blob: 6d1dfb86b7d406e501acf9f7d5b2676b291da4fb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
import type { AuthenticatorDevice } from '@simplewebauthn/typescript-types';
/**
* You'll need a database to store a few things:
*
* 1. Users
*
* You'll need to be able to associate attestation and assertions challenges, and authenticators to
* a specific user. See `LoggedInUser` below for an idea of the minimum amount of info you'll need to
* track for a specific user during these flows.
*
* 2. Challenges
*
* The totally-random-unique-every-time values you pass into every execution of
* `generateAttestationOptions()` or `generateAssertionOptions()` MUST be stored until
* `verifyAttestationResponse()` or `verifyAssertionResponse()` (respectively) is called to verify
* that the response contains the signed challenge.
*
* These values only need to be persisted for `timeout` number of milliseconds (see the `generate`
* methods and their optional `timeout` parameter)
*
* 3. Authenticator Devices
*
* After an attestation, you'll need to store three things about the authenticator:
*
* - Base64-encoded "Credential ID" (varchar)
* - Base64-encoded "Public Key" (varchar)
* - Counter (int)
*
* Each authenticator must also be associated to a user so that you can generate a list of
* authenticator credential IDs to pass into `generateAssertionOptions()`, from which one is
* expected to generate an assertion response.
*/
interface LoggedInUser {
id: string;
username: string;
devices: AuthenticatorDevice[];
currentChallenge?: string;
}
|
