Options
All
  • Public
  • Public/Protected
  • All
Menu

Module @simplewebauthn/server

Index

Type Aliases

GenerateAuthenticationOptionsOpts: { allowCredentials?: PublicKeyCredentialDescriptorFuture[]; challenge?: string | Buffer; extensions?: AuthenticationExtensionsClientInputs; rpID?: string; timeout?: number; userVerification?: UserVerificationRequirement }

Type declaration

GenerateRegistrationOptionsOpts: { attestationType?: AttestationConveyancePreference; authenticatorSelection?: AuthenticatorSelectionCriteria; challenge?: string | Buffer; excludeCredentials?: PublicKeyCredentialDescriptorFuture[]; extensions?: AuthenticationExtensionsClientInputs; rpID: string; rpName: string; supportedAlgorithmIDs?: COSEAlgorithmIdentifier[]; timeout?: number; userDisplayName?: string; userID: string; userName: string }

Type declaration

MetadataStatement: { aaguid?: string; aaid?: string; alternativeDescriptions?: AlternativeDescriptions; attachmentHint?: AttachmentHint[]; attestationCertificateKeyIdentifiers?: string[]; attestationRootCertificates: string[]; attestationTypes: Attestation[]; authenticationAlgorithms: <internal>.AlgSign[]; authenticatorGetInfo?: AuthenticatorGetInfo; authenticatorVersion: number; cryptoStrength?: number; description: string; ecdaaTrustAnchors?: EcdaaTrustAnchor[]; icon?: string; isFreshUserVerificationRequired?: boolean; isKeyRestricted?: boolean; keyProtection: KeyProtection[]; legalHeader?: string; matcherProtection: MatcherProtection[]; protocolFamily: string; publicKeyAlgAndEncodings: AlgKey[]; schema: number; supportedExtensions?: ExtensionDescriptor[]; tcDisplay: TransactionConfirmationDisplay[]; tcDisplayContentType?: string; tcDisplayPNGCharacteristics?: DisplayPNGCharacteristicsDescriptor[]; upv: Version[]; userVerificationDetails: VerificationMethodANDCombinations[] }

Type declaration

VerifiedAuthenticationResponse: { authenticationInfo: { authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; newCounter: number; userVerified: boolean }; verified: boolean }

Result of authentication verification

param verified

If the authentication response could be verified

param authenticationInfo.credentialID

The ID of the authenticator used during authentication. Should be used to identify which DB authenticator entry needs its counter updated to the value below

param authenticationInfo.newCounter

The number of times the authenticator identified above reported it has been used. Should be kept in a DB for later reference to help prevent replay attacks!

param authenticationInfo.credentialDeviceType

Whether this is a single-device or multi-device credential. Should be kept in a DB for later reference!

param authenticationInfo.credentialBackedUp

Whether or not the multi-device credential has been backed up. Always false for single-device credentials. Should be kept in a DB for later reference!

param authenticationInfo?.authenticatorExtensionResults

The authenticator extensions returned by the browser

Type declaration

VerifiedRegistrationResponse: { registrationInfo?: { aaguid: string; attestationObject: Buffer; authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; counter: number; credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; credentialPublicKey: Buffer; credentialType: "public-key"; fmt: AttestationFormat; userVerified: boolean }; verified: boolean }

Result of registration verification

param verified

If the assertion response could be verified

param registrationInfo.fmt

Type of attestation

param registrationInfo.counter

The number of times the authenticator reported it has been used. Should be kept in a DB for later reference to help prevent replay attacks!

param registrationInfo.aaguid

Authenticator's Attestation GUID indicating the type of the authenticator

param registrationInfo.credentialPublicKey

The credential's public key

param registrationInfo.credentialID

The credential's credential ID for the public key above

param registrationInfo.credentialType

The type of the credential returned by the browser

param registrationInfo.userVerified

Whether the user was uniquely identified during attestation

param registrationInfo.attestationObject

The raw response.attestationObject Buffer returned by the authenticator

param registrationInfo.credentialDeviceType

Whether this is a single-device or multi-device credential. Should be kept in a DB for later reference!

param registrationInfo.credentialBackedUp

Whether or not the multi-device credential has been backed up. Always false for single-device credentials. Should be kept in a DB for later reference!

param registrationInfo?.authenticatorExtensionResults

The authenticator extensions returned by the browser

Type declaration

VerifyAuthenticationResponseOpts: { advancedFIDOConfig?: { userVerification?: UserVerificationRequirement }; authenticator: AuthenticatorDevice; credential: AuthenticationCredentialJSON; expectedChallenge: string | ((challenge: string) => boolean); expectedOrigin: string | string[]; expectedRPID: string | string[]; requireUserVerification?: boolean }

Type declaration

VerifyRegistrationResponseOpts: { credential: RegistrationCredentialJSON; expectedChallenge: string | ((challenge: string) => boolean); expectedOrigin: string | string[]; expectedRPID?: string | string[]; requireUserVerification?: boolean; supportedAlgorithmIDs?: COSEAlgorithmIdentifier[] }

Type declaration

  • credential: RegistrationCredentialJSON
  • expectedChallenge: string | ((challenge: string) => boolean)
  • expectedOrigin: string | string[]
  • Optional expectedRPID?: string | string[]
  • Optional requireUserVerification?: boolean
  • Optional supportedAlgorithmIDs?: COSEAlgorithmIdentifier[]

Variables

MetadataService: BaseMetadataService = ...
SettingsService: BaseSettingsService = ...

Functions

Generated using TypeDoc