booth 0.0.1 → 0.0.2

data/app/assets/javascripts/src/authentication.ts

@@ -0,0 +1,41 @@
+import * as Gui from 'booth/gui'
+import { Verification } from 'booth/verification'
+import { AuthenticationError } from 'booth/error'
+
+// --------------------------------
+// WebAuthn Authentication Ceremony
+// --------------------------------
+
+// Essentially a Login using an alreadyregistered authenticator.
+
+export class Authentication {
+  private form: HTMLFormElement
+  private challengeData: any
+
+  constructor(form: HTMLFormElement, challengeData: any) {
+    Gui.clearErrors()
+    this.form = form
+    this.challengeData = challengeData
+    this.call()
+  }
+
+  private async call(): Promise<void> {
+    console.debug('WebAuthn Authentication - Step 1 - Sending challenge to Authenticator')
+
+    try {
+      const publicKey = PublicKeyCredential.parseRequestOptionsFromJSON(this.challengeData)
+      const response = await navigator.credentials.get({ publicKey })
+      if (!response) throw new Error('No credential created')
+      console.debug('WebAuthn Authentication - Step 2 - Received challenge response from Authenticator:')
+      console.debug(response)
+
+      new Verification(this.form, response)
+
+    } catch (error: unknown) {
+      console.error(`WebAuthn Authentication - Step 2 - FAILED`)
+      const registrationError = new AuthenticationError('Passkey Registration failed', error)
+      Gui.error(registrationError)
+    }
+  }
+}
+

data/app/assets/javascripts/src/error.ts

@@ -0,0 +1,35 @@
+export class BoothError {
+  message: string;
+  object?: unknown;
+  name: string;
+
+  constructor(message: string, object?: unknown) {
+    this.message = message;
+    this.name = this.constructor.name;
+    this.object = object;
+  }
+}
+
+export class AuthenticationError extends BoothError { }
+export class RegistrationError extends BoothError { }
+export class VerificationRequestError extends BoothError { }
+export class VerificationError extends BoothError { }
+export class ServerResponseError extends BoothError { }
+export class FormSubmissionError extends BoothError { }
+
+export class FetchError extends BoothError { }
+export class WebAuthnError extends BoothError { }
+export class NetworkError extends BoothError { }
+
+export const Booth = {
+  Error: BoothError,
+  FetchError,
+  WebAuthnError,
+  NetworkError,
+  AuthenticationError,
+  RegistrationError,
+  VerificationRequestError,
+  VerificationError,
+  ServerResponseError,
+  FormSubmissionError,
+} as const;

data/app/assets/javascripts/src/form.ts

@@ -0,0 +1,90 @@
+import * as Gui from 'booth/gui'
+import { Registration } from 'booth/registration'
+import { Authentication } from 'booth/authentication'
+import { ServerResponseError } from 'booth/error'
+import { FormSubmissionError } from 'booth/error'
+
+export class Form {
+  private form: HTMLFormElement
+
+  constructor(form: HTMLFormElement) {
+    this.form = form
+  }
+
+  setupRegistration() {
+    this.form.addEventListener('submit', async (event: Event) => {
+      console.debug('WebAuthn Registration - Step 1 - User clicked register new device button')
+      event.preventDefault()
+
+      console.debug('WebAuthn Registration - Step 2 - Client requests challenge from Relying Party')
+      this.submitAsynchronously((form, data) => {
+        console.debug('WebAuthn Registration - Step 3 - Client received challenge from Relying Party')
+        console.debug(data)
+        new Registration(form, data)
+      })
+    })
+
+    this.enableButtons()
+    console.debug("[Booth] Loaded Registration Form.")
+  }
+
+  setupAuthentication() {
+    this.form.addEventListener('submit', async (event: Event) => {
+      console.debug('WebAuthn Authentication - Step 1 - User clicked login')
+      event.preventDefault()
+
+      console.debug('WebAuthn Authentication - Step 2 - Client requests challenge from Relying Party')
+      this.submitAsynchronously((form, data) => {
+        console.debug('WebAuthn Authentication - Step 3 - Client received challenge from Relying Party:')
+        console.debug(data)
+        new Authentication(form, data)
+      })
+    })
+
+    this.enableButtons()
+    console.debug("[Booth] Loaded Authentication Form.")
+  }
+
+  private async submitAsynchronously(onSuccess: (form: HTMLFormElement, data: any) => void) {
+    Gui.clearErrors()
+    const tokenInput = this.form.querySelector(`input[type="hidden"][name="authenticity_token"]`) as HTMLInputElement
+
+    const headers = new Headers({
+      'Accept': 'application/json',
+      'X-CSRF-Token': tokenInput?.value,
+    })
+
+    try {
+      const response = await fetch(this.form.action, {
+        headers,
+        redirect: 'manual',
+        method: this.form.method.toUpperCase(),
+        body: new FormData(this.form),
+      })
+      if (response.status !== 201) throw new ServerResponseError(`Expected status 201, got ${response.status}`, response)
+
+      const data = await response.json()
+      onSuccess(this.form, data)
+
+    } catch (error) {
+      console.error(`Form submission failed`)
+      const formSubmissionError = new FormSubmissionError('Form submission failed', error)
+      Gui.error(formSubmissionError)
+    }
+  }
+
+  private enableButtons() {
+    if (!window.PublicKeyCredential) {
+      console.error("WebAuth not supported by this browser")
+
+    } else if (!window.isSecureContext) {
+      console.error("This page is no secure context. Please use HTTPS or the domain ending .localhost")
+
+    } else {
+      this.form.querySelectorAll<HTMLButtonElement>('button').forEach(button => {
+        button.removeAttribute('disabled')
+        console.debug(`Unlocked Booth Passkey Trigger ${button.id}`)
+      })
+    }
+  }
+}

