CheckResponse Method
Parses the specified message.
Syntax
server.checkResponse(response, [callback])
Callback
The 'callback' parameter specifies a function which will be called when the operation completes (or an error is encountered). If the 'callback' parameter is not specified, then the method will block and will not return until the operation completes (or an error is encountered).
The callback for this method is defined as:
function(err){ }
'err' is the error that occurred. If there was no error, then 'err' is 'null'.
'err' has 2 properties which hold detailed information:
err.code err.message
Remarks
CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.
The following messages can be parsed using this method:
- The threeDSMethodData form variables received at the MethodNotificationURL
- The Results Request message received at the ResultsURL
- The cres form variables received at the NotificationURL
When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.
Method Data from MethodNotificationURL
After calling GetMethodData, a request is made to the CardRangeMethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:
The ServerTransactionId may be used to match the response with the request.Results Request message from ResultsURL
When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.
Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the ProtocolVersion configuration setting prior to passing the RReq message to the CheckResponse method.
Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.
After calling this method, the following properties are populated:
- AuthenticationECI
- TransactionStatus
- TransactionStatusReason
- ChallengeCancellationIndicator
- AuthenticationType
- AuthenticationValue
To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in your application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8
Final Challenge Response from NotificationURL
In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:
In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.