Object: AuthenticationAuthorizationResponse

  • AuthenticationAuthorizationResponse is an object sent during the authentication and authorization process, containing a request ID and authorizations.

  • The response is encrypted and signed using PGP or JWS+JWE and then encoded using web-safe base64.

  • The requestId field is required and used to prevent replay attacks, while the authorizations field lists the permissions granted.

  • Both requestId and authorizations values are reflected back by the payment integrator to Google for security and validation purposes.

Response body

Object sent during authentication-authorization response.

Here's an example of a clear text JSON response:

  {
    "requestId": "375dhjf9-Uydd="
    "authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]
  }

The AuthenticationAuthorizationResponse is encrypted and signed using PGP or JWS+JWE. Further, this value is web-safe base64 encoded. This encoding is referred to below as Base64UrlEncode. In other words, the clear text JSON version of the AuthenticationAuthorizationRequest must be passed through the following functions:

Base64UrlEncode(
  PGPSignAndEncrypt(
    '{"requestId": "375dhjf9-Uydd=",
      "authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
  )
)

or

Base64UrlEncode(
  JWSignAndEncrypt(
    '{"requestId": "375dhjf9-Uydd=",
      "authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
  )
)
JSON representation 
{
  
  "requestId": string,
  "authorizations":  repeated string,
}
Fields
requestId

string

REQUIRED: Reflected back by the payment integrator to Google. This allows Google to prevent replay attacks.

authorizations

repeated string

REQUIRED: Reflected back by the payment integrator to Google. This allows Google to check that the authorizations passed back are the same authorizations passed in.