data/app/assets/javascripts/src/gui.ts

@@ -0,0 +1,59 @@
+import { BoothError } from 'booth/error'
+import { ServerResponseError } from 'booth/error'
+
+export function error(error: BoothError) {
+  if (error.object) console.error(error.object)
+
+  extractErrorMessage(error.object).then(message => {
+    document.querySelectorAll<HTMLFormElement>('.js-booth-error').forEach((el) => {
+      el.querySelectorAll<HTMLFormElement>('.js-booth-error__details').forEach((details) => {
+        details.textContent = error.message + ' - ' + message
+      })
+      el.classList.remove('is-invisible')
+    })
+  })
+}
+
+export function clearErrors() {
+  document.querySelectorAll<HTMLFormElement>('.js-booth-error').forEach((el) => {
+    el.classList.add('is-invisible')
+    el.querySelectorAll<HTMLFormElement>('.js-booth-error__details').forEach((details) => {
+      details.textContent = 'Unknown Error'
+    })
+  })
+}
+
+export function reloadSoon() {
+  const seconds = Math.floor(Math.random() * 3) + 5
+  setTimeout(() => {
+    console.debug('Reloading page...')
+    window.location.reload()
+  }, 1000 * seconds)
+}
+
+async function extractErrorMessage(object: unknown): Promise<string> {
+  if (object instanceof ServerResponseError) {
+    return extractErrorMessage(object.object)
+
+  } else if (object instanceof Response) {
+    if (object.type == 'opaqueredirect') {
+      return "Unexpected Redirect by the Server"
+    }
+
+    try {
+      const data = await object.json()
+
+      return data.public_message ?? JSON.stringify(data)
+    } catch {
+      return String(object.status)
+    }
+
+  } else if (object instanceof Error) {
+    if (object.name === 'NotAllowedError') {
+      return 'Authentication was cancelled.'
+    }
+    return `${object.name} - ${object.message}`
+
+  }
+  return String(object)
+}

