Trusted Authentication is a solution developed by Astra and trusted clients that enables access to Astra for all users who have already successfully completed 2FA with a client, providing a frictionless onboarding experience. If an end-user has authenticated with your client in the last 30 days, Astra will “trust” this authentication and allow the user to bypass the authentication step in our SDK.
Approval and Client Configuration
Getting set up with Trusted Authentication is simple:
Before you can start using Trusted Auth, you’ll need to send your customer success rep representative an email indicating that you’d like your client to be enabled for "Trusted Authentication". Your client will need to have an API that Astra can access to retrieve customer information, which must include a last authenticated time and phone number that matches the Astra UserIntent or User record. Once that has been approved, Astra will enable your client for Trusted Authentication.
Example Astra Request
Endpoint: GET /v1/customers/123456
Example Client Response
{
"customer_id": "123456",
"first_name": "Jane",
"last_name": "Doe",
"phone": "+15555551234",
"lastAuthenticationTime": "2023-01-01T13:47:13.920Z"
}
Generating a Partner Identity Verification Token
The first step in authenticating a user is generating a short-lived (1 minute), one-time-use Partner Identity Verification Token. In order to generate a token, your client must provide a customer_id from your system (to be verified by Astra), as well as the Astra user_id or user_intent_id of the user.
Client Request
Endpoint: POST /v1/partner/identity/verification
{
"provider": "Unit",
"provider_data": {
"customer_id": "123456"
},
"user_id": "user_123456",
"user_intent_id": "user_intent_123456"
}
Note: A user_id or user_intent_id is required, but not both.
Astra Response
{
"token": "token_123456"
}
Authenticating a User
Once your client has a Partner Identity Verification Token, the user should be directed to the Astra Web SDK with the following query string parameters.
Parameters
| Parameter | Required | Description |
|---|---|---|
| session_token | required | the Partner Identity Verification Token string |
| user_intent_id | required* | required if a user_intent_id was used in the initial token creation request |
| client_id | required | your Developer Client ID |
| user_id | optional | user_id used in the initial token creation request |
Example with Query Strings
https://app.astra.finance/login/oauth/authorize?session_token=token_123456&client_id=client_123456&user_id=user_123456&redirect_uri=https://redirect.com/&response_type=code