binding/com.pingidentity.device.binding.journey/DeviceSigningVerifierCallback

DeviceSigningVerifierCallback

open class DeviceSigningVerifierCallback : AbstractCallback, JourneyAware

Journey callback for handling device signing verification operations in authentication flows.

This callback enables applications to prove device possession by signing a server-provided challenge using previously registered cryptographic keys. It's used for step-up authentication scenarios where users need to prove they are using a trusted, bound device.

The callback handles the complete signing verification lifecycle:

  • User key lookup and selection when multiple keys exist

  • User authentication based on the key's authentication type

  • Challenge signing with the authenticated private key

  • JWT generation with custom claims support

  • Error handling and timeout management

Unlike DeviceBindingCallback which creates new keys, this callback uses existing keys to prove device possession through cryptographic signatures.

See also

Constructors

Link copied to clipboard
constructor()

Types

Link copied to clipboard
object Companion

Companion object containing constants and static configuration for the callback.

Properties

Link copied to clipboard
lateinit var challenge: String

The cryptographic challenge provided by the server that must be signed to prove possession of the private key. This challenge is included in the JWT claims and signed with the user's device key.

Link copied to clipboard
var clientError: String

Error message to be sent to the server if the signing verification operation fails. Can be overridden to provide custom error messages.

Link copied to clipboard
lateinit var description: String

The description to display in authentication prompts. Explains why authentication is required and what signing operation will occur.

Link copied to clipboard
open lateinit override var journey: <Error class: unknown class>

The Journey instance providing access to configuration and logging. Injected by the Journey framework during callback initialization.

Link copied to clipboard
lateinit var subtitle: String

The subtitle to display in authentication prompts. Provides additional context about the signing verification request.

Link copied to clipboard
var timeout: Int

The timeout in seconds for the entire signing verification operation. If the operation takes longer than this time, it will be cancelled. Default value is 30 seconds.

Link copied to clipboard
lateinit var title: String

The title to display in authentication prompts (e.g., biometric or PIN dialogs). Provides context to users about what they are authenticating for during signing.

Link copied to clipboard
var userId: String?

The unique identifier for the user whose device key should be used for signing. If null, the system will either use the single available key or prompt the user to select from multiple available keys. This value is set from the server callback configuration.

Functions

Link copied to clipboard
protected open override fun init(name: String, value: JsonElement)

Initializes callback properties from the server-provided JSON configuration.

Link copied to clipboard
open override fun payload(): JsonObject

Creates the payload to be sent back to the server after signing verification completion.

Link copied to clipboard
suspend fun sign(config: DeviceBindingConfig.() -> Unit = {}): Result<String>

Performs the complete device signing verification operation.