Options
All
  • Public
  • Public/Protected
  • All
Menu

Module @simplewebauthn/server

Index

Namespaces

Type aliases

Variables

Functions

Type aliases

GenerateAuthenticationOptionsOpts

GenerateAuthenticationOptionsOpts: { allowCredentials?: PublicKeyCredentialDescriptorFuture[]; challenge?: string | Buffer; extensions?: AuthenticationExtensionsClientInputs; rpID?: string; timeout?: number; userVerification?: UserVerificationRequirement }

Type declaration

GenerateRegistrationOptionsOpts

GenerateRegistrationOptionsOpts: { attestationType?: AttestationConveyancePreference; authenticatorSelection?: AuthenticatorSelectionCriteria; challenge?: string | Buffer; excludeCredentials?: PublicKeyCredentialDescriptorFuture[]; extensions?: AuthenticationExtensionsClientInputs; rpID: string; rpName: string; supportedAlgorithmIDs?: COSEAlgorithmIdentifier[]; timeout?: number; userDisplayName?: string; userID: string; userName: string }

Type declaration

MetadataStatement

MetadataStatement: { aaguid?: string; aaid?: string; alternativeDescriptions?: AlternativeDescriptions; attachmentHint?: AttachmentHint[]; attestationCertificateKeyIdentifiers?: string[]; attestationRootCertificates: string[]; attestationTypes: Attestation[]; authenticationAlgorithms: AlgSign[]; authenticatorGetInfo?: AuthenticatorGetInfo; authenticatorVersion: number; cryptoStrength?: number; description: string; ecdaaTrustAnchors?: EcdaaTrustAnchor[]; icon?: string; isFreshUserVerificationRequired?: boolean; isKeyRestricted?: boolean; keyProtection: KeyProtection[]; legalHeader?: string; matcherProtection: MatcherProtection[]; protocolFamily: string; publicKeyAlgAndEncodings: AlgKey[]; schema: number; supportedExtensions?: ExtensionDescriptor[]; tcDisplay: TransactionConfirmationDisplay[]; tcDisplayContentType?: string; tcDisplayPNGCharacteristics?: DisplayPNGCharacteristicsDescriptor[]; upv: Version[]; userVerificationDetails: VerificationMethodANDCombinations[] }

Type declaration

VerifiedAuthenticationResponse

VerifiedAuthenticationResponse: { authenticationInfo: { credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; newCounter: number }; verified: boolean }

Result of authentication verification

param verified

If the authentication response could be verified

param authenticationInfo.credentialID

The ID of the authenticator used during authentication. Should be used to identify which DB authenticator entry needs its counter updated to the value below

param authenticationInfo.newCounter

The number of times the authenticator identified above reported it has been used. Should be kept in a DB for later reference to help prevent replay attacks!

param authenticationInfo.credentialDeviceType

Whether this is a single-device or multi-device credential. Should be kept in a DB for later reference!

param authenticationInfo.credentialBackedUp

Whether or not the multi-device credential has been backed up. Always false for single-device credentials. Should be kept in a DB for later reference!

Type declaration

  • authenticationInfo: { credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; newCounter: number }
    • credentialBackedUp: boolean
    • credentialDeviceType: CredentialDeviceType
    • credentialID: Buffer
    • newCounter: number
  • verified: boolean

VerifiedRegistrationResponse

VerifiedRegistrationResponse: { registrationInfo?: { aaguid: string; attestationObject: Buffer; counter: number; credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; credentialPublicKey: Buffer; credentialType: "public-key"; fmt: AttestationFormat; userVerified: boolean }; verified: boolean }

Result of registration verification

param verified

If the assertion response could be verified

param registrationInfo.fmt

Type of attestation

param registrationInfo.counter

The number of times the authenticator reported it has been used. Should be kept in a DB for later reference to help prevent replay attacks!

param registrationInfo.aaguid

Authenticator's Attestation GUID indicating the type of the authenticator

param registrationInfo.credentialPublicKey

The credential's public key

param registrationInfo.credentialID

The credential's credential ID for the public key above

param registrationInfo.credentialType

The type of the credential returned by the browser

param registrationInfo.userVerified

Whether the user was uniquely identified during attestation

param registrationInfo.attestationObject

The raw response.attestationObject Buffer returned by the authenticator

param registrationInfo.credentialDeviceType

Whether this is a single-device or multi-device credential. Should be kept in a DB for later reference!

param registrationInfo.credentialBackedUp

Whether or not the multi-device credential has been backed up. Always false for single-device credentials. Should be kept in a DB for later reference!

Type declaration

  • Optional registrationInfo?: { aaguid: string; attestationObject: Buffer; counter: number; credentialBackedUp: boolean; credentialDeviceType: CredentialDeviceType; credentialID: Buffer; credentialPublicKey: Buffer; credentialType: "public-key"; fmt: AttestationFormat; userVerified: boolean }
    • aaguid: string
    • attestationObject: Buffer
    • counter: number
    • credentialBackedUp: boolean
    • credentialDeviceType: CredentialDeviceType
    • credentialID: Buffer
    • credentialPublicKey: Buffer
    • credentialType: "public-key"
    • fmt: AttestationFormat
    • userVerified: boolean
  • verified: boolean

VerifyAuthenticationResponseOpts

VerifyAuthenticationResponseOpts: { authenticator: AuthenticatorDevice; credential: AuthenticationCredentialJSON; expectedChallenge: string | ((challenge: string) => boolean); expectedOrigin: string | string[]; expectedRPID: string | string[]; requireUserVerification?: boolean }

Type declaration

  • authenticator: AuthenticatorDevice
  • credential: AuthenticationCredentialJSON
  • expectedChallenge: string | ((challenge: string) => boolean)
  • expectedOrigin: string | string[]
  • expectedRPID: string | string[]
  • Optional requireUserVerification?: boolean

VerifyRegistrationResponseOpts

VerifyRegistrationResponseOpts: { credential: RegistrationCredentialJSON; expectedChallenge: string | ((challenge: string) => boolean); expectedOrigin: string | string[]; expectedRPID?: string | string[]; requireUserVerification?: boolean; supportedAlgorithmIDs?: COSEAlgorithmIdentifier[] }

Type declaration

  • credential: RegistrationCredentialJSON
  • expectedChallenge: string | ((challenge: string) => boolean)
  • expectedOrigin: string | string[]
  • Optional expectedRPID?: string | string[]
  • Optional requireUserVerification?: boolean
  • Optional supportedAlgorithmIDs?: COSEAlgorithmIdentifier[]

Variables

Const MetadataService

MetadataService: BaseMetadataService = ...

Const SettingsService

SettingsService: <internal>.SettingsService = ...

Functions

generateAuthenticationOptions

generateRegistrationOptions

verifyAuthenticationResponse

verifyRegistrationResponse

Generated using TypeDoc