Here's my notes, written while working on the python library. Hope it helps.
Quote
/callback
Request sent by the browser or the wallet as a response to a challenge Request can be sent in two formats: json or html form
Request
Http method: POST
Parameters:
uri : string - required - bitid uri used as the challenge
signature : string - required - signature of the bitid uri
address : string - required - address used for authentication
Headers:
Content-Type : string - required = "application/json" if request sent by a wallet, otherwise server should assume a manual signing submitted via an html form (see demo)
Response
Process completed
Response format:
address : string - required - address used for authentication
nonce : string - required - session id associated to the authentication
Http code: 200
Process failed
Response format:
message : string - required(?) - message describing the error
Http codes / messages:
Invalid adress
Http code : 401
message : Address is invalid or not legal
Address is valid but not associated to an existing account
Http code : 401
message : Address is invalid or not legal
Invalid BitId uri
Http code : 401
message : BitID URI is invalid or not legal
Invalid signature
Http code : 401
message : Signature is incorrect
Illegal nonce
Http code : 401
message : NONCE is illegal
Expired nonce
Http code : 401
message : NONCE has expired
Server error (pb with db, ...)
Http code : 500
message :
Misc error (specific to implementations by websites)
Http code : 401
message : [...]
/auth
Request sent by the browser to check if authentication has succeeded
Request
Http method: GET
Parameters: None
Headers Cookie: stores the session id
Response
Process completed
Response format:
auth : int - required - 1 if authentication successfully completed, otherwise 0
Http code: 200
Request sent by the browser or the wallet as a response to a challenge Request can be sent in two formats: json or html form
Request
Http method: POST
Parameters:
uri : string - required - bitid uri used as the challenge
signature : string - required - signature of the bitid uri
address : string - required - address used for authentication
Headers:
Content-Type : string - required = "application/json" if request sent by a wallet, otherwise server should assume a manual signing submitted via an html form (see demo)
Response
Process completed
Response format:
address : string - required - address used for authentication
nonce : string - required - session id associated to the authentication
Http code: 200
Process failed
Response format:
message : string - required(?) - message describing the error
Http codes / messages:
Invalid adress
Http code : 401
message : Address is invalid or not legal
Address is valid but not associated to an existing account
Http code : 401
message : Address is invalid or not legal
Invalid BitId uri
Http code : 401
message : BitID URI is invalid or not legal
Invalid signature
Http code : 401
message : Signature is incorrect
Illegal nonce
Http code : 401
message : NONCE is illegal
Expired nonce
Http code : 401
message : NONCE has expired
Server error (pb with db, ...)
Http code : 500
message :
Misc error (specific to implementations by websites)
Http code : 401
message : [...]
/auth
Request sent by the browser to check if authentication has succeeded
Request
Http method: GET
Parameters: None
Headers Cookie: stores the session id
Response
Process completed
Response format:
auth : int - required - 1 if authentication successfully completed, otherwise 0
Http code: 200