Create a new challenge. This is called from service code when an operations requires additional user verification. By default, the resulting challenge resource will contain a list of authenticators, one for each authenticator type (see the `getAuthenticatorTypes` operation). When creating a challenge, the service can exclude authenticators with either or both `?exclude=` or specify the exact authenticator types to use with `?include=`.
When an operation fails with a 401 due to required authentication response, the services embeds the challenge as the `_error._embedded.challenge` object in the response. See also the `getAuthenticator` operation and the `challenge` and `authenticator` schemas for additional details.
A user may have only one active challenge at a time. Creating a new challenge for a user will delete any outstanding challenge resources for that user and any authenticators associated with those challenges. End users cannot call this operation.
Challenges (and their authenticators) expire automatically some time after creation. At a later time, expired, failed, and verified challenges and authenticators are automatically deleted.
curl -X POST -H "API-Key: [[apiKey]]" "http:///auth/challenges?include=&exclude="
import { ChallengeApi } from "@apiture/auth-client-sdk";
const challengeApi = new ChallengeApi(configuration);
// Configure OAuth2 access token for authorization: accessToken
var accessToken = "YOUR ACCESS TOKEN";
challengeApi.setAccessToken(accessToken)
// Configure API key authorization: apiKey
var apiKey = "YOUR API KEY";
challengeApi.setApiKey(apiKey);
var api = new Auth.ChallengeApi.createChallenge()
var createChallenge = ; // {CreateChallenge}
var opts = {
'include': include_example, // {String} One or more authenticator _types_ or _categories_ which the challenge should exclude from its authenticators. Type names are from the `name` or `category` property of the authenticator types resource, such as `?exclude=sms`. Multiple types may be specified, separated by commas: `?exclude=sms,biometric`. This may be combined with the other filters, but excludes take precedent over `?include`. (This notation may be extended in the future to allow additional filter constraints based on authenticator type properties.)
'exclude': exclude_example // {String} One or more authenticator _types_ or _categories_ which the challenge should exclude from its authenticators. Type names are from the `name` or `category` property of the authenticator types resource, such as `?exclude=sms`. Multiple types may be specified, separated by commas: `?exclude=sms,biometric`. If both `?include=` and `?exclude=` are used, the exclusions take precedence inclusions. That is, for `?include=sms&exclude=sms`, the `sms` authenticator will not be used. (This notation may be extended in the future to allow additional filter constraints based on authenticator type properties.)
};
var callback = function(error, data, response) {
if (error) {
console.error(error);
} else {
console.log('API called successfully. Returned data: ' + data);
}
};
challengeApi.createChallenge(createChallenge, opts, callback);
profiles/read |
Read access to user and contact related resources. |
profiles/write |
Write (update) access to user and contact related resources. |
profiles/delete |
Delete access to user and auth related resources. |
profiles/readPii |
Read access to personally identifiable information such as tax ID numbers, phone numbers, email and postal addresses. This must be granted in addition to the `profiles/read` scope in order to read such data, but is included in the `profiles/full` scope. |
profiles/full |
Full access to user and contact related resources. |
admin/write |
Admin write (update) access to challenges and authenticators |
Name |
Description |
include |
String
One or more authenticator _types_ or _categories_ which the challenge should exclude from its authenticators. Type names are from the `name` or `category` property of the authenticator types resource, such as `?exclude=sms`. Multiple types may be specified, separated by commas: `?exclude=sms,biometric`. This may be combined with the other filters, but excludes take precedent over `?include`. (This notation may be extended in the future to allow additional filter constraints based on authenticator type properties.)
|
exclude |
String
One or more authenticator _types_ or _categories_ which the challenge should exclude from its authenticators. Type names are from the `name` or `category` property of the authenticator types resource, such as `?exclude=sms`. Multiple types may be specified, separated by commas: `?exclude=sms,biometric`. If both `?include=` and `?exclude=` are used, the exclusions take precedence inclusions. That is, for `?include=sms&exclude=sms`, the `sms` authenticator will not be used. (This notation may be extended in the future to allow additional filter constraints based on authenticator type properties.)
|