From 5c189467882fc11a9ac7fcbac5cc8ab5d6bba03f Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:14:20 -0800 Subject: Copy over some registration types --- packages/typescript-types/src/index.ts | 45 +++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 9 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 3bb93ba..4b20694 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -13,6 +13,15 @@ import type { PublicKeyCredentialUserEntity, AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs, + PublicKeyCredentialRpEntity, + PublicKeyCredentialType, + PublicKeyCredentialParameters, + AuthenticatorSelectionCriteria, + AttestationConveyancePreference, + UserVerificationRequirement, + AuthenticatorAttachment, + PublicKeyCredentialCreationOptions, + PublicKeyCredentialRequestOptions, } from './dom'; export * from './dom'; @@ -20,12 +29,21 @@ export * from './dom'; /** * A variant of PublicKeyCredentialCreationOptions suitable for JSON transmission to the browser to * (eventually) get passed into navigator.credentials.create(...) in the browser. + * + * This should eventually get replaced with official TypeScript DOM types when WebAuthn L3 types + * eventually make it into the language: + * + * https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptionsjson */ -export interface PublicKeyCredentialCreationOptionsJSON - extends Omit { +export interface PublicKeyCredentialCreationOptionsJSON { + rp: PublicKeyCredentialRpEntity; user: PublicKeyCredentialUserEntityJSON; challenge: Base64URLString; - excludeCredentials: PublicKeyCredentialDescriptorJSON[]; + pubKeyCredParams: PublicKeyCredentialParameters[]; + timeout?: number; + excludeCredentials?: PublicKeyCredentialDescriptorJSON[]; + authenticatorSelection?: AuthenticatorSelectionCriteria; + attestation?: AttestationConveyancePreference; extensions?: AuthenticationExtensionsClientInputs; } @@ -33,22 +51,31 @@ export interface PublicKeyCredentialCreationOptionsJSON * A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission to the browser to * (eventually) get passed into navigator.credentials.get(...) in the browser. */ -export interface PublicKeyCredentialRequestOptionsJSON - extends Omit { +export interface PublicKeyCredentialRequestOptionsJSON { challenge: Base64URLString; + timeout?: number; + rpId?: string; allowCredentials?: PublicKeyCredentialDescriptorJSON[]; + userVerification?: UserVerificationRequirement; extensions?: AuthenticationExtensionsClientInputs; } -export interface PublicKeyCredentialDescriptorJSON - extends Omit { +/** + * https://w3c.github.io/webauthn/#dictdef-publickeycredentialdescriptorjson + */ +export interface PublicKeyCredentialDescriptorJSON { id: Base64URLString; + type: PublicKeyCredentialType; transports?: AuthenticatorTransportFuture[]; } -export interface PublicKeyCredentialUserEntityJSON - extends Omit { +/** + * https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentityjson + */ +export interface PublicKeyCredentialUserEntityJSON { id: string; + name: string; + displayName: string; } /** -- cgit v1.2.3 From d29197896c401e6f8d01116303bc86b41474c216 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:16:52 -0800 Subject: Change over to RegistrationResponseJSON --- packages/typescript-types/src/index.ts | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 4b20694..7333249 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -88,13 +88,16 @@ export interface RegistrationCredential extends PublicKeyCredentialFuture { /** * A slightly-modified RegistrationCredential to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. + * + * https://w3c.github.io/webauthn/#dictdef-registrationresponsejson */ -export interface RegistrationCredentialJSON - extends Omit { +export interface RegistrationResponseJSON { + id: Base64URLString; rawId: Base64URLString; response: AuthenticatorAttestationResponseJSON; + authenticatorAttachment?: AuthenticatorAttachment; clientExtensionResults: AuthenticationExtensionsClientOutputs; - transports?: AuthenticatorTransportFuture[]; + type: PublicKeyCredentialType; } /** @@ -118,19 +121,13 @@ export interface AuthenticationCredentialJSON /** * A slightly-modified AuthenticatorAttestationResponse