webauthntypes

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Overview

Package webauthntypes provides WebAuthn types and conversions for both client-side and server-side implementations.

Many of the types found in the package are replicas of go-webauthn/webauthn types, "frozen" as to avoid changes in their JSON representation.

Index

Constants

View Source 
const AppIDExtension = "appid"

AppIDExtension is the key for the appid extension. https://www.w3.org/TR/webauthn-2/#sctn-appid-extension.

Variables

This section is empty.

Functions

func CredentialAssertionResponseToProto 

func CredentialAssertionResponseToProto(car *CredentialAssertionResponse) *wanpb.CredentialAssertionResponse

CredentialAssertionResponseToProto converts a CredentialAssertionResponse to its proto counterpart.

func CredentialAssertionToProto 

func CredentialAssertionToProto(assertion *CredentialAssertion) *wanpb.CredentialAssertion

CredentialAssertionToProto converts a CredentialAssertion to its proto counterpart.

func CredentialCreationResponseToProto 

func CredentialCreationResponseToProto(ccr *CredentialCreationResponse) *wanpb.CredentialCreationResponse

CredentialCreationResponseToProto converts a CredentialCreationResponse to its proto counterpart.

func CredentialCreationToProto 

func CredentialCreationToProto(cc *CredentialCreation) *wanpb.CredentialCreation

CredentialCreationToProto converts a CredentialCreation to its proto counterpart.

func SessionDataToProtocol 

func SessionDataToProtocol(sd *SessionData) *webauthn.SessionData

SessionDataFromProtocol converts an internal SessionData struct to a webauthn.SessionData struct.

Types

type AuthenticationExtensions 

type AuthenticationExtensions = protocol.AuthenticationExtensions

AuthenticationExtensions is a clone of protocol.AuthenticationExtensions, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticationExtensionsClientOutputs 

type AuthenticationExtensionsClientOutputs struct {
	AppID bool `json:"appid,omitempty"`
}

AuthenticationExtensionsClientOutputs is a clone of protocol.AuthenticationExtensionsClientOutputs, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorAssertionResponse 

type AuthenticatorAssertionResponse struct {
	AuthenticatorResponse
	AuthenticatorData protocol.URLEncodedBase64 `json:"authenticatorData"`
	Signature         protocol.URLEncodedBase64 `json:"signature"`
	UserHandle        protocol.URLEncodedBase64 `json:"userHandle,omitempty"`
}

AuthenticatorAssertionResponse is a clone of protocol.AuthenticatorAssertionResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorAttestationResponse 

type AuthenticatorAttestationResponse struct {
	AuthenticatorResponse
	AttestationObject protocol.URLEncodedBase64 `json:"attestationObject"`
}

AuthenticatorAttestationResponse is a clone of protocol.AuthenticatorAttestationResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorResponse 

type AuthenticatorResponse protocol.AuthenticatorResponse

AuthenticatorResponse is a clone of protocol.AuthenticatorResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorSelection 

type AuthenticatorSelection struct {
	AuthenticatorAttachment protocol.AuthenticatorAttachment     `json:"authenticatorAttachment,omitempty"`
	RequireResidentKey      *bool                                `json:"requireResidentKey,omitempty"`
	ResidentKey             protocol.ResidentKeyRequirement      `json:"residentKey,omitempty"`
	UserVerification        protocol.UserVerificationRequirement `json:"userVerification,omitempty"`
}

AuthenticatorSelection is a clone of protocol.AuthenticatorSelection, materialized here to keep a stable JSON marshal/unmarshal representation.

type Challenge 

type Challenge []byte

Challenge represents a WebAuthn challenge. It is used instead of protocol.URLEncodedBase64 so its JSON marshal/unmarshal representation won't change in relation to older Teleport versions.

func CreateChallenge 

func CreateChallenge() (Challenge, error)

func (Challenge) String 

func (c Challenge) String() string

type Credential 

type Credential protocol.Credential

Credential is a clone of protocol.Credential, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialAssertion 

type CredentialAssertion struct {
	Response PublicKeyCredentialRequestOptions `json:"publicKey"`
}

CredentialAssertion is the payload sent to authenticators to initiate login.

func CredentialAssertionFromProto 

func CredentialAssertionFromProto(assertion *wanpb.CredentialAssertion) *CredentialAssertion

CredentialAssertionFromProto converts a CredentialAssertion proto to its lib counterpart.

func CredentialAssertionFromProtocol 

func CredentialAssertionFromProtocol(a *protocol.CredentialAssertion) *CredentialAssertion

CredentialAssertionFromProtocol converts a protocol.CredentialAssertion to a CredentialAssertion.

func (*CredentialAssertion) Validate 

func (ca *CredentialAssertion) Validate() error

Validate performs client-side validation of CredentialAssertion. It makes sure that data are valid and can be sent to authenticator. This is general purpose validation and authenticator should add its own on top of it, if necessary.

type CredentialAssertionResponse 

type CredentialAssertionResponse struct {
	PublicKeyCredential
	AssertionResponse AuthenticatorAssertionResponse `json:"response"`
}

CredentialAssertionResponse is the reply from authenticators to complete login.

func CredentialAssertionResponseFromProto 

func CredentialAssertionResponseFromProto(car *wanpb.CredentialAssertionResponse) *CredentialAssertionResponse

CredentialAssertionResponseFromProto converts a CredentialAssertionResponse proto to its lib counterpart.

type CredentialCreation 

type CredentialCreation struct {
	Response PublicKeyCredentialCreationOptions `json:"publicKey"`
}

CredentialCreation is the payload sent to authenticators to initiate registration.

func CredentialCreationFromProto 

func CredentialCreationFromProto(cc *wanpb.CredentialCreation) *CredentialCreation