data/app/assets/javascripts/src/registration.ts

@@ -0,0 +1,44 @@
+import * as Gui from 'booth/gui'
+import { Verification } from 'booth/verification'
+import { RegistrationError } from 'booth/error'
+
+// ------------------------------
+// WebAuthn Registration Ceremony
+// ------------------------------
+
+// Assuming a user has already created an account with the online service,
+// the user registers one or more authenticators against that identity.
+
+export class Registration {
+  private form: HTMLFormElement
+  private challengeData: any
+
+  constructor(form: HTMLFormElement, challengeData: any) {
+    Gui.clearErrors()
+    this.form = form
+    this.challengeData = challengeData
+    this.call()
+  }
+
+  private async call(): Promise<void> {
+    console.debug('WebAuthn Registration - Step 4 - Sending challenge to Authenticator')
+
+    try {
+      const publicKey = PublicKeyCredential.parseCreationOptionsFromJSON(this.challengeData)
+      const response = await navigator.credentials.create({ publicKey })
+      if (!response) throw new Error('No credential created')
+
+      console.debug('WebAuthn Registration - Step 5 - Received challenge response from Authenticator')
+      console.debug(response)
+
+      new Verification(this.form, response)
+
+    } catch (error: unknown) {
+      // TODO: Better UI message when `InvalidStateError` happens (duplicate device).
+      //       And maybe also a dedicated message for `AbortError` (user cancelled).
+      console.warn(`WebAuthn Registration - Step 4 - FAILED`)
+      const registrationError = new RegistrationError('Passkey Registration failed', error)
+      Gui.error(registrationError)
+    }
+  }
+}

data/app/assets/javascripts/src/verification.ts

@@ -0,0 +1,61 @@
+import * as Gui from 'booth/gui'
+import { VerificationRequestError, ServerResponseError } from 'booth/error'
+
+export class Verification {
+  private form: HTMLFormElement
+  private handshake: any
+
+  public constructor(form: HTMLFormElement, handshake: any) {
+    Gui.clearErrors()
+    this.form = form
+    this.handshake = handshake
+    this.call()
+  }
+
+  private call() {
+    const methodInput = this.form.querySelector(`input[type="hidden"][name="_method"]`) as HTMLInputElement
+    const formData = new FormData(this.form)
+    const formDataObj = Object.fromEntries(formData)
+
+    const body = JSON.stringify({
+      ...formDataObj,
+      handshake: this.handshake,
+    })
+
+    const options: RequestInit = {
+      body: body,
+      method: methodInput?.value?.toUpperCase() || 'POST',
+      credentials: 'same-origin',
+      redirect: 'manual',
+      headers: {
+        'Content-type': 'application/json',
+        'Accept': 'application/json',
+      }
+    }
+
+    console.debug('WebAuthn Verification - Sending signed challenge to Relying Party')
+    console.debug(options)
+
+    fetch(this.form.action, options)
+      .then((response) => {
+
+        // Conventionally the server is programmed such that it returns 201 on successful WebAuth verification.
+        // That makes it easier to detect a mistake (most other server endpoints will usually respond with 200).
+        if (response.status == 201) {
+          console.debug(`WebAuthn Verification Phase - SUCCESS - ${response.statusText}`)
+          console.info(`Reloading page with a GET request: ${window.location.href}`)
+          window.location.href = window.location.href
+
+        } else {
+          console.warn(`WebAuthn Verification Phase - FAILED`)
+          throw new ServerResponseError('Server did not respond with 201', response)
+        }
+
+      }).catch((error: unknown) => {
+        console.warn(error)
+        console.warn(`WebAuthn Verification - FAILED`)
+        const wrappedError = new VerificationRequestError('Passkey Verification Request failed', error)
+        Gui.error(wrappedError)
+      })
+  }
+}

data/app/assets/stylesheets/booth/booth.css

@@ -0,0 +1,3 @@
+.js-booth-error.is-invisible {
+  display: none;
+}

data/config/importmap.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+pin 'booth', to: 'booth/setup.js'
+
+pin 'booth/authentication', to: 'booth/authentication.js'
+pin 'booth/error', to: 'booth/error.js'
+pin 'booth/form', to: 'booth/form.js'
+pin 'booth/gui', to: 'booth/gui.js'
+pin 'booth/registration', to: 'booth/registration.js'
+pin 'booth/setup', to: 'booth/setup.js'
+pin 'booth/verification', to: 'booth/verification.js'

data/config/locales/de.yml

@@ -3,64 +3,42 @@ de:
   activerecord:
     attributes:
       booth/models/onboarding:
-        password: Passwort
-        password_confirmation: Passwort
         authenticator_nickname: Gerätename
-    errors:
-      messages:
-        not_pwned: ist unsicher, weil es in %{count} Datenlecks veröffentlicht wurde.
 
