XitAttestationToken structure
XitAttestationToken is the wire format the Mobile Device produces and hands back to the Relying Party at the end of an attestation. The RP forwards it to the Attestation API that parses it and verifies the inner platform-issuer token.
The structure is encoded as CBOR (RFC 8949). The schema is specified in CDDL (RFC 8610) and shown in full at the bottom of this page.
CDDL specification
XitAttestationToken = {
device: {
model: tstr, ; Device model
version: tstr, ; OS version
service: "gms" / "hms" / "apple"
},
token: DeviceToken ; The attestation token, structure depends on the service used
}
DeviceToken = GmsToken / HmsToken / AppleToken / any ; The "any" option is reserved for future use
GmsToken = {
token: tstr, ; The attestation token obtained from Google
packageName: tstr, ; The package name of the app requesting the token
tokenType: "classic" / "standard" ; The type of attestation token (classic or standard)
}
HmsToken = {
token: tstr ; The attestation token obtained from Huawei
}
AppleToken = {
keyId: bstr, ; The key identifier, always required
assertion: bstr, ; The attestation assertion
? attestation: bstr, ; Key attestation, only required on initial attestation
? isJailbroken: bool ; Indicates whether the device is jailbroken. Only present when jailbreak detection is performed on device
}
Top-level fields
device
Identifies the device and the attestation issuer that produced the inner token.
| Field | Type | Description |
|---|---|---|
model | text string | Device model, as reported by the platform. |
version | text string | OS version, as reported by the platform. |
service | text string | One of "gms" (Google Play Integrity), "hms" (Huawei Sys Integrity), or "apple" (Apple App Attest). Selects the inner token variant and the validator on the Attestation API side. |
token
A service-specific structure. Its shape depends on device.service.
GMS token (device.service = "gms")
Used when the device produced a Google Play Integrity token.
| Field | Type | Description |
|---|---|---|
token | text string | The integrity token returned by the Play Integrity API. |
packageName | text string | The Android package name of the app that requested the token. The Attestation API checks this against the package binding in the issued token. |
tokenType | text string | "classic" or "standard" — selects between the classic and standard Play Integrity flows. |
HMS token (device.service = "hms")
Used when the device produced a Huawei attestation token.
| Field | Type | Description |
|---|---|---|
token | text string | The attestation token returned by the Huawei Safety Detect / equivalent service. |
Apple token (device.service = "apple")
Used when the device produced an Apple App Attest assertion (and, on the very first attestation, a key attestation alongside).
| Field | Type | Presence | Description |
|---|---|---|---|
keyId | byte string | required | The App Attest key identifier returned when the key was generated. The Attestation API uses this to look up the public key. |
assertion | byte string | required | The App Attest assertion. Signs over the clientDataHash derived from AppleClientData. |
attestation | byte string | optional | The App Attest key attestation. Required on the first attestation for a given key, omitted on subsequent ones. |
isJailbroken | bool | optional | Set only when the device performs its own jailbreak detection. It is only used when attestation token is valid. |