Page Summary
-
AuthenticationAuthorizationResponse is an object sent during the authentication and authorization process, containing a request ID and authorizations.
-
The response is encrypted and signed using PGP or JWS+JWE and then encoded using web-safe base64.
-
The
requestIdfield is required and used to prevent replay attacks, while theauthorizationsfield lists the permissions granted. -
Both
requestIdandauthorizationsvalues are reflected back by the payment integrator to Google for security and validation purposes.
Response body
Object sent during authentication-authorization response.
Here's an example of a clear text JSON response:
{
"requestId": "375dhjf9-Uydd="
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]
}
The AuthenticationAuthorizationResponse is encrypted and signed using PGP or JWS+JWE.
Further, this value is web-safe base64 encoded. This encoding is referred to below as
Base64UrlEncode. In other words, the clear text JSON version of the
AuthenticationAuthorizationRequest must be passed through the following
functions:
Base64UrlEncode(
PGPSignAndEncrypt(
'{"requestId": "375dhjf9-Uydd=",
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
)
)
or
Base64UrlEncode(
JWSignAndEncrypt(
'{"requestId": "375dhjf9-Uydd=",
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
)
)
| JSON representation | |
|---|---|
{ "requestId": string, "authorizations": repeated string, } |
|
| Fields | |
|---|---|
requestId |
REQUIRED: Reflected back by the payment integrator to Google. This allows Google to prevent replay attacks. |
authorizations |
REQUIRED: Reflected back by the payment integrator to
Google. This allows Google to check that the
|