binding/com.pingidentity.device.binding.journey/DeviceSigningVerifierCallback/sign

sign

suspend fun sign(config: DeviceBindingConfig.() -> Unit = {}): Result<String>

Performs the complete device signing verification operation.

This is the main method that orchestrates the entire signing verification process:

  1. Validates custom claims to ensure no reserved claim names are used

  2. Looks up the appropriate user key (by userId or through selection)

  3. Configures the device authenticator based on the key's authentication type

  4. Authenticates the user to access the private key

  5. Signs the challenge using the authenticated key to create a JWT

  6. Handles cleanup and error reporting on failures

User key selection logic:

  • If userId is specified: Finds the exact key for that user

  • If no userId: Uses single available key or prompts user to select from multiple

  • If no keys exist: Throws DeviceNotRegisteredException

The operation is performed within a timeout to prevent indefinite blocking. The signed JWT includes the challenge and any custom claims for server verification.

Return

A Result containing the signed JWT on success, or an error on failure

Parameters

config

Optional configuration block to customize the signing verification behavior

Throws

if no user keys are found

if custom claims contain reserved names

TimeoutCancellationException

if the operation exceeds the timeout