The Custom URL scheme currently supports RFC2289 based challenges and responses.
The custom URL scheme is only available in OTP Pro, an In-App purchase.
The [One Time Password authentication system] uses a secret pass-phrase to generate a sequence of one-time (single use) passwords. With this system the user's secret pass-phrase never need to cross the network at any time such as during authentication or during pass-phrase change. Thus, it is not vulnerable to replay attacks. Added security is provided by the property that no secret information need be stored on any system, including the server being protected.
OTP Pro supports a custom URL scheme to make sharing one time password challenges and responses easier and quicker. Coupled with the options to share via email or message this functionality can quickly be included in your workflow.
Adam uses OTP Pro to generate a One Time Password challenge and sends this using the custom URL scheme via iMessage to Alice
Alice, on receiving the iMessage, clicks on the URL to automatically open OTP Pro
Alice provides the secret passphrase and generates the appropriate response.
Alice then sends this response back to Adam using the custom URL scheme and iMessage
Adam, on receiving the iMessage from Alice, clicks on the contained URL to open OTP Pro
Adam can then provide the secret passphrase and verify the response returned to him by Alice