WIP Create and and get FIDO U2F credentials
$ npm install fido2-u2f-credentialsconst credentials = require('fido2-u2f-credentials')
const attestationResponse = await credentials.create({
rp: {
id: window.location.hostname,
name: window.location.hostname,
},
user: {
id: Buffer.from('alice@bob.com'),
name: 'alice@bob.com',
displayName: 'Alice'
},
pubKeyCredParams: [{
type: 'public-key',
alg: credentials.constants.ES256
}]
})const credentials = require('fido2-u2f-credentials')
const assertionResponse = await credentials.get({
allowCredentials: [{
id: response.id,
// providing the raw public key buffer
// allows for client side verification
publicKey: response.publicKey
}]
})- Tests
- Implement WebAuthn credentials interface using hid
Creates a new FIDO U2F credential attestation where opts is everything
defined for the PublicKeyCredentialCreationOptions interface
and opts.crypto is an optional object containing
{
// hash buffer based on COSE algorithm type
hash(algorithm, buffer),
// verify data with signature and public key based on COSE algorithm type
verify(algorithm, signature, data, publicKey)
}Creates a new FIDO U2F credential assertion where opts is everything
defined for the
PublicKeyCredentialRequestOptions interface
and opts.crypto is an optional object containing
{
// hash buffer based on COSE algorithm type
hash(algorithm, buffer),
// verify data with signature and public key based on COSE algorithm type
verify(algorithm, signature, data, publicKey)
}The internal attestation request class passed to
navigator.credentials.create(request).
The attestation response class that wraps the
PublicKeyCredential returned from navigator.credentials.create(request).
A pointer back to the credentials.attestation.Request object that
initiated the request.
A boolean that indicates the response verified the signature from the
attestation.
The COSE algorithm type constant.
The PublicKeyCredential returned from navigator.credentials.create().
The decoded CBOR attestation object from the response
PublicKeyCredential.
The attestation response signature buffer. If the attestation is
'none' then this will be null.
The attestation response certificate buffer. If the attestation is
'none' then this will be null.
The attestation response certificate in PEM format. If the attestation is
'none' then this will be null.
The attestation response format.
The parsed attestation authentication data from the
PublicKeyCredential response.
The PKCS representation of the COSE public key in the PublicKeyCredential
response. This should be saved somewhere should you need assertions to be
verified on the client or off device.
The parsed clientDataJSON from the PublicKeyCredential response.
The credential ID. This must be saved somewhere to reference the
PublicKeyCredential on the device.
The internal assertion request class passed to
navigator.credentials.get(request).
The assertion response class that wraps the
PublicKeyCredential returned from navigator.credentials.get(request).
The PublicKeyCredential returned from navigator.credentials.get().
The parsed clientDataJSON from the PublicKeyCredential response.
The credential ID. This must be saved somewhere to reference the
PublicKeyCredential on the device.
The assertion response signature buffer.
A pointer back to the credentials.assertion.Request object that
initiated the request.
A boolean that indicates the response verified the signature from the
assertion on the client.
The COSE algorithm type constant.
The parsed assertion authentication data from the
PublicKeyCredential response.
MIT