OK on success or FAIL when there's an error. When there's an error, see errmsg for the error text. The absence of this variable should also be considered an error.

The error message if success was FAIL, not present if OK. If the success variable isn't present, this variable most likely won't be either (in the case of a server error), and clients should just report "Server Error, try again later.".

You can ignore this for now. By default this is the highest version of our authentication schemes, if in the future if we implement other auth schemes or change the default. In that case we'd add a new capabilities exchange: your client could say, "I know c0 and c1", and our server would then say, "Use c1, it's the best."

An opaque cookie to generate a hashed response from.

The expiration time of the challenge, as measured in seconds since the Unix epoch.

The server time when the challenge was generated, as measured in seconds since the Unix epoch.