create(body=None, x__xgafv=None)
CreateChallenge API
verify(body=None, x__xgafv=None)
VerifyChallengeResponse API
create(body=None, x__xgafv=None)
CreateChallenge API
Args:
body: object, The request body.
The object takes the form of:
{ # A generic empty message that you can re-use to avoid defining duplicated
# empty messages in your APIs. A typical example is to use it as the request
# or the response type of an API method. For instance:
#
# service Foo {
# rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
# }
#
# The JSON representation for `Empty` is empty JSON object `{}`.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Result message for VerifiedAccess.CreateChallenge.
"challenge": { # The wrapper message of any data and its signature. # Generated challenge
"signature": "A String", # The signature of the data field.
"data": "A String", # The data to be signed.
},
"alternativeChallenge": { # The wrapper message of any data and its signature. # Challenge generated with the old signing key
# (this will only be present during key rotation)
"signature": "A String", # The signature of the data field.
"data": "A String", # The data to be signed.
},
}
verify(body=None, x__xgafv=None)
VerifyChallengeResponse API
Args:
body: object, The request body.
The object takes the form of:
{ # signed ChallengeResponse
"challengeResponse": { # The wrapper message of any data and its signature. # The generated response to the challenge
"signature": "A String", # The signature of the data field.
"data": "A String", # The data to be signed.
},
"expectedIdentity": "A String", # Service can optionally provide identity information about the device
# or user associated with the key.
# For an EMK, this value is the enrolled domain.
# For an EUK, this value is the user's email address.
# If present, this value will be checked against contents
# of the response, and verification will fail if there is no match.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Result message for VerifiedAccess.VerifyChallengeResponse.
"devicePermanentId": "A String", # Device permanent id is returned in this field (for the machine response
# only).
"verificationOutput": "A String", # For EMCert check, device permanent id is returned here.
# For EUCert check, signed_public_key_and_challenge [base64 encoded]
# is returned if present, otherwise empty string is returned.
# This field is deprecated, please use device_permanent_id or
# signed_public_key_and_challenge fields.
"signedPublicKeyAndChallenge": "A String", # Certificate Signing Request (in the SPKAC format, base64 encoded) is
# returned in this field. This field will be set only if device has included
# CSR in its challenge response.
# (the option to include CSR is now available for both user and machine
# responses)
"deviceEnrollmentId": "A String", # Device enrollment id is returned in this field (for the machine response
# only).
}