   booth:
+    administratively_blocked: Dieser Benutzer wurde gesperrt. Bitte kontaktieren Sie unseren Kundenservice.
     all_other_sessions_revoked: All other devices except this one have been logged out.
-    already_responded_to_contest: You have already responded to this contest.
+    already_responded_to_remote: You have already responded to this remote.
     attempt_was_ignored: Dieser Versuch wurde ignoriert.
     attempts_left: You may try %{attempts_left} more times.
     authenticator_not_found: Could not find that hardware key.
     authenticator_removal_failed: Could not delete that hardware key.
-    blank_contest_code: You did not enter a code.
     blank_email: Please provide an email address.
     blank_nickname: Please provide a name for your device.
-    blank_otp: Bitte gib den Einmalcode ein, den dir deine Authenticator App anzeigt.
-    blank_password: Bitte gib dein Passwort ein.
+    blank_remote_code: You did not enter a code.
     blank_secret_key: The provided secret key is empty. Is the URL correct?
     blank_username: Trage bitte deinen Benutzernamen ein.
-    contest_response_accepted: You entered the correct code. You have now been logged in on the other device.
-    contest_timed_out: You had %{lifespan_minutes} minutes to enter the response code, but it took too long. Please start again.
+    domain_mismatch: Dieser Benutzername kann sich nicht hier einloggen.
     email_too_long: The provided email is too long. It must be less at most %{maximum} characters long.
     email_too_short: The provided email is too short. It should be at least %{minimum} characters long.
     incompatible_webauth_device: Sorry, this device cannot be used. Please try another webauth device.
-    invalid_contest_code_format: Der Code darf nur aus Zahlen bestehen.
+    invalid_domain: Die Domain "%{domain}" ist keine gültige Domain.
     invalid_email_characters: The provided email address contains invalid characters.
     invalid_email_format: The provided email address does not look valid.
-    invalid_otp_format: Der Einmalcode darf nur aus Zahlen bestehen.
+    invalid_remote_code_format: Der Code darf nur aus Zahlen bestehen.
     invalid_secret_key_format: The provided secret key contains invalid characters. It should be from the Base58 alphabet.
-    invalid_username_format: Der eingegebene Benutzername enthält ungültige Zeichen.
+    invalid_username_format: Der eingegebene Benutzername enthält ungültige Zeichen. Nur Buchstaben und Zahlen sind erlaubt.
     last_attempt: This is your last attempt and you will have to contact customer service if you fail.
-    logged_in_user_cannot_reset_password: You are currently logged in. If you forgot your password, try another browser or logout first.
     login_timeout: Du hattest %{lifespan_minutes} Minuten um den Login abzuschließen, es hat aber länger gedauert. Bitte beginne erneut.
     missing_secret_key: Missing the secret key parameter. Is the URL correct?
-    mode_username_and_password_description: Benutzername und Passwort. Kann leicht gestohlen werden.
-    mode_username_and_password_title: Passwort (unsicher)
     mode_username_and_webauth_description: Auch bekannt als WebAuthentication (WebAuthn), FIDO2, CTAP2, Apple Passkey (Touch ID, Face ID).
     mode_username_and_webauth_title: Hardwareschlüssel (empfohlen)
-    mode_username_password_and_otp_description: Wenn kein kompatibler Hardwareschlüssel zur Hand ist.
-    mode_username_password_and_otp_title: Passwort und Einmalpasswort
