README
¶
webauthn
Golang package to make a WebAuthn Relying Party
This is still a work in progress
See the it used in this demo.
Documentation
¶
Index ¶
- Constants
- func NewChallenge() ([]byte, error)
- func ValidateAuthentication(p PublicKeyCredential, originalChallenge []byte, ...) error
- func ValidateRegistration(p PublicKeyCredential, originalChallenge []byte, relyingPartyOrigin string, ...) error
- type AttStmt
- type Attestation
- type AttestationConveyancePreference
- type AuthenticatorData
- type AuthenticatorDataFlags
- type Base64EncodedString
- type CollectedClientData
- type Parameters
- type PublicKeyCredential
- type PublicKeyCredentialOptions
- type PublicKeyCredentialResponse
- type PublicKeyCredentialType
- type RegistrationParts
- type RpEntity
- type TokenBinding
- type TokenBindingStatus
- type UserEntity
Constants ¶
const ( AttestationConveyancePreferenceNone = "none" AttestationConveyancePreferenceIndirect = "indirect" AttestationConveyancePreferenceDirect = "direct" )
AttestationConveyancePreference enumeration
const ( AuthenticatorDataFlagBitMaskUserPresent = 0x01 // 0000 0001 AuthenticatorDataFlagBitMaskUserVerified = 0x04 // 0000 0100 AuthenticatorDataFlagBitMaskHasCredentialData = 0x40 // 0100 0000 AuthenticatorDataFlagBitMaskHasExtension = 0x80 // 1000 0000 )
Bit masks for authenticator data
const (
PublicKeyCredentialTypePublicKey = "public-key"
)
PublicKeyCredentialType enumeration
Variables ¶
This section is empty.
Functions ¶
func NewChallenge ¶
NewChallenge creates a challenge that gets sent with every new registation and authentication
func ValidateAuthentication ¶
func ValidateAuthentication(p PublicKeyCredential, originalChallenge []byte, relyingPartyOrigin, userID string) error
ValidateAuthentication performs the 18 step validation on on a parse response from navigator.credentials.get https://w3c.github.io/webauthn/#verifying-assertion
func ValidateRegistration ¶
func ValidateRegistration(p PublicKeyCredential, originalChallenge []byte, relyingPartyOrigin string, userVerificationRequired bool) error
ValidateRegistration checks to see if the information sent back was valid vial 19 steps https://w3c.github.io/webauthn/#registering-a-new-credential
Types ¶
type AttStmt ¶
type AttStmt struct {
Sig []uint8 `json:"sig"`
X5c []interface{} `json:"x5c"`
}
AttStmt attestation statement
type Attestation ¶
type Attestation struct {
Fmt string `json:"fmt"`
AuthData []byte `json:"authData"`
AttStmt AttStmt `json:"attStmt"`
}
Attestation Object that can be decoded from the response from `navigator.credentials.create()` https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse/attestationObject
func DecodeAttestation ¶
func DecodeAttestation(s Base64EncodedString) (Attestation, error)
DecodeAttestation decodes a base64 CBOR encoded Attestation
type AttestationConveyancePreference ¶
type AttestationConveyancePreference string
AttestationConveyancePreference enum - https://w3c.github.io/webauthn/#enumdef-attestationconveyancepreference
type AuthenticatorData ¶
type AuthenticatorData struct {
// contains filtered or unexported fields
}
AuthenticatorData TODO
func ParseAuthData ¶
func ParseAuthData(authData []byte) AuthenticatorData
ParseAuthData takes the attestation auth data and gives back a what is needed to parse it https://w3c.github.io/webauthn/#sec-authenticator-data
type AuthenticatorDataFlags ¶
type AuthenticatorDataFlags struct {
// contains filtered or unexported fields
}
AuthenticatorDataFlags TODO
type Base64EncodedString ¶
type Base64EncodedString string
Base64EncodedString should be a string that can be decoded from Base64
type CollectedClientData ¶
type CollectedClientData struct {
Type string `json:"type"`
Challenge string `json:"challenge"`
