Yubico Forum

Two-factor through web services API
Page 1 of 1

Author:  klompje [ Sat Jul 11, 2009 2:17 pm ]
Post subject:  Two-factor through web services API

I am using the java web services client code to do OTP verification against api.yubico.com. This all works fine but I would like to do two-factor authentication with the web services API like it can be done through the demo's on yubico.com.
How can we do this through web services - this is for a demo setup? Looking at the API it doesn't seem possible?!
However, my uid and password are stored in the database at yubico.com should something should be possible?

Thanks, Rene.

Author:  Matts [ Wed Jul 15, 2009 9:28 am ]
Post subject:  Re: Two-factor through web services API

As I understand it, the web service only provides one-factor authentication. That is that they verify the key that the user enters.

However, you can always extract the public ID from the users input (only the last 32 characters is the generated OTP, the remaining characters are the public ID). Together with this public ID, you can store password, pincode, email-verification etc, and use the public ID to lookup and authenticate the second factor yourself!

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group