▶ UAF
What is UAF?See Demo
Universal Authentication Framework (UAF) is a passwordless login that allows you to simply log in via OMPASS authentication without a password.
Please note two requirements below
UAF is only an optional extra.
Set U2F first before UAF
Preparation
Please check the secret key first from “Edit” that is automatically assigned when registering the application from “App Management”.
Please note that security problems may occur if the secret key is exposed to others, so make sure to be private.
Process for Applying OMPASS
Add UAF login button
From the client-side (user)
In addition to the existing login button, a button for logging in using the UAF method will be added on the login page.
When the [Password Less] button is clicked, this gives a login request to the server-side.■ Example
OMPASS-UAF
From the server-side
Once verifying user ID is completed from the server-side, call OMPASS API including the secret key in “HTTP HEADER” and the user ID in “Request Body”.
■ OMPASS UAF Authentication API
1 2 3 4 5POST URL /v1/ompass/uaf URL EXAMPLE – https://interface-api.ompasscloud.com/v1/ompass/uaf■ Header
Key Type Description Authorization Bearer Secret Key assigned to the application “Bearer” is required to be specified as the authorization type, and a space is required between “Bearer” and “Secret Key” Example : Bearer djfk39dkfdl39dldjmgjd4idls83jflghidhs83jfk ■ Example of Request Body
(Click the button below to copy) ↓ Key Type Description lang_init String English (EN) as an Initial language setting value of OMPASS URI to recieve a response { "user_id" : "omsecurity", "lang_init" : "EN" }■ Response (JSON)
· In case of authentication success
Key Type Description ompass_uri String A URI of the authentication page in case the user is already registered in OMPASS (Click the button below to copy) ↓ { "code":200, "message" : "ok", "data" : { "ompass_uri" : "https://interface-api.ompasscloud.com/register/did/14?do..." } }OMPASS UAF Authentication
From the client-side (user)
The browser from client-side calls OMPASS URI that is received a response.
Example of authentication interface call in pop-up window
In case the user is not registered in OMPASS, the following pop-up window will be displayed.
Enter the ID.
Click the “Login without Password” button.
Tap on the notification of OMPASS to launch the app from your phone.
Complete the authentication using previously selected authentication methods.
Redirect Access Token
From the client-side (user)
Whenever OMPASS registration or authentication is successfully completed, HTTP redirects to the redirect URI designated in the application at the pop-up window of the OMPASS page, and includes a Query String containing the access token.
Parsing the redirected authentication token from client-side will be passing to server-side.■ Example
Validate Access Token
From the server-side
The server will validate the token by calling the token validation API for OMPASS authentication including the access token passed from the client-side.
If the response for HTTP STATUS CODE of the API request is 200, login will proceed after verifying ID.■ OMPASS Success Token Validation API
1 2 3 4 5POST URL /v1/ompass/token-verification URL EXAMPLE – https://interface-api.ompasscloud.com/v1/ompass/token-verification■ Header
Key Type Description Authorization Bearer Secret Key assigned to the application “Bearer” is required to be specified as the authorization type, and a space is required between “Bearer” and “Secret Key” Example : Bearer djfk39dkfdl39dldjmgjd4idls83jflghidhs83jfk ■ Request Body (JSON)
Name Type Description user_id String User ID access_token String The access token received as a redirect URI ■ Example of Request Body
(Click the button below to copy) ↓ { "user_id" : "omsecurity", "access_token" : "dfj2ld92lldj29cldl29llduuufnbsd229312000dfl2ldio2o019029dj10wj" }■ Response (JSON)
· In case of authentication success
Key Type Description user_id String User ID (Click the button below to copy) ↓ { "code" : 200, "message" : "ok", "data" : { "user_id" : "omsecurity" } }API Error Messages
code message 000 Required Request Body is missing. 001 Please make a request including the secret key. 002 Please make a request including the user ID. 003 Please make a request including the access token. 004 Invalid secret key. 005 The secret key format does not match.
example) Bearer dl239d29dl292kmdjf139f2ds006 User ID cannot exceed 30 digits. 011 The token has expired. 012 It is a token of an unsupported format. 013 The token is not configured correctly. 014 Failed to verify the existing signature.
UAF
What is UAF?
Preparation
Process for Applying OMPASS
Add UAF login button
OMPASS-UAF
OMPASS UAF Authentication
Redirect Access Token
Validate Access Token
API Error Messages