Il JSON per una richiesta di autenticazione contenente più chiavi di autenticazione (token) ha un aspetto simile a questo. (i valori challenge e keyHandle sono stati abbreviati)
{
"type": "u2f_sign_request",
"timeoutSeconds": 30,
"requestId": 123,
"signRequests": [
{
"appId": "http://localhost:8080",
"challenge": "7Wr...I6w",
"keyHandle": "8BB...7YQ",
"version": "U2F_V2"
},
{
"appId": "http://localhost:8080",
"challenge": "9Qb...HOE",
"keyHandle": "5i8...CEJ",
"version": "U2F_V2"
}
]
}
NOTA: questo è per l'API Javascript U2F attualmente pubblicata.
link
dictionary Request {
// The type of request, either "u2f_register_request"
// or "u2f_sign_request".
DOMString type;
// A list of SignRequest dictionaries, one for each
// token already registered with this RP.
SignRequest[] signRequests;
// A list of RegisterRequest dictionaries, one for each
// protocol version that the RP is willing to register.
RegisterRequest[]? registerRequests;
// A timeout for the FIDO Client's processing, in seconds.
int? timeoutSeconds;
// An integer identifying this request from concurrent requests.
optional int? requestId;
};
dictionary SignRequest {
// Version of the protocol that the to-be-registered U2F
// token must speak. E.g. "U2F_V2"
DOMString version;
// The websafe-base64-encoded challenge.
DOMString challenge;
// The registered keyHandle to use for signing, as
// returned by the U2F token during registration.
DOMString keyHandle;
// The application id that the RP would like to assert.
DOMString appId;
};
dictionary RegisterRequest {
// Version of the protocol that the to-be-registered U2F
// token must speak. E.g. "U2F_V2"
DOMString version;
// The websafe-base64-encoded challenge.
DOMString challenge;
// The application id that the RP would like to assert.
DOMString appId;
};