CredentialCreationFromProto converts a CredentialCreation proto to its lib counterpart.

func CredentialCreationFromProtocol 

func CredentialCreationFromProtocol(cc *protocol.CredentialCreation) *CredentialCreation

CredentialCreationFromProtocol converts a protocol.CredentialCreation to a CredentialCreation.

func (*CredentialCreation) RequireResidentKey 

func (cc *CredentialCreation) RequireResidentKey() (bool, error)

RequireResidentKey returns information whether resident key is required or not. It checks ResidentKey and fallbacks to RequireResidentKey.

func (*CredentialCreation) Validate 

func (cc *CredentialCreation) Validate() error

Validate performs client-side validation of CredentialCreation. It makes sure that data are valid and can be sent to authenticator. This is general purpose validation and authenticator should add its own on top of it, if necessary.

type CredentialCreationResponse 

type CredentialCreationResponse struct {
	PublicKeyCredential
	AttestationResponse AuthenticatorAttestationResponse `json:"response"`
}

CredentialCreationResponse is the reply from authenticators to complete registration.

func CredentialCreationResponseFromProto 

func CredentialCreationResponseFromProto(ccr *wanpb.CredentialCreationResponse) *CredentialCreationResponse

CredentialCreationResponseFromProto converts a CredentialCreationResponse proto to its lib counterpart.

type CredentialDescriptor 

type CredentialDescriptor struct {
	Type            protocol.CredentialType           `json:"type"`
	CredentialID    []byte                            `json:"id"`
	Transport       []protocol.AuthenticatorTransport `json:"transports,omitempty"`
	AttestationType string                            `json:"-"`
}

CredentialDescriptor is a clone of protocol.CredentialDescriptor, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialEntity 

type CredentialEntity = protocol.CredentialEntity

CredentialEntity is a clone of protocol.CredentialEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialParameter 

type CredentialParameter struct {
	Type      protocol.CredentialType              `json:"type"`
	Algorithm webauthncose.COSEAlgorithmIdentifier `json:"alg"`
}

CredentialParameter is a clone of protocol.CredentialParameter, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredential 

type PublicKeyCredential struct {
	Credential
	RawID      protocol.URLEncodedBase64              `json:"rawId"`
	Extensions *AuthenticationExtensionsClientOutputs `json:"extensions,omitempty"`
}

PublicKeyCredential is a clone of protocol.PublicKeyCredential, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredentialCreationOptions 

type PublicKeyCredentialCreationOptions struct {
	Challenge              Challenge                     `json:"challenge"`
	RelyingParty           RelyingPartyEntity            `json:"rp"`
	User                   UserEntity                    `json:"user"`
	Parameters             []CredentialParameter         `json:"pubKeyCredParams,omitempty"`
	AuthenticatorSelection AuthenticatorSelection        `json:"authenticatorSelection,omitempty"`
	Timeout                int                           `json:"timeout,omitempty"`
	CredentialExcludeList  []CredentialDescriptor        `json:"excludeCredentials,omitempty"`
	Extensions             AuthenticationExtensions      `json:"extensions,omitempty"`
	Attestation            protocol.ConveyancePreference `json:"attestation,omitempty"`
}

PublicKeyCredentialCreationOptions is a clone of protocol.PublicKeyCredentialCreationOptions, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredentialRequestOptions 

type PublicKeyCredentialRequestOptions struct {
	Challenge          Challenge                            `json:"challenge"`
	Timeout            int                                  `json:"timeout,omitempty"`
	RelyingPartyID     string                               `json:"rpId,omitempty"`
	AllowedCredentials []CredentialDescriptor               `json:"allowCredentials,omitempty"`
	UserVerification   protocol.UserVerificationRequirement `json:"userVerification,omitempty"` // Default is "preferred"
	Extensions         AuthenticationExtensions             `json:"extensions,omitempty"`
}

PublicKeyCredentialRequestOptions is a clone of protocol.PublicKeyCredentialRequestOptions, materialized here to keep a stable JSON marshal/unmarshal representation.

func (*PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs 

func (a *PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs() [][]byte

type RelyingPartyEntity 

type RelyingPartyEntity struct {
	CredentialEntity
	ID string `json:"id"`
}

RelyingPartyEntity is a clone of protocol.RelyingPartyEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

type SessionData 

type SessionData struct {
	// Raw challenge used for the ceremony.
	Challenge []byte `json:"challenge,omitempty"`
	// Raw User ID.
	UserId []byte `json:"userId,omitempty"`
	// Raw Credential IDs of the credentials allowed for the ceremony.
	AllowCredentials [][]byte `json:"allowCredentials,omitempty"`
	// True if resident keys were required by the server / Relying Party.
	ResidentKey bool `json:"residentKey,omitempty"`
	// Requested user verification requirement, either "discouraged" or
	// "required".
	// An empty value is treated equivalently to "discouraged".
	UserVerification string `json:"userVerification,omitempty"`
	// ChallengeExtensions are Teleport extensions that apply to this webauthn session.
	ChallengeExtensions *mfav1.ChallengeExtensions `json:"challenge_extensions,omitempty"`
}

SessionData is a clone of webauthn.SessionData, materialized here to keep a stable JSON marshal/unmarshal representation and add extensions.

TODO(codingllama): Record extensions in stored session data.

func SessionDataFromProtocol 

func SessionDataFromProtocol(sd *webauthn.SessionData) (*SessionData, error)

SessionDataFromProtocol converts a webauthn.SessionData struct to an internal SessionData struct.

type UserEntity 

type UserEntity struct {
	CredentialEntity
	DisplayName string `json:"displayName,omitempty"`
	ID          []byte `json:"id"`
}

UserEntity is a clone of protocol.UserEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.