WIP Create and and get FIDO U2F credentials
$ npm install fido2-u2f-credentials
const credentials = require('fido2-u2f-credentials')
const attestationResponse = await credentials.create({
rp: {
id: window.location.hostname,
name: window.location.hostname,
},
user: {
id: Buffer.from('alice@bob.com'),
name: 'alice@bob.com',
displayName: 'Alice'
},
pubKeyCredParams: [{
type: 'public-key',
alg: credentials.constants.ES256
}]
})
const credentials = require('fido2-u2f-credentials')
const assertionResponse = await credentials.get({
allowCredentials: [{
id: response.id,
// providing the raw public key buffer
// allows for client side verification
publicKey: response.publicKey
}]
})
- Tests
- Implement WebAuthn credentials interface using hid
Creates a new FIDO U2F credential attestation where opts
is everything
defined for the PublicKeyCredentialCreationOptions
interface
and opts.crypto
is an optional object containing
{
// hash buffer based on COSE algorithm type
hash(algorithm, buffer),
// verify data with signature and public key based on COSE algorithm type
verify(algorithm, signature, data, publicKey)
}
Creates a new FIDO U2F credential assertion where opts
is everything
defined for the
PublicKeyCredentialRequestOptions
interface
and opts.crypto
is an optional object containing
{
// hash buffer based on COSE algorithm type
hash(algorithm, buffer),
// verify data with signature and public key based on COSE algorithm type
verify(algorithm, signature, data, publicKey)
}
The internal attestation request class passed to
navigator.credentials.create(request)
.
The attestation response class that wraps the
PublicKeyCredential
returned from navigator.credentials.create(request)
.
A pointer back to the credentials.attestation.Request
object that
initiated the request.
A boolean
that indicates the response verified the signature from the
attestation.
The COSE algorithm type constant.
The PublicKeyCredential
returned from navigator.credentials.create()
.
The decoded CBOR attestation object from the response
PublicKeyCredential
.
The attestation response signature buffer. If the attestation is
'none'
then this will be null
.
The attestation response certificate buffer. If the attestation is
'none'
then this will be null
.
The attestation response certificate in PEM format. If the attestation is
'none'
then this will be null
.
The attestation response format.
The parsed attestation authentication data from the
PublicKeyCredential
response.
The PKCS representation of the COSE public key in the PublicKeyCredential
response. This should be saved somewhere should you need assertions to be
verified on the client or off device.
The parsed clientDataJSON
from the PublicKeyCredential
response.
The credential ID. This must be saved somewhere to reference the
PublicKeyCredential
on the device.
The internal assertion request class passed to
navigator.credentials.get(request)
.
The assertion response class that wraps the
PublicKeyCredential
returned from navigator.credentials.get(request)
.
The PublicKeyCredential
returned from navigator.credentials.get()
.
The parsed clientDataJSON
from the PublicKeyCredential
response.
The credential ID. This must be saved somewhere to reference the
PublicKeyCredential
on the device.
The assertion response signature buffer.
A pointer back to the credentials.assertion.Request
object that
initiated the request.
A boolean
that indicates the response verified the signature from the
assertion on the client.
The COSE algorithm type constant.
The parsed assertion authentication data from the
PublicKeyCredential
response.
MIT