Method: challenge.verify

HTTP request
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes

challenge.verify API

HTTP request

POST https://verifiedaccess.googleapis.com/v1/challenge:verify

Request body

The request body contains data with the following structure:

JSON representation
{ "challengeResponse": { object (`SignedData`) }, "expectedIdentity": string }

Fields

Fields
`challengeResponse`	`object (SignedData)` The generated response to the challenge
`expectedIdentity`	`string` Service can optionally provide identity information about the device or user associated with the key. For an EMK, this value is the enrolled domain. For an EUK, this value is the user's email address. If present, this value will be checked against contents of the response, and verification will fail if there is no match.

challengeResponse

object (SignedData)

The generated response to the challenge

expectedIdentity

string

Service can optionally provide identity information about the device or user associated with the key. For an EMK, this value is the enrolled domain. For an EUK, this value is the user's email address. If present, this value will be checked against contents of the response, and verification will fail if there is no match.

Response body

Result message for VerifiedAccess.VerifyChallengeResponse.

If successful, the response body contains data with the following structure:

JSON representation
{ "verificationOutput": string, "devicePermanentId": string, "signedPublicKeyAndChallenge": string, "deviceEnrollmentId": string, "attestedDeviceId": string }

Fields
`verificationOutput (deprecated)`	`string` This item is deprecated! For EMCert check, device permanent id is returned here. For EUCert check, signedPublicKeyAndChallenge [base64 encoded] is returned if present, otherwise empty string is returned. This field is deprecated, please use devicePermanentId or signedPublicKeyAndChallenge fields.
`devicePermanentId`	`string` Device permanent id is returned in this field (for the machine response only).
`signedPublicKeyAndChallenge`	`string` Certificate Signing Request (in the SPKAC format, base64 encoded) is returned in this field. This field will be set only if device has included CSR in its challenge response. (the option to include CSR is now available for both user and machine responses)
`deviceEnrollmentId`	`string` Device enrollment id is returned in this field (for the machine response only).
`attestedDeviceId`	`string` Attested device id (ADID) of the device, read from the verified data.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/verifiedaccess

For more information, see the Authentication Overview.