webauthn

package

v0.0.0-...-80b3b37 Latest Latest Go to latest Published: Feb 15, 2025 License: Apache-2.0, Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jrockway/monorepo

Documentation ¶

Overview ¶

Package webauthn implements webauthn.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoCredentials          = errors.New("no credentials; try enrolling an authenticator")
	ErrNotPublicKey           = errors.New("the authentication material is not of type 'public-key'")
	ErrNotAttestationResponse = errors.New("AuthenticatorResponse is not an AuthenticatorAttestationResponse")
	ErrNotAssertionResponse   = errors.New("AuthenticatorResponse is not an AuthenticatorAssertionResponse")
)

Functions ¶

This section is empty.

Types ¶

type ClientData ¶

type ClientData struct {
	Challenge   string `json:"challenge"`
	CrossOrigin bool   `json:"crossOrigin"`
	Origin      string `json:"origin"`
	Type        string `json:"type"`
}

type Config ¶

type Config struct {
	RelyingPartyID   string
	RelyingPartyName string
	Origin           string
}

func (*Config) BeginEnrollment ¶

func (c *Config) BeginEnrollment(session *types.Session, existingCreds []*types.Credential) (*webauthnpb.PublicKeyCredentialCreationOptions, error)

BeginEnrollment starts the enrollment process, returning a PublicKeyCredentialCreationOptions for the browser.

func (*Config) BeginLogin ¶

func (c *Config) BeginLogin(s *types.Session, creds []*types.Credential) (*jssopb.StartLoginReply, error)

BeginLogin fills out a StartLoginReply so that login can begin.

func (*Config) FinishEnrollment ¶

func (c *Config) FinishEnrollment(session *types.Session, req *jssopb.FinishEnrollmentRequest) (*types.Credential, error)

FinishEnrollment verifies the authenticator response generated by the client. Because we use a slightly different RPC format than Duo's webauthn library, we do the non-crypto things here, and delegate to that library to verify signations. The steps below are from: https://www.w3.org/TR/webauthn/#registering-a-new-credential

func (*Config) FinishLogin ¶

func (c *Config) FinishLogin(s *types.Session, creds []*types.Credential, req *jssopb.FinishLoginRequest) (*types.Credential, error)

FinishLogin validates a signature against of allowed credentials.

Source Files ¶

View all Source files

webauthn.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL