UNPKG

@oslojs/webauthn

Version:

Parse and verify Web Authentication data

github.com/oslo-project/webauthn

oslo-project/webauthn

41 lines (31 loc) 1.27 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# @oslojs/webauthn **Documentation: https://webauthn.oslojs.dev** A JavaScript library for working with the Web Authentication API on the server by [Oslo](https://oslojs.dev). - Runtime-agnostic - No third-party dependencies - Fully typed ```ts import { parseAttestationObject, COSEKeyType, coseAlgorithmES256 } from "@oslojs/webauthn"; const { attestationStatement, authenticatorData } = await parseAttestationObject(encoded); if (!authenticatorData.userPresent || !authenticatorData.userVerified) { throw new Error("User must be verified"); } if (!authenticatorData.verifyRelyingPartyIdHash("example.com")) { throw new Error("Invalid relying party ID hash"); } if (authenticatorData.credential === null) { throw new Error("Expected credential"); } if (authenticatorData.credential.publicKey.type() !== COSEKeyType.EC2) { throw new Error("Unsupported algorithm"); } if (authenticatorData.credential.publicKey.algorithm() !== coseAlgorithmES256) { throw new Error("Unsupported algorithm"); } const publicKey = authenticatorData.credential.publicKey.ec2(); ``` This package currently does not support attestation extensions and also does not provide APIs for verifying attestation statements (e.g FIDO-U2F, TPM). ## Installation ``` npm i @oslojs/webauthn ```