to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. + * + * https://w3c.github.io/webauthn/#dictdef-authenticatorattestationresponsejson */ -export interface AuthenticatorAttestationResponseJSON - extends Omit< - AuthenticatorAttestationResponseFuture, - | 'clientDataJSON' - | 'attestationObject' - | 'getTransports' - | 'getAuthenticatorData' - | 'getPublicKey' - | 'getPublicKeyAlgorithm' - > { +export interface AuthenticatorAttestationResponseJSON { clientDataJSON: Base64URLString; attestationObject: Base64URLString; + transports: AuthenticatorTransportFuture[]; } /** -- cgit v1.2.3 From d821ec1f64463f135cd5e15dfd8bdd170bf91730 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:17:42 -0800 Subject: Change over to AuthenticationResponseJSON --- packages/typescript-types/src/index.ts | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 7333249..43e2f5b 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -110,12 +110,16 @@ export interface AuthenticationCredential extends PublicKeyCredentialFuture { /** * A slightly-modified AuthenticationCredential to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. + * + * https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson */ -export interface AuthenticationCredentialJSON - extends Omit { +export interface AuthenticationResponseJSON { + id: Base64URLString; rawId: Base64URLString; response: AuthenticatorAssertionResponseJSON; + authenticatorAttachment?: AuthenticatorAttachment; clientExtensionResults: AuthenticationExtensionsClientOutputs; + type: PublicKeyCredentialType; } /** @@ -133,14 +137,12 @@ export interface AuthenticatorAttestationResponseJSON { /** * A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. + * + * https://w3c.github.io/webauthn/#dictdef-authenticatorassertionresponsejson */ -export interface AuthenticatorAssertionResponseJSON - extends Omit< - AuthenticatorAssertionResponse, - 'authenticatorData' | 'clientDataJSON' | 'signature' | 'userHandle' - > { - authenticatorData: Base64URLString; +export interface AuthenticatorAssertionResponseJSON { clientDataJSON: Base64URLString; + authenticatorData: Base64URLString; signature: Base64URLString; userHandle?: string; } -- cgit v1.2.3 From 9368677134917f9c4fc9b3d82fd94050354d7fd1 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:18:06 -0800 Subject: Add new methods to PublicKeyCredentialFuture --- packages/typescript-types/src/index.ts | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 43e2f5b..c6562a0 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -195,11 +195,23 @@ export interface PublicKeyCredentialDescriptorFuture } /** - * A super class of TypeScript's `PublicKeyCredential` that knows about upcoming WebAuthn methods + * + */ +export type PublicKeyCredentialJSON = RegistrationResponseJSON | AuthenticationResponseJSON; + +/** + * A super class of TypeScript's `PublicKeyCredential` that knows about upcoming WebAuthn features */ export interface PublicKeyCredentialFuture extends PublicKeyCredential { + type: PublicKeyCredentialType; // See https://github.com/w3c/webauthn/issues/1745 isConditionalMediationAvailable?(): Promise; + // See https://w3c.github.io/webauthn/#sctn-parseCreationOptionsFromJSON + parseCreationOptionsFromJSON?(options: PublicKeyCredentialCreationOptionsJSON): PublicKeyCredentialCreationOptions; + // See https://w3c.github.io/webauthn/#sctn-parseRequestOptionsFromJSON + parseRequestOptionsFromJSON?(options: PublicKeyCredentialRequestOptionsJSON): PublicKeyCredentialRequestOptions; + // See https://w3c.github.io/webauthn/#dom-publickeycredential-tojson + toJSON?