Verification step path

[benjamin-bergia]

Hi,

I have been trying to implement the optional server authentication step of the the gpg authentication, without much success, following the diagram from this page https://help.passbolt.com/tech/auth.
After spending quite some time on this, I just now realized that the reference doc for the API doesn't mention any POST method for the /auth/verify.json endpoint.

I am guessing the api doc is right and maybe the diagram isn't up to date? Should the step 2 of the gpg auth diagram be a POST on /auth/login.json instead of /auth/verify.json?

[garrettboone]

Hi @benjamin-bergia it is supposed to be a POST on /auth/verify.json however the docs are getting updated and the part that is not clear (which is possibly causing you problems) is that the nonce on the client side, before being encrypted, should follow the pattern found lower in Step 4 on https://help.passbolt.com/api/authentication which shows:

gpgauthv1.3.0|36|10e2074b-f610-42be-8525-100d4e68c481|gpgauthv1.3.0

1. The plain text token needs to be v4 UUID and then
2. book-ended with the above pattern.