diff options
| author | Matthew Miller <matthew@millerti.me> | 2020-05-17 20:37:07 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2020-05-17 20:40:07 -0700 |
| commit | 834aa3ac2d0e9907487fc73ada8be78a196fad90 (patch) | |
| tree | 321ad7e9aaf1338bfc5e3ca5f033f6e9cdaa04eb /src | |
| parent | 932316895050544c5484b78a828b366ba36e3405 (diff) | |
Add generateAttestationCredentials
Diffstat (limited to 'src')
| -rw-r--r-- | src/attestation/generateAttestationCredentials.ts | 66 | ||||
| -rw-r--r-- | src/index.ts | 5 |
2 files changed, 71 insertions, 0 deletions
diff --git a/src/attestation/generateAttestationCredentials.ts b/src/attestation/generateAttestationCredentials.ts new file mode 100644 index 0000000..42fb06c --- /dev/null +++ b/src/attestation/generateAttestationCredentials.ts @@ -0,0 +1,66 @@ +export type AttestationCredentials = { + publicKey: { + // Cryptographically random bytes to prevent replay attacks + challenge: Uint8Array, + // The organization registering and authenticating the user + rp: { + name: string, + id: string, + }, + user: { + id: Uint8Array, + name: string, + displayName: string, + }, + pubKeyCredParams: [{ + alg: -7, + type: 'public-key', + }], + timeout: number, + attestation: 'none' | 'direct' | 'indirect', + }, +} + +/** + * Prepare credentials for user registration via navigator.credentials.create(...) + * + * @param serviceName Friendly user-visible website name + * @param rpID Valid domain name (after `https://`) + * @param challenge Random string the authenticator needs to sign and pass back + * @param userID User's website-specific unique ID + * @param username User's website-specific username + * @param timeout How long (in ms) the user can take to complete attestation + * @param attestationType Request a full ("direct") or anonymized ("indirect") attestation statement + */ +export default function generateAttestationCredentials( + serviceName: string, + rpID: string, + challenge: string, + userID: string, + username: string, + timeout: number = 60000, + attestationType: 'direct' | 'indirect' = 'direct', +): AttestationCredentials { + return { + publicKey: { + // Cryptographically random bytes to prevent replay attacks + challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)), + // The organization registering and authenticating the user + rp: { + name: serviceName, + id: rpID, + }, + user: { + id: Uint8Array.from(userID, c => c.charCodeAt(0)), + name: username, + displayName: username, + }, + pubKeyCredParams: [{ + alg: -7, + type: 'public-key', + }], + timeout, + attestation: attestationType, + }, + }; +} diff --git a/src/index.ts b/src/index.ts index e69de29..bbe3ec4 100644 --- a/src/index.ts +++ b/src/index.ts @@ -0,0 +1,5 @@ +import generateAttestationCredentials from "./attestation/generateAttestationCredentials"; + +export { + generateAttestationCredentials, +}; |