Documentation
¶
Overview ¶
Package passkeys implements the server side of WebAuthn.
Index ¶
- type AssertionOptions
- type AttestationOptions
- type Bytes
- type Config
- type CredentialID
- type EventRecorder
- type FakeAuthenticator
- func (a *FakeAuthenticator) Create(options *AttestationOptions) (clientDataJSON, attestationObject []byte, err error)
- func (a *FakeAuthenticator) Get(options *AssertionOptions) (id []byte, clientDataJSON, authData, signature, userHandle []byte, err error)
- func (a *FakeAuthenticator) RotateKeys() error
- func (a *FakeAuthenticator) SetOrigin(orig string)
- type Manager
- func (m *Manager) HandleCallback(w http.ResponseWriter, req *http.Request)
- func (m *Manager) ManageKeys(w http.ResponseWriter, req *http.Request)
- func (m *Manager) RequestLogin(w http.ResponseWriter, req *http.Request, origURL string)
- func (m *Manager) ServeWellKnown(w http.ResponseWriter, req *http.Request)
- func (m *Manager) SetACL(acl *[]string)
- type PubKeyCredParam
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AssertionOptions ¶
type AssertionOptions struct {
// The cryptographic challenge is 32 random bytes.
Challenge Bytes `json:"challenge"`
// Timeout in milliseconds.
Timeout int `json:"timeout,omitempty"`
// A list of credentials already registered for this user.
AllowCredentials []CredentialID `json:"allowCredentials"`
// UserVerification: required, preferred, discouraged
UserVerification string `json:"userVerification"`
}
AssertionOptions encapsulates the options to navigator.credentials.get().
type AttestationOptions ¶
type AttestationOptions struct {
// The cryptographic challenge is 32 random bytes.
Challenge Bytes `json:"challenge"`
// The name of the relying party. The ID is optional.
RelyingParty struct {
Name string `json:"name"`
ID string `json:"id,omitempty"`
} `json:"rp"`
// The user information.
User struct {
ID Bytes `json:"id"`
Name string `json:"name"`
DisplayName string `json:"displayName"`
} `json:"user"`
// The acceptable public key params.
PubKeyCredParams []PubKeyCredParam `json:"pubKeyCredParams,omitempty"`
// Timeout in milliseconds.
Timeout int `json:"timeout,omitempty"`
// A list of credentials already registered for this user.
ExcludeCredentials []CredentialID `json:"excludeCredentials,omitempty"`
// The type of attestation
Attestation string `json:"attestation,omitempty"`
// Authticator selection parameters.
AuthenticatorSelection struct {
// required, preferred, or discouraged
UserVerification string `json:"userVerification"`
// Whether we want discoverable credentials.
RequireResidentKey bool `json:"requireResidentKey"`
} `json:"authenticatorSelection"`
// Extensions.
Extensions map[string]interface{} `json:"extensions,omitempty"`
}
AttestationOptions encapsulates the options to navigator.credentials.create().
type Config ¶
type Config struct {
Store *storage.Storage
Other interface {
RequestLogin(w http.ResponseWriter, req *http.Request, origURL string)
}
RefreshInterval time.Duration
Endpoint string
EventRecorder EventRecorder
CookieManager *cookiemanager.CookieManager
OtherCookieManager *cookiemanager.CookieManager
TokenManager *tokenmanager.TokenManager
ClaimsFromCtx func(context.Context) jwt.MapClaims
}
type CredentialID ¶
type CredentialID struct {
// The type of credentials. Always "public-key"
Type string `json:"type"`
// The credential ID.
ID Bytes `json:"id"`
// The available transports for this credential.
Transports []string `json:"transports,omitempty"`
}
CredentialID is a credential ID from an anthenticator.
type EventRecorder ¶
type EventRecorder interface {
Record(string)
}
EventRecorder is used to record events.
type FakeAuthenticator ¶
type FakeAuthenticator struct {
// contains filtered or unexported fields
}
FakeAuthenticator mimics the behavior of a WebAuthn authenticator for testing.
func NewFakeAuthenticator ¶
func NewFakeAuthenticator() (*FakeAuthenticator, error)
NewFakeAuthenticator returns a new FakeAuthenticator for testing.
func (*FakeAuthenticator) Create ¶
func (a *FakeAuthenticator) Create(options *AttestationOptions) (clientDataJSON, attestationObject []byte, err error)
Create mimics the behavior of the WebAuthn create call.
func (*FakeAuthenticator) Get ¶
func (a *FakeAuthenticator) Get(options *AssertionOptions) (id []byte, clientDataJSON, authData, signature, userHandle []byte, err error)
Get mimics the behavior of the WebAuthn create call.
func (*FakeAuthenticator) RotateKeys ¶
func (a *FakeAuthenticator) RotateKeys() error
func (*FakeAuthenticator) SetOrigin ¶
func (a *FakeAuthenticator) SetOrigin(orig string)
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func (*Manager) HandleCallback ¶
func (m *Manager) HandleCallback(w http.ResponseWriter, req *http.Request)
func (*Manager) ManageKeys ¶
func (m *Manager) ManageKeys(w http.ResponseWriter, req *http.Request)
func (*Manager) RequestLogin ¶
func (*Manager) ServeWellKnown ¶ added in v0.0.32
func (m *Manager) ServeWellKnown(w http.ResponseWriter, req *http.Request)
ServeWellKnown serves a list of passkey endpoints. https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md#proposed-solution
type PubKeyCredParam ¶
type PubKeyCredParam struct {
// The type of credentials. Always "public-key"
Type string `json:"type"`
// The encryption algorythm: -7 for ES256, -257 for RS256.
Alg int `json:"alg"`
}
PubKeyCredParam: Public key credential parameters.
Source Files
Click to show internal directories.
Click to hide internal directories.