passkeys

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 4, 2024 License: MIT Imports: 34 Imported by: 0

Documentation

Overview

Package passkeys implements the server side of WebAuthn.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AssertionOptions

type AssertionOptions struct {
	// The cryptographic challenge is 32 random bytes.
	Challenge Bytes `json:"challenge"`
	// Timeout in milliseconds.
	Timeout int `json:"timeout,omitempty"`
	// A list of credentials already registered for this user.
	AllowCredentials []CredentialID `json:"allowCredentials"`
	// UserVerification: required, preferred, discouraged
	UserVerification string `json:"userVerification"`
}

AssertionOptions encapsulates the options to navigator.credentials.get().

type AttestationOptions

type AttestationOptions struct {
	// The cryptographic challenge is 32 random bytes.
	Challenge Bytes `json:"challenge"`
	// The name of the relying party. The ID is optional.
	RelyingParty struct {
		Name string `json:"name"`
		ID   string `json:"id,omitempty"`
	} `json:"rp"`
	// The user information.
	User struct {
		ID          Bytes  `json:"id"`
		Name        string `json:"name"`
		DisplayName string `json:"displayName"`
	} `json:"user"`
	// The acceptable public key params.
	PubKeyCredParams []PubKeyCredParam `json:"pubKeyCredParams,omitempty"`
	// Timeout in milliseconds.
	Timeout int `json:"timeout,omitempty"`
	// A list of credentials already registered for this user.
	ExcludeCredentials []CredentialID `json:"excludeCredentials,omitempty"`
	// The type of attestation
	Attestation string `json:"attestation,omitempty"`
	// Authticator selection parameters.
	AuthenticatorSelection struct {
		// required, preferred, or discouraged
		UserVerification string `json:"userVerification"`
		// Whether we want discoverable credentials.
		RequireResidentKey bool `json:"requireResidentKey"`
	} `json:"authenticatorSelection"`
	// Extensions.
	Extensions map[string]interface{} `json:"extensions,omitempty"`
}

AttestationOptions encapsulates the options to navigator.credentials.create().

type Bytes

type Bytes []byte

func (Bytes) MarshalJSON

func (b Bytes) MarshalJSON() ([]byte, error)

type Config

type Config struct {
	Store *storage.Storage
	Other interface {
		RequestLogin(w http.ResponseWriter, req *http.Request, origURL string)
	}
	RefreshInterval    time.Duration
	Endpoint           string
	EventRecorder      EventRecorder
	CookieManager      *cookiemanager.CookieManager
	OtherCookieManager *cookiemanager.CookieManager
	TokenManager       *tokenmanager.TokenManager
	ClaimsFromCtx      func(context.Context) jwt.MapClaims
}

type CredentialID

type CredentialID struct {
	// The type of credentials. Always "public-key"
	Type string `json:"type"`
	// The credential ID.
	ID Bytes `json:"id"`
	// The available transports for this credential.
	Transports []string `json:"transports,omitempty"`
}

CredentialID is a credential ID from an anthenticator.

type EventRecorder

type EventRecorder interface {
	Record(string)
}

EventRecorder is used to record events.

type FakeAuthenticator

type FakeAuthenticator struct {
	// contains filtered or unexported fields
}

FakeAuthenticator mimics the behavior of a WebAuthn authenticator for testing.

func NewFakeAuthenticator

func NewFakeAuthenticator() (*FakeAuthenticator, error)

NewFakeAuthenticator returns a new FakeAuthenticator for testing.

func (*FakeAuthenticator) Create

func (a *FakeAuthenticator) Create(options *AttestationOptions) (clientDataJSON, attestationObject []byte, err error)

Create mimics the behavior of the WebAuthn create call.

func (*FakeAuthenticator) Get

func (a *FakeAuthenticator) Get(options *AssertionOptions) (id []byte, clientDataJSON, authData, signature, userHandle []byte, err error)

Get mimics the behavior of the WebAuthn create call.

func (*FakeAuthenticator) RotateKeys

func (a *FakeAuthenticator) RotateKeys() error

func (*FakeAuthenticator) SetOrigin

func (a *FakeAuthenticator) SetOrigin(orig string)

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager

func NewManager(cfg Config) (*Manager, error)

func (*Manager) HandleCallback

func (m *Manager) HandleCallback(w http.ResponseWriter, req *http.Request)

func (*Manager) ManageKeys

func (m *Manager) ManageKeys(w http.ResponseWriter, req *http.Request)

func (*Manager) RequestLogin

func (m *Manager) RequestLogin(w http.ResponseWriter, req *http.Request, origURL string)

func (*Manager) ServeWellKnown added in v0.0.32

func (m *Manager) ServeWellKnown(w http.ResponseWriter, req *http.Request)

ServeWellKnown serves a list of passkey endpoints. https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md#proposed-solution

func (*Manager) SetACL

func (m *Manager) SetACL(acl *[]string)

type PubKeyCredParam

type PubKeyCredParam struct {
	// The type of credentials. Always "public-key"
	Type string `json:"type"`
	// The encryption algorythm: -7 for ES256, -257 for RS256.
	Alg int `json:"alg"`
}

PubKeyCredParam: Public key credential parameters.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL