1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
|
/**
* @packageDocumentation
* @module @simplewebauthn/types
*/
import type {
AttestationConveyancePreference,
AuthenticationExtensionsClientInputs,
AuthenticationExtensionsClientOutputs,
AuthenticatorAssertionResponse,
AuthenticatorAttachment,
AuthenticatorAttestationResponse,
AuthenticatorSelectionCriteria,
COSEAlgorithmIdentifier,
PublicKeyCredential,
PublicKeyCredentialCreationOptions,
PublicKeyCredentialDescriptor,
PublicKeyCredentialParameters,
PublicKeyCredentialRequestOptions,
PublicKeyCredentialRpEntity,
PublicKeyCredentialType,
UserVerificationRequirement,
} from './dom.ts';
export type {
AttestationConveyancePreference,
AuthenticationExtensionsClientInputs,
AuthenticationExtensionsClientOutputs,
AuthenticatorAssertionResponse,
AuthenticatorAttachment,
AuthenticatorAttestationResponse,
AuthenticatorSelectionCriteria,
AuthenticatorTransport,
COSEAlgorithmIdentifier,
Crypto,
PublicKeyCredential,
PublicKeyCredentialCreationOptions,
PublicKeyCredentialDescriptor,
PublicKeyCredentialParameters,
PublicKeyCredentialRequestOptions,
PublicKeyCredentialRpEntity,
PublicKeyCredentialType,
PublicKeyCredentialUserEntity,
UserVerificationRequirement,
} from './dom.ts';
/**
* A variant of PublicKeyCredentialCreationOptions suitable for JSON transmission to the browser to
* (eventually) get passed into navigator.credentials.create(...) in the browser.
*
* This should eventually get replaced with official TypeScript DOM types when WebAuthn L3 types
* eventually make it into the language:
*
* https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptionsjson
*/
export interface PublicKeyCredentialCreationOptionsJSON {
rp: PublicKeyCredentialRpEntity;
user: PublicKeyCredentialUserEntityJSON;
challenge: Base64URLString;
pubKeyCredParams: PublicKeyCredentialParameters[];
timeout?: number;
excludeCredentials?: PublicKeyCredentialDescriptorJSON[];
authenticatorSelection?: AuthenticatorSelectionCriteria;
attestation?: AttestationConveyancePreference;
extensions?: AuthenticationExtensionsClientInputs;
}
/**
* A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission to the browser to
* (eventually) get passed into navigator.credentials.get(...) in the browser.
*/
export interface PublicKeyCredentialRequestOptionsJSON {
challenge: Base64URLString;
timeout?: number;
rpId?: string;
allowCredentials?: PublicKeyCredentialDescriptorJSON[];
userVerification?: UserVerificationRequirement;
extensions?: AuthenticationExtensionsClientInputs;
}
/**
* https://w3c.github.io/webauthn/#dictdef-publickeycredentialdescriptorjson
*/
export interface PublicKeyCredentialDescriptorJSON {
id: Base64URLString;
type: PublicKeyCredentialType;
transports?: AuthenticatorTransportFuture[];
}
/**
* https://w3c.github.io/webauthn/#dictdef-publickeycredentialuserentityjson
*/
export interface PublicKeyCredentialUserEntityJSON {
id: string;
name: string;
displayName: string;
}
/**
* The value returned from navigator.credentials.create()
*/
export interface RegistrationCredential extends PublicKeyCredentialFuture {
response: AuthenticatorAttestationResponseFuture;
}
/**
* A slightly-modified RegistrationCredential to simplify working with ArrayBuffers that
* are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
*
* https://w3c.github.io/webauthn/#dictdef-registrationresponsejson
*/
export interface RegistrationResponseJSON {
id: Base64URLString;
rawId: Base64URLString;
response: AuthenticatorAttestationResponseJSON;
authenticatorAttachment?: AuthenticatorAttachment;
clientExtensionResults: AuthenticationExtensionsClientOutputs;
type: PublicKeyCredentialType;
}
/**
* The value returned from navigator.credentials.get()
*/
export interface AuthenticationCredential extends PublicKeyCredentialFuture {
response: AuthenticatorAssertionResponse;
}
/**
* A slightly-modified AuthenticationCredential to simplify working with ArrayBuffers that
* are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
*
* https://w3c.github.io/webauthn/#dictdef-authenticationresponsejson
*/
export interface AuthenticationResponseJSON {
id: Base64URLString;
rawId: Base64URLString;
response: AuthenticatorAssertionResponseJSON;
authenticatorAttachment?: AuthenticatorAttachment;
clientExtensionResults: AuthenticationExtensionsClientOutputs;
type: PublicKeyCredentialType;
}
/**
* A slightly-modified AuthenticatorAttestationResponse to simplify working with ArrayBuffers that
* are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
*
* https://w3c.github.io/webauthn/#dictdef-authenticatorattestationresponsejson
*/
export interface AuthenticatorAttestationResponseJSON {
clientDataJSON: Base64URLString;
attestationObject: Base64URLString;
// Optional in L2, but becomes required in L3. Play it safe until L3 becomes Recommendation
authenticatorData?: Base64URLString;
// Optional in L2, but becomes required in L3. Play it safe until L3 becomes Recommendation
transports?: AuthenticatorTransportFuture[];
// Optional in L2, but becomes required in L3. Play it safe until L3 becomes Recommendation
publicKeyAlgorithm?: COSEAlgorithmIdentifier;
publicKey?: Base64URLString;
}
/**
* A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that
* are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
*
* https://w3c.github.io/webauthn/#dictdef-authenticatorassertionresponsejson
*/
export interface AuthenticatorAssertionResponseJSON {
clientDataJSON: Base64URLString;
authenticatorData: Base64URLString;
signature: Base64URLString;
userHandle?: Base64URLString;
}
/**
* A WebAuthn-compatible device and the information needed to verify assertions by it
*/
export type AuthenticatorDevice = {
credentialID: Base64URLString;
credentialPublicKey: Uint8Array;
// Number of times this authenticator is expected to have been used
counter: number;
// From browser's `startRegistration()` -> RegistrationCredentialJSON.transports (API L2 and up)
transports?: AuthenticatorTransportFuture[];
};
/**
* An attempt to communicate that this isn't just any string, but a Base64URL-encoded string
*/
export type Base64URLString = string;
/**
* AuthenticatorAttestationResponse in TypeScript's DOM lib is outdated (up through v3.9.7).
* Maintain an augmented version here so we can implement additional properties as the WebAuthn
* spec evolves.
*
* See https://www.w3.org/TR/webauthn-2/#iface-authenticatorattestationresponse
*
* Properties marked optional are not supported in all browsers.
*/
export interface AuthenticatorAttestationResponseFuture extends AuthenticatorAttestationResponse {
getTransports(): AuthenticatorTransportFuture[];
}
/**
* A super class of TypeScript's `AuthenticatorTransport` that includes support for the latest
* transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
* know about it (sometime after 4.6.3)
*/
export type AuthenticatorTransportFuture =
| 'ble'
| 'cable'
| 'hybrid'
| 'internal'
| 'nfc'
| 'smart-card'
| 'usb';
/**
* A super class of TypeScript's `PublicKeyCredentialDescriptor` that knows about the latest
* transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
* know about it (sometime after 4.6.3)
*/
export interface PublicKeyCredentialDescriptorFuture
extends Omit<PublicKeyCredentialDescriptor, 'transports'> {
transports?: AuthenticatorTransportFuture[];
}
/** */
export type PublicKeyCredentialJSON =
| RegistrationResponseJSON
| AuthenticationResponseJSON;
/**
* A super class of TypeScript's `PublicKeyCredential` that knows about upcoming WebAuthn features
*/
export interface PublicKeyCredentialFuture extends PublicKeyCredential {
type: PublicKeyCredentialType;
// See https://github.com/w3c/webauthn/issues/1745
isConditionalMediationAvailable?(): Promise<boolean>;
// See https://w3c.github.io/webauthn/#sctn-parseCreationOptionsFromJSON
parseCreationOptionsFromJSON?(
options: PublicKeyCredentialCreationOptionsJSON,
): PublicKeyCredentialCreationOptions;
// See https://w3c.github.io/webauthn/#sctn-parseRequestOptionsFromJSON
parseRequestOptionsFromJSON?(
options: PublicKeyCredentialRequestOptionsJSON,
): PublicKeyCredentialRequestOptions;
// See https://w3c.github.io/webauthn/#dom-publickeycredential-tojson
toJSON?(): PublicKeyCredentialJSON;
}
/**
* The two types of credentials as defined by bit 3 ("Backup Eligibility") in authenticator data:
* - `"singleDevice"` credentials will never be backed up
* - `"multiDevice"` credentials can be backed up
*/
export type CredentialDeviceType = 'singleDevice' | 'multiDevice';
|