-    mode_username_password_and_webauth_description: Zusätzlich zum Hardwareschlüssel muss jedesmal auch das Passwort eingegeben werden.
-    mode_username_password_and_webauth_title: Passwort und Hardwareschlüssel (am sichersten)
-    otp_removed: You successfully removed your OTP configuration.
-    otp_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current OTP again.
-    otp_unavailable: You can't use OTP at this time.
-    password_changed: You successfully changed your password.
-    password_removed: You successfully removed your password.
-    password_reset_needs_username: To reset your password, please provide a username first.
-    password_reset_not_available: This username cannot reset the password. Please contact support.
-    password_successfully_reset: Your new password has been saved.
-    password_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current password again.
-    password_unavailable: You can't use a password at this time.
-    passwordless_cannot_change_password: You cannot change your password because you don't have one.
+    onboarding_timeout: Sie hatten %{lifespan_hours} Stunden to access this onboarding link, but it took too long.
     permanently_blocked: You failed too many times for this account. Please contact customer service.
+    remote_login_path: fernlogin
+    remote_response_accepted: You entered the correct code. You have now been logged in on the other device.
+    remote_timed_out: You had %{lifespan_minutes} minutes to enter the response code, but it took too long. Please start again.
     session_revoked: Das Gerät mit der IP %{ip} wurde erfolgreich ausgeloggt.
-    short_password: Das kann nicht dein Passwort sein, weil es zu kurz ist. Es muss aus mindestens %{minlength} Zeichen bestehen.
     some_authenticator_removed: Hardware key successfully deleted.
     successfully_logged_out: Du hast dich erfolgreich ausgeloggt.
     try_again_cooldown: Du kannst es in %{distance_of_time_until_cooldown} erneut probieren.
@@ -70,15 +48,13 @@ de:
     unknown_username: Dieser Benutzername existiert nicht.
     unknown_webauth_device: Sorry, We don't recognize that device. Have you registered it before?
     username_already_exists: This username already exists. Try to login instead?
+    username_must_start_with_letter: Der Benutzername muss mit einem Buchstaben beginnen.
     username_too_long: The provided username is too long. It must be less at most %{maximum} characters long.
     username_too_short: The provided username is too short. It should be at least %{minimum} characters long.
     webauth_irremovable: You cannot remove any of your hardware keys.
     webauth_missing_authenticators: You cannot login using webauth, because we don't know any of your hardware keys.
-    webauth_removed: Hardware keys successfully deleted. Now you log in only with your password.
+    webauth_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current Passkey again.
     webauth_unavailable: You can't use WebAuthn at this time.
-    wrong_contest_code_length: The code you entered was not %{digits} digits long.
-    wrong_otp_length: Der Einmalcode muss aus %{digits} Zahlen bestehen.
-    wrong_otp: Dieser Einmalcode ist falsch, vielleicht ist er schon abgelaufen.
-    wrong_password: Das war nicht das richtige Passwort.
+    wrong_remote_code_length: The code you entered was not %{digits} digits long.
     wrong_response_code: This was not the code that is currently shown on the login page on the other device.
     wrong_secret_key_length: The provided secret key does not have the correct length. It should be 30 characters long.

