get-register-H_ALIAS-PINTAN.rst (1588B)
1 .. http:get:: /register/$H_ALIAS/$PINTAN?alias=$ALIAS 2 3 Endpoint that generates an HTML Web site with a link for completing the 4 registration. Useful to open the registration challenge in a browser (say if 5 it was received on a different device than where the wallet is running). 6 Does NOT complete the registration, as some providers automatically click on 7 all links in messages. Yes, we do not like them doing so either, but ``GET`` 8 is a "safe" method according to the HTTP standard, so technically this is 9 allowed. 10 11 Opening the link will allow the user to do the POST call to this endpoint. 12 If the Taler wallet can somehow intercept the URL (say for SMS, if it has the right 13 permissions) it can skip this request and directly do the POST, as all of 14 the required new information is already encoded in the URL. 15 16 Note that the wallet must be involved before the POST is made, as the 17 ``target_uri`` from the registration must be hashed with the ``$PINTAN`` 18 to protect the user against phishing. Otherwise, someone else might attempt 19 a concurrent registration of a different public key, and the user might 20 accidentally authorize the registration of the public key of a different 21 wallet. 22 ``$H_ALIAS`` is the SHA-512 hash of a prefix-free encoding of the 23 alias to be registered in Crockford Base32 encoding, specifically: 24 ``SHA-512(len($ALIASTYPE)+len($ALIAS)||$ALIASTYPE||$ALIAS)`` 25 The service verifies that ``$ALIAS`` is, in fact, the preimage of ``$H_ALIAS`` 26 and ``$ALIAS`` as well as the ``inbox_uri`` are displayed to the user 27 for verification.