Generate authentication challenge

Open in Claude
Public endpoint that generates a challenge for three-party JWT authentication. **Security Notes:** - Public endpoint, requires external rate limiting - Nonce is single-use and expires based on JWT `exp_poh` claim - Device stores up to 50 nonces with FIFO eviction **Flow:** 1. Client calls this endpoint to get challenge 2. Client presents challenge to auth server with user credentials 3. Auth server issues JWT with nonce and expiration 4. Client submits JWT to `/auth/login` endpoint

Response

Challenge generated successfully
snstring

Device serial number (audience for JWT validation)

now_pohdouble

Current power-on hours (for POH-based expiration)

noncestringformat: "^[A-Za-z0-9_-]{22}$"

128-bit random nonce (base64url, 22 chars) for replay protection

fwstring

Firmware version (semver)

Errors

500
Internal Server Error