summaryrefslogtreecommitdiffhomepage
path: root/packages/browser/src/methods/startAuthentication.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/browser/src/methods/startAuthentication.ts')
-rw-r--r--packages/browser/src/methods/startAuthentication.ts66
1 files changed, 66 insertions, 0 deletions
diff --git a/packages/browser/src/methods/startAuthentication.ts b/packages/browser/src/methods/startAuthentication.ts
new file mode 100644
index 0000000..277b8f0
--- /dev/null
+++ b/packages/browser/src/methods/startAuthentication.ts
@@ -0,0 +1,66 @@
+import {
+ PublicKeyCredentialRequestOptionsJSON,
+ AuthenticationCredential,
+ AuthenticationCredentialJSON,
+} from '@simplewebauthn/typescript-types';
+
+import bufferToBase64URLString from '../helpers/bufferToBase64URLString';
+import base64URLStringToBuffer from '../helpers/base64URLStringToBuffer';
+import bufferToUTF8String from '../helpers/bufferToUTF8String';
+import { browserSupportsWebauthn } from '../helpers/browserSupportsWebauthn';
+import toPublicKeyCredentialDescriptor from '../helpers/toPublicKeyCredentialDescriptor';
+
+/**
+ * Begin authenticator "login" via WebAuthn assertion
+ *
+ * @param requestOptionsJSON Output from @simplewebauthn/server's generateAssertionOptions(...)
+ */
+export default async function startAuthentication(
+ requestOptionsJSON: PublicKeyCredentialRequestOptionsJSON,
+): Promise<AuthenticationCredentialJSON> {
+ if (!browserSupportsWebauthn()) {
+ throw new Error('WebAuthn is not supported in this browser');
+ }
+
+ // We need to avoid passing empty array to avoid blocking retrieval
+ // of public key
+ let allowCredentials;
+ if (requestOptionsJSON.allowCredentials?.length !== 0) {
+ allowCredentials = requestOptionsJSON.allowCredentials?.map(toPublicKeyCredentialDescriptor);
+ }
+
+ // We need to convert some values to Uint8Arrays before passing the credentials to the navigator
+ const publicKey: PublicKeyCredentialRequestOptions = {
+ ...requestOptionsJSON,
+ challenge: base64URLStringToBuffer(requestOptionsJSON.challenge),
+ allowCredentials,
+ };
+
+ // Wait for the user to complete assertion
+ const credential = (await navigator.credentials.get({ publicKey })) as AuthenticationCredential;
+
+ if (!credential) {
+ throw new Error('Authentication was not completed');
+ }
+
+ const { id, rawId, response, type } = credential;
+
+ let userHandle = undefined;
+ if (response.userHandle) {
+ userHandle = bufferToUTF8String(response.userHandle);
+ }
+
+ // Convert values to base64 to make it easier to send back to the server
+ return {
+ id,
+ rawId: bufferToBase64URLString(rawId),
+ response: {
+ authenticatorData: bufferToBase64URLString(response.authenticatorData),
+ clientDataJSON: bufferToBase64URLString(response.clientDataJSON),
+ signature: bufferToBase64URLString(response.signature),
+ userHandle,
+ },
+ type,
+ clientExtensionResults: credential.getClientExtensionResults(),
+ };
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 23:07:48 +0000