668
edits
Identity/BrowserID: Difference between revisions
→Certifying Users
| Line 354: | Line 354: | ||
If the user is properly authenticated, the domain SHOULD call: | If the user is properly authenticated, the domain SHOULD call: | ||
navigator.id.genKeyPair(gotPublicKey); | navigator.id.genKeyPair(gotPublicKey); | ||
with <tt>gotPublicKey</tt> a function that accepts a JWK-formatted public key. | with <tt>gotPublicKey</tt> a function that accepts a JWK-string-formatted public-key. | ||
The domain's JavaScript SHOULD then send this JWK string to the domain's backend server. The domain's backend server SHOULD certify this key along with the email address provided to its <tt>provisionEmailFunction</tt> function, and an expiration date at least 1 minutes in the future. The backend server SHOULD NOT issue a certificate valid longer than 24 hours. | |||
== Assertion Verification == | == Assertion Verification == | ||