diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-10-05 00:47:16 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-10-05 00:47:16 -0700 |
| commit | 118e3b2234790d22902c61abe171df765eb5133a (patch) | |
| tree | b9f28398ae9efd5e7c558cf81087b4ad0f8d2939 /packages/server/src | |
| parent | 78b2fc710d43040321ed66713cc9448ec1161f6d (diff) | |
Use raw `allowCredentials` for assertion opts
Support per-credential transports instead of assuming that all allowable credentials use a single list of transports.
Diffstat (limited to 'packages/server/src')
| -rw-r--r-- | packages/server/src/assertion/generateAssertionOptions.ts | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/packages/server/src/assertion/generateAssertionOptions.ts b/packages/server/src/assertion/generateAssertionOptions.ts index 0bd6218..f018aa3 100644 --- a/packages/server/src/assertion/generateAssertionOptions.ts +++ b/packages/server/src/assertion/generateAssertionOptions.ts @@ -1,13 +1,13 @@ import type { PublicKeyCredentialRequestOptionsJSON, - Base64URLString, + PublicKeyCredentialDescriptorJSON, } from '@simplewebauthn/typescript-types'; import base64url from 'base64url'; import generateChallenge from '../helpers/generateChallenge'; type Options = { - allowedCredentialIDs: Base64URLString[]; + allowCredentials: PublicKeyCredentialDescriptorJSON[]; challenge?: string | Buffer; suggestedTransports?: AuthenticatorTransport[]; timeout?: number; @@ -18,11 +18,10 @@ type Options = { /** * Prepare a value to pass into navigator.credentials.get(...) for authenticator "login" * - * @param allowedCredentialIDs Array of base64url-encoded authenticator IDs registered by the + * @param allowCredentials Authenticators previously registered by the user * @param challenge Random value the authenticator needs to sign and pass back * user for assertion * @param timeout How long (in ms) the user can take to complete assertion - * @param suggestedTransports Suggested types of authenticators for assertion * @param userVerification Set to `'discouraged'` when asserting as part of a 2FA flow, otherwise * set to `'preferred'` or `'required'` as desired. * @param extensions Additional plugins the authenticator or browser should use during assertion @@ -31,9 +30,8 @@ export default function generateAssertionOptions( options: Options, ): PublicKeyCredentialRequestOptionsJSON { const { - allowedCredentialIDs, + allowCredentials, challenge = generateChallenge(), - suggestedTransports = ['usb', 'ble', 'nfc', 'internal'], timeout = 60000, userVerification, extensions, @@ -41,11 +39,7 @@ export default function generateAssertionOptions( return { challenge: base64url.encode(challenge), - allowCredentials: allowedCredentialIDs.map(id => ({ - id, - type: 'public-key', - transports: suggestedTransports, - })), + allowCredentials, timeout, userVerification, extensions, |