(): PublicKeyCredentialJSON; } /** -- cgit v1.2.3 From 0571dbea85f539b350e853e716ba5489c49646c5 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:18:11 -0800 Subject: Clean up unused imports --- packages/typescript-types/src/index.ts | 3 --- 1 file changed, 3 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index c6562a0..6d68b17 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -7,10 +7,7 @@ import type { AuthenticatorAssertionResponse, AuthenticatorAttestationResponse, PublicKeyCredential, - PublicKeyCredentialCreationOptions, PublicKeyCredentialDescriptor, - PublicKeyCredentialRequestOptions, - PublicKeyCredentialUserEntity, AuthenticationExtensionsClientInputs, AuthenticationExtensionsClientOutputs, PublicKeyCredentialRpEntity, -- cgit v1.2.3 From 468c8ce2f13105fd7e31d84cb41c7bbb07aa9ec9 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 19:32:40 -0800 Subject: Update typing on getTransports() --- packages/typescript-types/src/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 6d68b17..13d63bd 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -171,7 +171,7 @@ export type Base64URLString = string; * Properties marked optional are not supported in all browsers. */ export interface AuthenticatorAttestationResponseFuture extends AuthenticatorAttestationResponse { - getTransports: () => AuthenticatorTransportFuture[]; + getTransports(): AuthenticatorTransportFuture[]; } /** -- cgit v1.2.3 From cbfa15930382f98e215c2e68103e5ac8770b22fe Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 20:51:40 -0800 Subject: Be more cautious with transports --- packages/browser/src/methods/startRegistration.ts | 9 ++++++++- packages/typescript-types/src/index.ts | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/browser/src/methods/startRegistration.ts b/packages/browser/src/methods/startRegistration.ts index f72a10b..bceff2a 100644 --- a/packages/browser/src/methods/startRegistration.ts +++ b/packages/browser/src/methods/startRegistration.ts @@ -2,6 +2,7 @@ import { PublicKeyCredentialCreationOptionsJSON, RegistrationCredential, RegistrationResponseJSON, + AuthenticatorTransportFuture, } from '@simplewebauthn/typescript-types'; import { utf8StringToBuffer } from '../helpers/utf8StringToBuffer'; @@ -55,13 +56,19 @@ export async function startRegistration( const { id, rawId, response, type } = credential; + // Continue to play it safe with `getTransports()` for now, even when L3 types say it's required + let transports: AuthenticatorTransportFuture[] | undefined = undefined; + if (typeof response.getTransports === 'function') { + transports = response.getTransports(); + } + return { id, rawId: bufferToBase64URLString(rawId), response: { attestationObject: bufferToBase64URLString(response.attestationObject), clientDataJSON: bufferToBase64URLString(response.clientDataJSON), - transports: response.getTransports(), + transports, }, type, clientExtensionResults: credential.getClientExtensionResults(), diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 13d63bd..85f3ef5 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -128,7 +128,8 @@ export interface AuthenticationResponseJSON { export interface AuthenticatorAttestationResponseJSON { clientDataJSON: Base64URLString; attestationObject: Base64URLString; - transports: AuthenticatorTransportFuture[]; + // Optional in L2, but becomes required in L3. Play it safe until L3 becomes Recommendation + transports?: AuthenticatorTransportFuture[]; } /** -- cgit v1.2.3 From ad5e7119317ab5915c7063b575e2bdd4fe263f9e Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 27 Dec 2022 21:38:27 -0800 Subject: Lint everything --- packages/browser/src/helpers/toAuthenticatorAttachment.ts | 4 +++- packages/browser/src/methods/startAuthentication.test.ts | 2 +- packages/browser/src/methods/startRegistration.test.ts | 2 +- packages/browser/src/methods/startRegistration.ts | 4 +++- .../src/authentication/verifyAuthenticationResponse.test.ts | 5 +---- .../server/src/registration/verifyRegistrationResponse.test.ts | 2 +- packages/typescript-types/src/index.ts | 8 ++++++-- 7 files changed, 16 insertions(+), 11 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/browser/src/helpers/toAuthenticatorAttachment.ts b/packages/browser/src/helpers/toAuthenticatorAttachment.ts index 7a2aca0..366cf8f 100644 --- a/packages/browser/src/helpers/toAuthenticatorAttachment.ts +++ b/packages/browser/src/helpers/toAuthenticatorAttachment.ts @@ -5,7 +5,9 @@ const attachments: AuthenticatorAttachment[] = ['cross-platform', 'platform']; /** * If possible coerce a `string` value into a known `AuthenticatorAttachment` */ -export function toAuthenticatorAttachment(attachment: string | null): AuthenticatorAttachment | undefined { +export function toAuthenticatorAttachment( + attachment: string | null, +): AuthenticatorAttachment | undefined { if (!attachment) { return; } diff --git a/packages/browser/src/methods/startAuthentication.test.ts b/packages/browser/src/methods/startAuthentication.test.ts index 49f8898..31dbde3 100644 --- a/packages/browser/src/methods/startAuthentication.test.ts +++ b/packages/browser/src/methods/startAuthentication.test.ts @@ -299,7 +299,7 @@ test('should return authenticatorAttachment if present', async () => { return new Promise(resolve => { resolve({ response: {}, - getClientExtensionResults: () => { }, + getClientExtensionResults: () => {}, authenticatorAttachment: 'cross-platform', }); }); diff --git a/packages/browser/src/methods/startRegistration.test.ts b/packages/browser/src/methods/startRegistration.test.ts index 19e9185..8ba6f5a 100644 --- a/packages/browser/src/methods/startRegistration.test.ts +++ b/packages/browser/src/methods/startRegistration.test.ts @@ -239,7 +239,7 @@ test('should return authenticatorAttachment if present', async () => { return new Promise(resolve => { resolve({ response: {}, - getClientExtensionResults: () => { }, + getClientExtensionResults: () => {}, authenticatorAttachment: 'cross-platform', }); }); diff --git a/packages/browser/src/methods/startRegistration.ts b/packages/browser/src/methods/startRegistration.ts index 3ce3083..546347b 100644 --- a/packages/browser/src/methods/startRegistration.ts +++ b/packages/browser/src/methods/startRegistration.ts @@ -34,7 +34,9 @@ export async function startRegistration( ...creationOptionsJSON.user, id: utf8StringToBuffer(creationOptionsJSON.user.id), }, - excludeCredentials: creationOptionsJSON.excludeCredentials?.map(toPublicKeyCredentialDescriptor), + excludeCredentials: creationOptionsJSON.excludeCredentials?.map( + toPublicKeyCredentialDescriptor, + ), }; // Finalize options diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts index fcd1b4f..30eb9d1 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.test.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.test.ts @@ -3,10 +3,7 @@ import { verifyAuthenticationResponse } from './verifyAuthenticationResponse'; import * as esmDecodeClientDataJSON from '../helpers/decodeClientDataJSON'; import * as esmParseAuthenticatorData from '../helpers/parseAuthenticatorData'; import { toHash } from '../helpers/toHash'; -import { - AuthenticatorDevice, - AuthenticationResponseJSON, -} from '@simplewebauthn/typescript-types'; +import { AuthenticatorDevice, AuthenticationResponseJSON } from '@simplewebauthn/typescript-types'; import { isoUint8Array, isoBase64URL } from '../helpers/iso'; let mockDecodeClientData: jest.SpyInstance; diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts index 850e51e..9fd8a96 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.test.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts @@ -90,7 +90,7 @@ test('should verify Packed (EC2) attestation', async () => { expect(verification.registrationInfo?.credentialID).toEqual( isoBase64URL.toBuffer( 'AYThY1csINY4JrbHyGmqTl1nL_F1zjAF3hSAIngz8kAcjugmAMNVvxZRwqpEH-bNHHAIv291OX5ko9eDf_5mu3U' + - 'B2BvsScr2K-ppM4owOpGsqwg5tZglqqmxIm1Q', + 'B2BvsScr2K-ppM4owOpGsqwg5tZglqqmxIm1Q', ), ); }); diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 85f3ef5..b8b1394 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -205,9 +205,13 @@ export interface PublicKeyCredentialFuture extends PublicKeyCredential { // See https://github.com/w3c/webauthn/issues/1745 isConditionalMediationAvailable?(): Promise; // See https://w3c.github.io/webauthn/#sctn-parseCreationOptionsFromJSON - parseCreationOptionsFromJSON?(options: PublicKeyCredentialCreationOptionsJSON): PublicKeyCredentialCreationOptions; + parseCreationOptionsFromJSON?( + options: PublicKeyCredentialCreationOptionsJSON, + ): PublicKeyCredentialCreationOptions; // See https://w3c.github.io/webauthn/#sctn-parseRequestOptionsFromJSON - parseRequestOptionsFromJSON?(options: PublicKeyCredentialRequestOptionsJSON): PublicKeyCredentialRequestOptions; + parseRequestOptionsFromJSON?( + options: PublicKeyCredentialRequestOptionsJSON, + ): PublicKeyCredentialRequestOptions; // See https://w3c.github.io/webauthn/#dom-publickeycredential-tojson toJSON?(): PublicKeyCredentialJSON; } -- cgit v1.2.3