data/config/locales/en.yml

@@ -1,61 +1,44 @@
 en:
 
   activerecord:
-    errors:
-      messages:
-        not_pwned: is isecure, because it has been published in %{count} data leaks.
+    attributes:
+      booth/models/onboarding:
+        authenticator_nickname: Device Name
 
   booth:
+    administratively_blocked: This Account is blocked. Please contact customer service.
     all_other_sessions_revoked: All other devices except this one have been logged out.
-    already_responded_to_contest: You have already responded to this contest.
+    already_responded_to_remote: You have already responded to this remote.
     attempt_was_ignored: This attempt has been ignored.
     attempts_left: You may try %{attempts_left} more times.
     authenticator_not_found: Could not find that hardware key.
     authenticator_removal_failed: Could not delete that hardware key.
-    blank_contest_code: You did not enter a code.
     blank_email: Please provide an email address.
     blank_nickname: Please provide a name for your device.
-    blank_otp: Please provide the one-time code your authenticator app is showing you.
-    blank_password: Please provide a password.
+    blank_remote_code: You did not enter a code.
     blank_secret_key: The provided secret key is empty. Is the URL correct?
     blank_username: Please provide a username.
-    contest_response_accepted: You entered the correct code. You have now been logged in on the other device.
-    contest_timed_out: You had %{lifespan_minutes} minutes to enter the response code, but it took too long. Please start again.
+    domain_mismatch: This username cannot log in here.
     email_too_long: The provided email is too long. It must be less at most %{maximum} characters long.
     email_too_short: The provided email is too short. It should be at least %{minimum} characters long.
     incompatible_webauth_device: Sorry, this device cannot be used. Please try another webauth device.
-    invalid_contest_code_format: The code may only consist of digits.
+    invalid_domain: The Domain "%{domain}" is not a valid domain name.
     invalid_email_characters: The provided email address contains invalid characters.
     invalid_email_format: The provided email address does not look valid.
-    invalid_otp_format: The one-time may only consist of digits.
+    invalid_remote_code_format: The code may only consist of digits.
     invalid_secret_key_format: The provided secret key contains invalid characters. It should be from the Base58 alphabet.
-    invalid_username_format: The provided username contains invalid characters.
+    invalid_username_format: The provided username contains invalid characters. Only letters and numbers are allowed.
     last_attempt: This is your last attempt and you will have to contact customer service if you fail.
-    logged_in_user_cannot_reset_password: You are currently logged in. If you forgot your password, try another browser or logout first.
     login_timeout: You had %{lifespan_minutes} minutes to complete the login, but it took too long. Please start again.
     missing_secret_key: Missing the secret key parameter. Is the URL correct?
-    mode_username_and_password_description: Username and password. Can easily be stolen.
-    mode_username_and_password_title: Password (insecure)
     mode_username_and_webauth_description: Also known as WebAuthentication (WebAuthn), FIDO2, CTAP2, Apple Passkey (Touch ID, Face ID).
     mode_username_and_webauth_title: Hardware key (recommended)
-    mode_username_password_and_otp_description: Use this if you don't have a hardware key.
-    mode_username_password_and_otp_title: Password and one-time-password.
-    mode_username_password_and_webauth_description: Additionally to your hardware key, you will have to enter your password. So nobody with your hardware key can just log in.
-    mode_username_password_and_webauth_title: Password and hardware key (most secure)
-    otp_removed: You successfully removed your OTP configuration.
-    otp_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current OTP again.
-    otp_unavailable: You can't use OTP at this time.
-    password_changed: You successfully changed your password.
-    password_removed: You successfully removed your password.
-    password_reset_needs_username: To reset your password, please provide a username first.
-    password_reset_not_available: This username cannot reset the password. Please contact support.
-    password_successfully_reset: Your new password has been saved.
-    password_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current password again.
-    password_unavailable: You can't use a password at this time.
-    passwordless_cannot_change_password: You cannot change your password because you don't have one.
+    onboarding_timeout: You had %{lifespan_hours} hours to access this onboarding link, but it took too long.
     permanently_blocked: You failed too many times for this account. Please contact customer service.
+    remote_login_path: remote
+    remote_response_accepted: You entered the correct code. You have now been logged in on the other device.
+    remote_timed_out: You had %{lifespan_minutes} minutes to enter the response code, but it took too long. Please start again.
     session_revoked: The logged in device with the IP %{ip} has successfully been logged out.
-    short_password: That cannot be the password, because it was too short. It must be at least %{minlength} characters long.
     some_authenticator_removed: Hardware key successfully deleted.
     successfully_logged_out: Logout successful.
     try_again_cooldown: You may try again in %{distance_of_time_until_cooldown}.
@@ -65,15 +48,13 @@ en:
     unknown_username: We don't know that username.
     unknown_webauth_device: Sorry, We don't recognize that device. Have you registered it before?
     username_already_exists: This username already exists. Try to login instead?
+    username_must_start_with_letter: The provided username does not start with a letter (a-z).
     username_too_long: The provided username is too long. It must be less at most %{maximum} characters long.
     username_too_short: The provided username is too short. It should be at least %{minimum} characters long.
     webauth_irremovable: You cannot remove any of your hardware keys.
     webauth_missing_authenticators: You cannot login using webauth, because we don't know any of your hardware keys.
-    webauth_removed: Hardware keys successfully deleted. Now you log in only with your password.
+    webauth_sudo_timeout: You had %{lifespan_minutes} minutes to perform this action, but it took too long. Please start again by providing your current Passkey again.
     webauth_unavailable: You can't use WebAuthn at this time.
-    wrong_contest_code_length: The code you entered was not %{digits} digits long.
-    wrong_otp_length: The one-time code must be %{digits} digits long.
-    wrong_otp: The one-time code is wrong, maybe it already expired.
-    wrong_password: Wrong password.
+    wrong_remote_code_length: The code you entered was not %{digits} digits long.
     wrong_response_code: This was not the code that is currently shown on the login page on the other device.
     wrong_secret_key_length: The provided secret key does not have the correct length. It should be 30 characters long.