I have create Push Notification Registration Tree, when I am using the same tree in the postman so at the register callback how can I handle that callback

tanay.sinha11 · February 8, 2024, 8:55am

Hi All,
I have created a push notification journey and from UI when I am testing the journey its work fine, but when I am trying the same in the postman call I am not sure how to handle when it ask to scan the QR callback and what exactly need to pass to make it register on mobile authenticator app, Do I need to handle the code externally by some code or IDC has some functionality where I can handle that QR scan callback. Below is the snippet of the exact postman post call to scan QR code.

{

“authId”: “eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6IlRBX01GQV9QU1JfRU1BSUxfTG9naW5fTUZBX0RldmljZSIsIm90ayI6InM4OG5vNnBwbTZ1cTZsMXNqZG80bWRjN2toIiwiYXV0aEluZG**********************”,*
“callbacks”: [*
```
   {*
```
```
       "type": "TextOutputCallback",*
```
```
       "output": [*
```
```
           {*
```
```
               "name": "message",*
```

               "value": "Scan the QR code image below with the ForgeRock Authenticator app to register your device with your login."*

```
           },*
```
```
           {*
```
```
               "name": "messageType",*
```
```
               "value": "0"*
```
```
           }*
```
```
       ]*
```
```
   },*
```
```
   {*
```
```
       "type": "TextOutputCallback",*
```
```
       "output": [*
```
```
           {*
```
```
               "name": "message",*
```

               "value": "window.QRCodeReader.createCode({\n    id: 'callback_0',\n    text: 'pushauth\\x3A\\x2F\\x2Fpush\\x2FForgeRock\\x3Atesttanay\\x3Fa\\x3DaHR0cHM6Ly9vcGVuYW0tdGVsdXNpZGNzbmRieC1uYW5lMS5mb3JnZWJsb2Nrcy5jb206NDQzL2FtL2pzb24vYWxwaGEvcHVzaC9zbnMvbWVzc2FnZT9fYWN0aW9uPWF1dGhlbnRpY2F0ZQ\\x26r\\x3DaHR0cHM6Ly9vcGVuYW0tdGVsdXNpZGNzbmRieC1uYW5lMS5mb3JnZWJsb2Nrcy5jb206NDQzL2FtL2pzb24vYWxwaGEvcHVzaC9zbnMvbWVzc2FnZT9fYWN0aW9uPXJlZ2lzdGVy\\x26b\\x3D032b75\\x26s\\x3DdQGaEq8Wzo1Cj31E7WAIIJMru5zh37woxQMWnMoZZWw\\x26c\\x3DMD2nMl_wCQKNYf1botFplb8_qli4aBAIQphcgYc0azI\\x26l\\x3DYW1sYmNvb2tpZT0wMQ\\x26m\\x3DREGISTER\\x3Aa2302c05\\x2D84e5\\x2D4a19\\x2D884b\\x2D04bd3b2c5cd71707381969797\\x26issuer\\x3DRm9yZ2VSb2Nr',\n    version: '25',\n    code: 'L'\n});"*

```
           },*
```
```
           {*
```
```
               "name": "messageType",*
```
```
               "value": "4"*
```
```
           }*
```
```
       ]*
```
```
   },*
```
```
   {*
```
```
       "type": "HiddenValueCallback",*
```
```
       "output": [*
```
```
           {*
```
```
               "name": "value",*
```

               "value": "pushauth://push/ForgeRock:testtanay?l=YW1sYmNvb2tpZT0wMQ&issuer=Rm9yZ2VSb2Nr&m=REGISTER:a2302c05-84e5-4a19-884b-04bd3b2c5cd71707381969797&s=dQGaEq8Wzo1Cj31E7WAIIJMru5zh37woxQMWnMoZZWw&c=MD2nMl_wCQKNYf1botFplb8_qli4aBAIQphcgYc0azI&r=aHR0cHM6Ly9vcGVuYW0tdGVsdXNpZGNzbmRieC1uYW5lMS5mb3JnZWJsb2Nrcy5jb206NDQzL2FtL2pzb24vYWxwaGEvcHVzaC9zbnMvbWVzc2FnZT9fYWN0aW9uPXJlZ2lzdGVy&a=aHR0cHM6Ly9vcGVuYW0tdGVsdXNpZGNzbmRieC1uYW5lMS5mb3JnZWJsb2Nrcy5jb206NDQzL2FtL2pzb24vYWxwaGEvcHVzaC9zbnMvbWVzc2FnZT9fYWN0aW9uPWF1dGhlbnRpY2F0ZQ&b=032b75"*

```
           },*
```
```
           {*
```
```
               "name": "id",*
```

               "value": "mfaDeviceRegistration"*

```
           }*
```
```
       ],*
```
```
       "input": [*
```
```
           {*
```
```
               "name": "IDToken3",*
```

               "value": "mfaDeviceRegistration"*

```
           }*
```
```
       ]*
```
```
   },*
```
```
   {*
```
```
       "type": "PollingWaitCallback",*
```
```
       "output": [*
```
```
           {*
```
```
               "name": "waitTime",*
```
```
               "value": "2000"*
```
```
           },*
```
```
           {*
```
```
               "name": "message",*
```

               "value": "Waiting for response..."*

```
           }*
```
```
       ]*
```
```
   }*
```
]*
}

thomas.liebeck · February 8, 2024, 2:14pm

The TextOutPut callback is to render a QR code in a browser (user agent). Since you are on postman / curl you can extract the values from the HiddenValueCallback. The pushauth://… url has a bunch of parameters which are base64 encoded strings. If you decode them you see that you revealed some endpoints here in this thread
Usually the Forgerock SDK uses this url to generate the device mechanism and uses the value in the ‘r’ query parameter to send a reply to AM Server. This triggers the Push Registration node to register the device at Amazon SNS. After this the device information is stored at the user in DS in pushDeviceProfiles attribute.
When using the FR Authenticator and still using postman you have to render the QR code by some QR code renderer, maybe you find a trustworthy online. After this scan the QR code with the authenticator app and things go on.
When you develop with yourself leveraging the FR SDK you need to provide the pushauth://… url to the SDK. The mechanism has to be generated on the device you can’t get away with just postman. There is a cool community post which provides the insights Push Protocol – Challenge/Response & Registration Redux