UNPKG

@okta/okta-signin-widget

Version:

The Okta Sign-In Widget

github.com/okta/okta-signin-widget

okta/okta-signin-widget

99 lines (83 loc) 4.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/* * Copyright (c) 2022-present, Okta, Inc. and/or its affiliates. All rights reserved. * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the "License.") * * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0. * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * * See the License for the specific language governing permissions and limitations under the License. */ import { OktaAuth } from '@okta/okta-auth-js'; import omit from 'lodash/omit'; import { WebAuthNAuthenticationHandler, WebAuthNEnrollmentHandler } from '../types'; export const binToStr = (bin: ArrayBuffer): string => btoa( new Uint8Array(bin).reduce((s, byte) => s + String.fromCharCode(byte), ''), ); export const isCredentialsApiAvailable = (): boolean => !!(navigator && navigator.credentials && navigator.credentials.create); /** * Uses the Web Authentication API to generate credentials for enrolling * a user into the WebAuthN flow * * Used by {@link WebAuthNSubmitButton.tsx} Renderer to initiate the WebAuthN Enrollment flow. */ export const webAuthNEnrollmentHandler: WebAuthNEnrollmentHandler = async (transaction) => { // @ts-ignore OKTA-499928 authenticatorEnrollments missing from rawIdxState const { nextStep, rawIdxState: { authenticatorEnrollments } } = transaction; // NextStep is guranteed to be available here if (!nextStep) { throw new Error('transaction missing nextStep'); } const { relatesTo } = nextStep; const activationData = relatesTo?.value?.contextualData?.activationData; // Generates a CredentialCreationOptions Object for the Web Auth API to // generate a PublicKeyCredential instance for use by IDX to enroll the user/device const options = ( activationData && authenticatorEnrollments?.value ) && OktaAuth.webauthn.buildCredentialCreationOptions( activationData, authenticatorEnrollments.value, ); // Causes a browser prompt enabling the user to select the desired device to // enroll in this flow. Generates a Object that contains ClientData (origin, challenge) // and attestation (arraybuffer containing authenticator data) const result = await navigator.credentials.create(options); const attestationResponse = ( (result as PublicKeyCredential).response as AuthenticatorAttestationResponse ); // converts they arrayBuffer into a string to pass to Idx const clientData = binToStr(attestationResponse.clientDataJSON); const attestation = binToStr(attestationResponse.attestationObject); return { credentials: { clientData, attestation } }; }; /** * Uses the Web Authentication API to retrieve credentials for a client to authenticate * * Used by {@link WebAuthNSubmitButton.tsx} Renderer to initiate the WebAuthN Authentication flow. */ export const webAuthNAuthenticationHandler: WebAuthNAuthenticationHandler = async (transaction) => { // @ts-ignore OKTA-499928 authenticatorEnrollments missing from rawIdxState const { nextStep, rawIdxState: { authenticatorEnrollments } } = transaction; // NextStep is guranteed to be available here if (!nextStep) { throw new Error('transaction missing nextStep'); } const { relatesTo } = nextStep; const challengeData = relatesTo?.value?.contextualData?.challengeData; // Generates a CredentialRequestOptions Object for the Web Auth API to // generate a PublicKeyCredential instance for use by IDX verify the user const options = ( challengeData && authenticatorEnrollments?.value ) && OktaAuth.webauthn.buildCredentialRequestOptions( challengeData, authenticatorEnrollments.value, ); // Triggers a browser prompt allowing the user to provide consent based on the options // passed to this method to collect their credentials. const credentials = await navigator.credentials.get(options) as PublicKeyCredential; // Extracts the key properties from the credentials object and returns. // for some reason generic remediator does not allow/expect id field and fails when passed return { credentials: omit(OktaAuth.webauthn.getAssertion(credentials), ['id']) }; };