6.2 FIDO U2F Plug-in

You can browse the following URL to check the FIDO U2F service:

https://127.0.0.1:8441/api/v1/fidou2f/abort

When a FIDO U2F token is connected to the system, the service returns the following response:

{ "result":"ok" }

Methods

The following table lists the POST and GET methods and the respective response that the FIDO U2F service returns.

Method	Syntax	Description	Response
sign	https://127.0.0.1:8441/api/v1/fidou2f/sign	This POST method obtains an identity assertion from the connected U2F token and performs the authentication	{ "signRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" } ] }
register	https://127.0.0.1:8441/api/v1/fidou2f/register	This POST method registers a U2F token for a user account	{ "registerRequests": [ {"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "appId":"https://demo.yubico.com" } ], "signRequests":[] } signRequest can be empty, or contain serial for the key handle validation { "challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ", "version":"U2F_V2, "keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ", "appId":"https://demo.yubico.com" }
abort	https://127.0.0.1:8441/api/v1/fidou2f/abort	This GET method terminates all the pending operations	{ "result":"ok" }

Method

Syntax

Description

Response

sign

https://127.0.0.1:8441/api/v1/fidou2f/sign

This POST method obtains an identity assertion from the connected U2F token and performs the authentication

{
"signRequests":
[
{"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ",
"appId":"https://demo.yubico.com"
}
]
}

https://127.0.0.1:8441/api/v1/fidou2f/register

This POST method registers a U2F token for a user account

{
"registerRequests":
[
{"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"appId":"https://demo.yubico.com"
}
],
"signRequests":[]
}

signRequest can be empty, or contain serial for the key handle validation

{
"challenge":"tRiTY3C8YerfmH6IIlfoCZjs5CMkKUWDrNhS7v5gCPQ",
"version":"U2F_V2,
"keyHandle":"knQD88Ue6ZT6tyutHr8ipZaiTRV2uT9qzwGqWjYo5HCwAiV5z2kc1vr08tWbdOLQ4S-ODg09vpp62P6owh4qmQ",
"appId":"https://demo.yubico.com"
}

abort

https://127.0.0.1:8441/api/v1/fidou2f/abort

This GET method terminates all the pending operations

{ "result":"ok" }

In case, if there is an issue with the token or configuration, error is displayed in the following format:

{ "errorCode"=1, "errorMessage"="Error Text"}

where:

errorCode is an integer indicating the general error that occurred.
errorMessage is additional text that provides details on the error.

The following table lists all the error codes of FIDO U2F service with description.

Error Code	Possible Cause
1	Token is not connected. Error message Please connect a U2F token.
2	Indicates bad request and the request cannot be processed. The navigated URL does not match with app ID or HTTPS is not prefixed to the URL.
3	Indicates configuration is not supported.
4	Indicates the connected token is not eligible for this request or token is already registered. To enable the registration process, specify signRequests in the body of register request.
5	Indicates timeout and no response from the token because the user did not touch the token within the given time frame.