With APIGateway acting as proxy , we altered the FIDO API response from VIPAuthHub .

For the API response of FIDORegChallengeGenerator , we altered the NExtAction to something different as Alter_FIDO_Challenge_Verifier and the altered nexaction is received at the client mobile app end. But the registration flow got successful .

Similarly the Login Flow also was successful altering the nextaction of API response of FIDOAuthChallengeVerifier response. Instead of nextaction as Auth_ALLOWED , we altered the nextaction to something different .

Release : any Release

This is not an issue, Nextaction in the response is for the web/mobile client to show the controls and the server maintains the state.

Even if the nextaction is corrupted but web/mobile client is making a proper API calls for the flow, the flow continues without fail.