Authentication Response Event

The authentication response event callback is triggered when a user responds the an authentication request on their mobile device.

Query String Parameters

auth:

string Base64 encoded RSA encrypted JSON string. This data is the user response directly from their device. It is encrypted on the device. As such, the LaunchKey Platform API has no knowledge of the contents of the encrypted data. Once Base64 decoded, decrypt the result with the private key of the RSA public/private key pair associated with the service whose service key was included in the request. The resulting JSON will have the following attributes:

response:boolean The users response to the authorization request. true if approved and false if denied
auth_request:string Request-specific string used to match auth_request value returned from corresponding Auths call
device_id:string Unique identifier for the device the user used to respond to the Auth Request
app_pins:string A list of up to 5 codes separated with commas. The list is intended for for device validation in conjunction with a device_id. Devices will rotate out app pins as a queue, first in - fast out (FIFO). protect against a myriad of potential attacks. However, they do run the risk of devices getting "out of sync" and resulting in devices not being able to authenticate. If you implement auth pins in your solutions, you will need to build in a recovery mechanism to reset the known app pins and re-sync the device.
user_hash:

Hashed user identifier to track a specific user across services. This value will be used by the Remote Logout Event to identify the user that is logging out.

auth_request:

Request-specific string used to match auth_request value returned from auths PUT. Use this value to compare against the auth_request value in the decrypted auth to verify the authenticity of the callback.

organization_user:

string Optional - A string that uniquely identifies the user across the entire Organization to which the Service whose Service Key was included in the request belongs. This will be returned if, and only if, the Service belongs to an Organization.

user_push_id:

string Optional - A value uniquely and permanently identifying the User associated with the auth_request within the Service whose Service Key was included in the request belongs. This value may be used in place of a username or directory user identifier for authorization requests. This will be returned if, and only if, the originating request passed a form control with the name user_push_id and a value of 1.

Example

POST https://my.example.com/callback?user_hash=5VeE21s5ZVI5vY8R5Lx9zOv1XnCSReQyFidc8r1C5iV&auth_request=4yjuyyg59cqf2s890uhhhx3vmtgv115a&user_push_id=UA-70fe2f1c-95b0-458c-9633-5e6a8185633e&organization_user=D8beKjP1eh1rFVWIfiPGZJIyctFVVtqFdSGxdv54NVt&auth=hg7gSUbpI9Q3tv5sA2E285hZ76cKEsTnaioxgOSno6kWDIxCov7hgEB5pHa4g88Y%5Cr%5CnkylEA7Q6IT8GfTEW6ZK%2FS%2BhzkR0L3eJJe%2BrGiv7wzch0sCzypTk7yOdV2N%2F9S%2Bjy%5Cr%5Cnc%2FbUIAph8ICqJD97WZHqLUhljvm%2BzK7%2FdXetkPSULPvpM5J4IzUoRggEBLX6LrWF%5Cr%5CnKtw3DLtpJlayoT9ZDecOLtiiDtEoUUGtC71u9jwekoxIu7Sy5v0VzF%2F3Zv7j%2BMSZ%5Cr%5CnG9XUre4VM1CsdZ0IUl12TtbdDX7hDyqFRxKJAWDsJNFsJ0bVrP7tHP6%2FoeobT7AT%5Cr%5CnFhCylnZmNjrLkUjGOaVApg%3D%3D HTTP/1.1
Host: my.example.com
Content-Type: application/json
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Content-Length: 0

User Contributed

LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at https://launchkey.com./support. ×