Skip to main content
POST
/
auth
/
login
/
init
Create Login Challenge
curl --request POST \
  --url https://api.dfns.io/auth/login/init \
  --header 'Content-Type: application/json' \
  --data '
{
  "orgId": "<string>",
  "username": "<string>",
  "loginCode": "<string>"
}
'
{
  "supportedCredentialKinds": [
    {
      "kind": "Fido2",
      "factor": "first",
      "requiresSecondFactor": true
    }
  ],
  "challenge": "MWM0MmY5YTQ0MDRiNzdhNTFhNzY5ODQwNWI5ZTQ4Y2RhODZiNDk3ZTYzOTE5OGYyMDcxZjBjYzk4MmQ5YzY1MA",
  "challengeIdentifier": "eyJ0e...fQNA",
  "userVerification": "required",
  "attestation": "direct",
  "externalAuthenticationUrl": "",
  "allowCredentials": {
    "key": [],
    "passwordProtectedKey": [
      {
        "type": "public-key",
        "id": "hIjkx5PqVxz8wbtuvOh2UYHEY1QXS8mMfKeEDGt-0Fo=",
        "encryptedPrivateKey": "LsXVskHYqqrKKxBC9KvqStLEmxak5Y7NaboDDlRSIW7evUJpQTT1AYvx0EsFskmriaVb3AjTCGEv7gqUKokml1USL7+dVmrUVhV+cNWtS5AorvRuZr1FMGVKFkW1pKJhFNH2e2O661UhpyXsRXzcmksA7ZN/V37ZK7ITue0gs6I="
      }
    ],
    "webauthn": [
      {
        "type": "public-key",
        "id": "c1QEdgnPLJargwzy3cbYKny4Q18u0hr97unXsF3DiE8"
      }
    ]
  }
}

Authentication

No authentication required.

Required Permissions

No authentication required.

Body

application/json
orgId
string
required
username
string
loginCode
string

Response

200 - application/json

Success

challenge
string
required

Challenge (string) to be signed by the requester with his private key.

challengeIdentifier
string
required

A JWT that identifies the signing session.

supportedCredentialKinds
object[]
required

Identifies the kind of credentials that can be used to sign the user action.

userVerification
enum<string>
required

Value indicating if the user should be prompted for a second factor. Can be one of the following values:

  • required to indicate the user must be prompted for their pin, biometrics, or another second factor option
  • preferred to indicate the user should be prompted for a second factor if it is supported
  • discouraged to indicate the user should not be prompted for their second factor unless the device requires it
Available options:
required,
preferred,
discouraged
attestation
enum<string>
required

Identifies the information needed to verify the user's signing certificate; can be one of the following:

  • none: indicates no attestation data is required
  • indirect: indicates the attestation data should be given, but that it can be generated using an Anonymization CA
  • direct: indicates the attestation data must be given and should be generated by the authenticator
  • enterprise: indicates the attestation data should include information to uniquely identify the user's device
Available options:
none,
indirect,
direct,
enterprise
allowCredentials
object
required

List of credentials that the user can use to sign the user action.

externalAuthenticationUrl
string
required

Optional url containing a secret value that can be used to enable cross device/origin signing.

rp
object

Deprecated. Should not be used.