Integration
This section describes integration for both backend systems (Relying Parties (RP)) and Mobile Devices (Device).
General flow
Generally, attestation has few steps:
- Nonce is generated. There are two options:
- Mobile Device contacts the attestation issuer (eg. Google, Apple) to issue token/s
- Mobile Device builds the
XitAttestationTokenstructure and sends it to the Relying Party - Relying Party sends token and required nonce data to Attestation API for validation
- Attestation API validates the token and provides result to Relying Party.