Documentation ¶
Index ¶
- type AllowedCredential
- type AuthenticationChallenge
- type AuthenticationResponse
- type AuthenticationResult
- type AuthenticatorAssertionResponse
- type AuthenticatorAttestationResponse
- type Credential
- type CredentialMeta
- type Credentials
- type Options
- type RegistrationChallenge
- type RegistrationResponse
- type RegistrationResult
- type RelyingParty
- type Tokener
- type User
- type WebAuthn
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowedCredential ¶
AllowedCredential is a credential that is allowed to be used for authentication.
type AuthenticationChallenge ¶
type AuthenticationChallenge struct { Token string `json:"token"` Challenge string `json:"challenge"` RPID string `json:"rpId"` AllowCredentials []AllowedCredential `json:"allowCredentials"` }
AuthenticationChallenge is the challenge that is sent to the client to initiate an authentication ceremony.
type AuthenticationResponse ¶
type AuthenticationResponse struct { Token string `json:"token"` Challenge string `json:"challenge"` CredentialID string `json:"credentialId"` Response AuthenticatorAssertionResponse `json:"response"` }
AuthenticationResponse is the response sent back by the client after an authentication ceremony.
type AuthenticationResult ¶
type AuthenticationResult struct {
Credential Credential
}
AuthenticationResult contains the results of verifying the authentication response.
type AuthenticatorAssertionResponse ¶
type AuthenticatorAssertionResponse struct { AuthenticatorData string `json:"authenticatorData"` ClientDataJSON string `json:"clientDataJSON"` Signature string `json:"signature"` UserHandle *string `json:"userHandle"` }
AuthenticatorAssertionResponse is the internal response value send by the client in response to an authentication ceremony.
func (*AuthenticatorAssertionResponse) Decode ¶
func (a *AuthenticatorAssertionResponse) Decode(c codec.Codec) (*spec.AuthenticatorAssertionResponse, error)
type AuthenticatorAttestationResponse ¶
type AuthenticatorAttestationResponse struct { ClientDataJSON string `json:"clientDataJSON"` AttestationObject string `json:"attestationObject"` }
AuthenticatorAttestationResponse is the internal response value send by the client in response to a registration ceremony.
func (*AuthenticatorAttestationResponse) Decode ¶
func (a *AuthenticatorAttestationResponse) Decode(c codec.Codec) (*spec.AuthenticatorAttestationResponse, error)
type Credential ¶
type Credential struct { // ID is the `rawId` of the credential, as defined in the WebAuthn spec. ID []byte // Type is the `type` of the credential, as defined in the WebAuthn spec. Always "public-key". Type string // PublicKey is the `publicKey` of the credential, as defined in the WebAuthn spec. PublicKey []byte // PublicKeyAlg is the `publicKeyAlg` of the credential, as defined in the WebAuthn spec. // See `PublicKeyType` for supported values. PublicKeyAlg int }
Credential represents a registered credential.
type CredentialMeta ¶ added in v1.0.1
type CredentialMeta struct { // Authenticator is the model of the authenticator used to create this credential. May be nil. Authenticator *authenticators.Authenticator }
CredentialMeta contains metadata about a credential. Storing this information is not needed for the authentication flow, but may be useful for other purposes.
type Credentials ¶
type Credentials interface { GetCredentials(ctx context.Context, user User) ([]Credential, error) GetCredential(ctx context.Context, user User, credentialID []byte) (*Credential, error) StoreCredential(ctx context.Context, user User, credential Credential, meta CredentialMeta) error }
Credentials defines the interface for storing registered credentials.
type Options ¶
type Options struct { RP RelyingParty Codec codec.Codec PublicKeyTypes []pubkey.KeyType Credentials Credentials Tokener Tokener ChallengeFunc func() (challenge.Challenge, error) }
type RegistrationChallenge ¶
type RegistrationChallenge struct { Token string `json:"token"` Challenge string `json:"challenge"` RP RelyingParty `json:"rp"` User User `json:"user"` PubKeyCredParams []spec.PubKeyCredParam `json:"pubKeyCredParams"` }
RegistrationChallenge is the challenge that is sent to the client to initiate a registration ceremony.
type RegistrationResponse ¶
type RegistrationResponse struct { Token string `json:"token"` Challenge string `json:"challenge"` CredentialID string `json:"credentialId"` Response AuthenticatorAttestationResponse `json:"response"` }
RegistrationResponse is the response sent back by the client after a registration ceremony.
type RegistrationResult ¶
type RegistrationResult struct { Credential Credential Meta CredentialMeta }
RegistrationResult contains the results of verifying the registration respose.
type RelyingParty ¶
RelyingParty is the ID and name or the relying party.
type Tokener ¶ added in v1.1.0
type Tokener interface { CreateToken(challenge challenge.Challenge, user User) (string, error) VerifyToken(token string, challenge challenge.Challenge, user User) error }
Tokener defines the interface for creating tokens to ensure the authenticity of registration and authentication responses from users.
func NewJwtTokener ¶ added in v1.1.0
func NewJwtTokener(signer jwt.Signer, verifier jwt.Verifier) Tokener
NewJwtTokener creates a new tokener that issues JWT tokens.
type User ¶
type User struct { ID string `json:"id"` Name string `json:"name"` DisplayName string `json:"displayName"` }
User contains the details of a user to be registered or authenticated. Conforms to the WebAuthn spec.
type WebAuthn ¶
type WebAuthn interface { CreateRegistration(ctx context.Context, user User) (*RegistrationChallenge, error) VerifyRegistration(ctx context.Context, user User, res *RegistrationResponse) (*RegistrationResult, error) CreateAuthentication(ctx context.Context, user User) (*AuthenticationChallenge, error) VerifyAuthentication(ctx context.Context, user User, res *AuthenticationResponse) (*AuthenticationResult, error) }