- Installed Hermod, see here.
Nexus Personal Mobile only supports JWS as signature format.
Create an authentication request. The request is put in all mailboxes/devices that is provisioned for this user. The mobile app actively listens to the defined boxes and will display the authentication message when opened.
See the example for user firstname.lastname@example.org:
A push notification can be sent to the phone to alert the user but is not required. When the user opens Personal Mobile app then he is asked to confirm the authentication request:
When the user has confirmed the authentication request, then Personal will sign the authentication request and send the response to Hermod, which sends the response to the Application Server in a callback.
Validate the response and check the following:
- That the signature is valid.
- That the public key matches the public key received when doing the initial provisioning.
Where the signature is a compact JSON Web Signature (JWS)