No-code transcations

What if solution requires more than pure authentication? In that case an integrator can use AAA Reverse Proxy transaction system.

Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using PersonalCode.

Tiny coding effort is required like providing confirmation text and evaluating the operation. When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold.

This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication).

  1. Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”).
  2. Generate transaction ID (internal unique ID of transaction)
  3. Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level (PersonalCode bio factor, no second factor)
  4. Redirect to AAA Reverse Proxy transaction (must be in the same https context)
    • Now ADUCID integration code call PEIG or display a QR
    • Request is processed via PEIG (directly or QR scan)
    • User confirms it and provides PersonalCode
    • User is redirected back to application (return URL)
    • AAA Reverse Proxy writes transaction status to http header
  5. Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong PersonalCode, etc.

User experience:

  1. User clicks on payment button.
  2. Optionally QR code is displayed – user scans it using his / her PEIG
  3. A confirmation message is displayed on his smart phone (PEIG application)
  4. If user agrees, PersonalCode is required (or bio factor)
  5. Done
  • integration/transactions.txt
  • Last modified: 2018/10/24 12:03
  • by tjotov