Object: AuthenticationResponse

Page Summary

The AuthenticationResponse object, sent during authentication, contains associationId , requestId , and authenticationResult .
This object is encrypted, signed (using PGP or JWE+JWS), and encoded with web-safe base64.
authenticationResult indicates the outcome: success , cancelled , or fatalError .
associationId and requestId are used for validation and preventing replay attacks, respectively.

Response body

Object sent during authentication response.

Here's an example of a clear text JSON response:

 {
    "associationId": "88ydEE-ioiwe==",
    "requestId": "375dhjf9-Uydd="
  }

The AuthenticationResponse is encrypted and signed using PGP or JWE+JWS. Further, this value is web-safe base64 encoded. This encoding is referred to below as Base64UrlEncode . In other words, the clear text JSON version of the AuthenticationRequest must be passed through the following functions:

 Base64UrlEncode(
  PGPSignAndEncrypt(
    '{"associationId": "88ydEE-ioiwe==", "requestId": "375dhjf9-Uydd="}'
  )
)

 Base64UrlEncode(
  JWSignAndEncrypt(
    '{"associationId": "88ydEE-ioiwe==", "requestId": "375dhjf9-Uydd="}'
  )
)

JSON representation
{ "associationId" : string , "requestId" : string , "authenticationResult" : { object ( `AuthenticationResult` ) } }

Fields

Fields
`associationId`	`string` Reflected back by the payment integrator to Google. This allows Google to check that the `associationId` passed back is the same `gspAssociationId` passed in. This is required if it is present on the request.
`requestId`	`string` REQUIRED: Reflected back by the payment integrator to Google. This allows Google to prevent replay attacks.
`authenticationResult`	`object ( AuthenticationResult )` The result of the authentication. For flows where there is no subsequent call to the Payment Integrator after the authentication has taken place, the result must be included in the response to ensure the integrity of the result.

associationId

string

Reflected back by the payment integrator to Google. This allows Google to check that the associationId passed back is the same gspAssociationId passed in. This is required if it is present on the request.

requestId

string

REQUIRED: Reflected back by the payment integrator to Google. This allows Google to prevent replay attacks.

authenticationResult

object ( AuthenticationResult )

The result of the authentication. For flows where there is no subsequent call to the Payment Integrator after the authentication has taken place, the result must be included in the response to ensure the integrity of the result.

AuthenticationResult

JSON representation

JSON representation
{ // Union field `result` can be only one of the following: "success" : { object ( `Empty` ) } , "cancelled" : { object ( `Empty` ) } , "fatalError" : { object ( `Empty` ) } // End of list of possible types for union field `result` . }

 { 
 // Union field result 
can be only one of the following: 
 "success" 
 : 
 { 
 object (  Empty 
 
) 
 } 
 , 
 "cancelled" 
 : 
 { 
 object (  Empty 
 
) 
 } 
 , 
 "fatalError" 
 : 
 { 
 object (  Empty 
 
) 
 } 
 // End of list of possible types for union field result 
. 
 }

Fields

Union field result .

result can be only one of the following:

success

object ( Empty )

Authentication was successful.

cancelled

object ( Empty )

User canceled the flow manually and the flow should be aborted.

fatalError

object ( Empty )

Authentication failed for a fatal reason and the flow should be aborted.

Object: AuthenticationResponse Stay organized with collections Save and categorize content based on your preferences.

Page Summary

Response body

AuthenticationResult

Object: AuthenticationResponse