRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" } ] } |
register |
https://127.0.0.1:8441/api/v1/fidou2f/register |
This POST method registers a U2F token for a user account |
{ "registerRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "appId":"https://demo.yubico.com" } ], "signRequests":[] } signRequest can be empty, or contain serial for the key handle validation { "challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" } |
abort |
https://127.0.0.1:8441/api/v1/fidou2f/abort |
This GET method terminates all the pending operations |
{ "result":"ok" } |
In case, if there is an issue with the token or configuration, error is displayed in the following format:
{ "errorCode"=1, "errorMessage"="Error Text"}
where:
errorCode is an integer indicating the general error that occurred.
errorMessage is additional text that provides details on the error.
The following table lists all the error codes of FIDO U2F service with description.
Error Code |
Possible Cause |
---|---|
1 |
Token is not connected. Error message Please connect a U2F token. |
2 |
Indicates bad request and the request cannot be processed. The navigated URL does not match with app ID or HTTPS is not prefixed to the URL. |
3 |
Indicates configuration is not supported. |
4 |
Indicates the connected token is not eligible for this request or token is already registered. To enable the registration process, specify signRequests in the body of register request. |
5 |
Indicates timeout and no response from the token because the user did not touch the token within the given time frame. |