Origin string `json:"origin"`
TokenBinding TokenBinding `json:"tokenBinding"`
}
CollectedClientData represents the contextual bindings of both the WebAuthn Relying Party and the client platform https://w3c.github.io/webauthn/#dictdef-collectedclientdata
func DecodeClientData ¶
func DecodeClientData(s Base64EncodedString) (CollectedClientData, error)
DecodeClientData decode client data from base64
type Parameters ¶
type Parameters struct {
// https://w3c.github.io/webauthn/#enumdef-publickeycredentialtype
Type PublicKeyCredentialType `json:"type"`
//https://w3c.github.io/webauthn/#typedefdef-cosealgorithmidentifier
Alg int `json:"alg"`
}
Parameters TODO
type PublicKeyCredential ¶
type PublicKeyCredential struct {
ID string `json:"id"`
RawID Base64EncodedString `json:"rawId"`
Response PublicKeyCredentialResponse `json:"response"`
Type string `json:"type"`
}
PublicKeyCredential - https://w3c.github.io/webauthn/#publickeycredential
type PublicKeyCredentialOptions ¶
type PublicKeyCredentialOptions struct {
RP RpEntity `json:"rp"`
User UserEntity `json:"user"`
PubKeyCredParams []Parameters `json:"pubKeyCredParams"`
Timeout uint `json:"timeout"`
// Exclude Credentials
// authenticatorSelection - https://w3c.github.io/webauthn/#dictdef-authenticatorselectioncriteria
Attestation AttestationConveyancePreference `json:"attestation"`
// This will need to be changed to an ArrayBuffer in JavaScript
Challenge []byte `json:"challenge"`
}
PublicKeyCredentialOptions credentails needed for https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions
type PublicKeyCredentialResponse ¶
type PublicKeyCredentialResponse struct {
// Used in registration
ClientDataJSON Base64EncodedString `json:"clientDataJSON"`
AttestationObject Base64EncodedString `json:"attestationObject"`
// Used in authentication
AuthenticatorData Base64EncodedString `json:"authenticatorData"`
Signature Base64EncodedString `json:"signature"`
UserHandle Base64EncodedString `json:"userHandle"`
}
PublicKeyCredentialResponse from the response of a navigator.credentials.create/navigator.credentials.get;
type PublicKeyCredentialType ¶
type PublicKeyCredentialType string
PublicKeyCredentialType emun - https://w3c.github.io/webauthn/#enumdef-publickeycredentialtype
type RegistrationParts ¶
type RegistrationParts struct {
PublicKey PublicKeyCredentialOptions `json:"publicKey"`
}
RegistrationParts is the object sent back to the Javascript
type RpEntity ¶
type RpEntity struct {
// The ID is the hosts domain name - https://w3c.github.io/webauthn/#relying-party-identifier
ID string `json:"id,omitempty"` // In Spec, but not required in chrome
Name string `json:"name"` // Not in spec, but required in chrome
}
RpEntity is the Relying Party entity https://w3c.github.io/webauthn/#dictdef-publickeycredentialrpentity
type TokenBinding ¶
type TokenBinding struct {
ID string `json:"id"`
Status TokenBindingStatus `json:"status"`
}
TokenBinding is an OPTIONAL member that contains information about the state of the Token Binding protocol used when communicating with the Relying Party. Its absence indicates that the client doesn’t support token binding. https://w3c.github.io/webauthn/#dictdef-tokenbinding
type TokenBindingStatus ¶
type TokenBindingStatus string
TokenBindingStatus is an enum for TokenBindingStatus values
const ( StatusPresent TokenBindingStatus = "present" StatusSupported TokenBindingStatus = "supported" )
Enum values of TokenBindingStatus
type UserEntity ¶
type UserEntity struct {
ID []byte `json:"id"` // In Spec, but not required in chrome
Name string `json:"name"` // Not in spec, but required in chrome
DisplayName string `json:"displayName"` // Not in spec, but required in chrome
}
UserEntity TODO
Source Files