Is there an API call to find out the token type if PIN and USER is known?

basvandervlies · August 10, 2019, 11:39am

I could not find it in the docs but maybe I missed it. If I know the PIN and the user. Can I find out which token type this is via an API call?

I am asking this for a consistent behavior of the pam module:

First step is asking the PIN code
Depending on the token type we can present a different authentication/question.

Mipronimo · August 10, 2019, 1:21pm

Hey @basvandervlies

If you add the authentication policy “challenge_response” and enter the token types, you want to use.
Now you can do a simple /validate/check with user and pass. You’ll get the response “type”.

After that you can use your token with the trigger challenge you got.

Hope it helps (:

basvandervlies · August 12, 2019, 3:00pm

Hi @Mipronimo,

Thanks it took me a while to decrypt but we have added totp to the challenge_response in the authentication policy on the web server and we no get what we want

So now I can ask for the pin code of the TOTP/TIQR token:

totp enter the digit code
tiqr scan the QRcode

thanks