Object: AuthenticationAuthorizationResponse
Stay organized with collections
Save and categorize content based on your preferences.
Response body
Object sent during authentication-authorization response.
Here's an example of a clear text JSON response:
{
"requestId": "375dhjf9-Uydd="
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]
}
The AuthenticationAuthorizationResponse is encrypted and signed using PGP or JWS+JWE.
Further, this value is web-safe base64 encoded. This encoding is referred to below as
Base64UrlEncode. In other words, the clear text JSON version of the
AuthenticationAuthorizationRequest must be passed through the following
functions:
Base64UrlEncode(
PGPSignAndEncrypt(
'{"requestId": "375dhjf9-Uydd=",
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
)
)
or
Base64UrlEncode(
JWSignAndEncrypt(
'{"requestId": "375dhjf9-Uydd=",
"authorizations": ["LIST_ACCOUNTS", "ASSOCIATE_ACCOUNT"]}'
)
)
| JSON representation |
{
"requestId": string,
"authorizations": repeated string,
}
|
| Fields |
requestId |
string
REQUIRED: Reflected back by the payment integrator to Google. This allows Google to prevent replay attacks.
|
authorizations |
repeated string
REQUIRED: Reflected back by the payment integrator to
Google. This allows Google to check that the
authorizations passed back are
the same authorizations passed in.
|
All rights reserved. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-03 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-03 UTC."],[[["AuthenticationAuthorizationResponse is an object sent during the authentication and authorization process, containing a request ID and authorizations."],["The response is encrypted and signed using PGP or JWS+JWE and then encoded using web-safe base64."],["The `requestId` field is required and used to prevent replay attacks, while the `authorizations` field lists the permissions granted."],["Both `requestId` and `authorizations` values are reflected back by the payment integrator to Google for security and validation purposes."]]],["The `AuthenticationAuthorizationResponse` contains a `requestId` (string) and `authorizations` (repeated string). The `requestId` is used to prevent replay attacks, and `authorizations` are checked against the initial request. This JSON data is encrypted and signed using PGP or JWS+JWE, then encoded using `Base64UrlEncode`. The example shows how clear text JSON, including request ID and authorization types like \"LIST_ACCOUNTS\" and \"ASSOCIATE_ACCOUNT,\" is processed.\n"]]