User Information Flow

PasswordLessAuth.

In both the Signup Flow and the Add Device and Key Flow, we specified an optional parameter “device_info”, containing a string that identifies the device in a human-readable description. This optional parameter is recommended by the PasswordLessAuth specification because it allows the system to offer more detailed information about the user’s devices and keys by using the User Information Flow.

This flow allows users to retrieve information about their devices and keys in the system through a GET /pwless/me request. Obviously, the request needs to be authenticated. The output should include general information about the user and a list of all currently registered devices and key pairs for that user.

This information can be used to present a list of devices and keys to the users. This can be useful for some situations:

- Allowing a user to revoke a key associated with a device that has been stolen or compromised.

- If the device reinstalled the App and lost information of the key, but the keypair is still contained in the device, the App might show the list of devices so the user can choose the right one and the App can try to recover the key information from the device and allow the user to access the application again.

The device info, alongside the registration date, will allow a user to univocally identify the devices and perform actions on them. Other data that can be offered to the user, security-wise, includes last login/use date and last dates for sensitive operations like adding or deleting devices and associated key pairs.

Request and Response

GET /pwless/me
Headers: “Authentication: q89f8bjpsvjp98sjvnpw8rnaw938ubfpa8vbhdfiubg”
{}

Response: 200 OK
{
   “success”: true, 
   “code”: “success”,
   “user”: {
      “id”: 23462347282342,
      “email”: “user@emailserver.com”
   },
   “keys”: [
      {
         “id”: 2736420923472,
         “user_id”: 9082342372,
         “public_key”: “237qvnq308rx98jrva9dijqv9jcvbs8vz9v8fj98ebqjv==”,
         “key_type”: “ec”,
         “key_length”: 256,
         “signature_algorithm”: “ecdsa-with-SHA1”,
         “device_info”: “Apple’s iPhone SE”,
         “registered”: “2016-04-21T11:35:21.000Z”,
         “last_login”: “2016-05-12T08:42:11.000Z”
      },
      {
         “id”: 2736420923472,
         “user_id”: 9082342372,
         “public_key”: “a8vwnp8w9jvaw9p8j3bvpaw9jvaw98j3vbpaw9ejapw98efbv==”,
         “key_type”: “rsa”,
         “signature_algorithm”: “SHA1”,
         “key_length”: 2048,
         “device_info”: “Samsung Galaxy S6 SM-G920F”,
         “registered”: “2016-04-09T10:10:31.000Z”,
         “last_login”: “2016-05-11T18:24:42.000Z”
      }
   ]
}
Back to Flows

Want to know more? Join our newsletter.

Find us on Facebook

We are also on Twitter

Oh, and on Github too