UNPKG

@passwordless-id/webauthn

Version:

A small wrapper around the webauthn protocol to make one's life easier.

webauthn.passwordless.id

passwordless-id/webauthn

64 lines (63 loc) 3.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import { AuthenticateOptions, AuthenticationJSON, RegisterOptions, RegistrationJSON } from './types.js'; /** * Returns whether passwordless authentication is available on this browser/platform or not. */ export declare function isAvailable(): boolean; /** * Returns whether the device itself can be used as authenticator. */ export declare function isLocalAuthenticator(): Promise<boolean>; /** * Creates a cryptographic key pair, in order to register the public key for later passwordless authentication. * * @param {string|Object} [user] Username or user object (id, name, displayName) * @param {string} [challenge] A server-side randomly generated string. * @param {number} [timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check. * @param {'required'|'preferred'|'discouraged'} [userVerification='required'] Whether to prompt for biometric/PIN check or not. * @param {PublicKeyCredentialHints[]} [hints]: Can contain a list of "client-device", "hybrid" or "security-key" * @param {boolean} [attestation=true] If enabled, the device attestation and clientData will be provided as Base64url encoded binary data. Note that this is not available on some platforms. * @param {'discouraged'|'preferred'|'required'} [discoverable] A "discoverable" credential can be selected using `authenticate(...)` without providing credential IDs. * Instead, a native pop-up will appear for user selection. * This may have an impact on the "passkeys" user experience and syncing behavior of the key. * @param {Record<string, any>} [customProperties] - **Advanced usage**: An object of additional * properties that will be merged into the WebAuthn create options. This can be used to * explicitly set fields such as `excludeCredentials`. * * @example * const registration = await register({ * user: { id: 'user-id', name: 'john', displayName: 'John' }, * challenge: 'base64url-encoded-challenge', * customProperties: { * excludeCredentials: [ * { id: 'base64url-credential-id', type: 'public-key' }, * ], * }, * }); */ export declare function register(options: RegisterOptions): Promise<RegistrationJSON>; export declare function isAutocompleteAvailable(): Promise<boolean>; /** * Signs a challenge using one of the provided credentials IDs in order to authenticate the user. * * @param {string[]} credentialIds The list of credential IDs that can be used for signing. * @param {string} challenge A server-side randomly generated string, the base64 encoded version will be signed. * @param {number} [timeout=60000] Number of milliseconds the user has to respond to the biometric/PIN check. * @param {'required'|'preferred'|'discouraged'} [userVerification='required'] Whether to prompt for biometric/PIN check or not. * @param {boolean} [conditional] Does not return directly, but only when the user has selected a credential in the input field with `autocomplete="username webauthn"` * @param {Record<string, any>} [options.customProperties] - **Advanced usage**: An object of additional * properties that will be merged into the WebAuthn authenticate options. This can be used to * explicitly set fields such as `extensions`. * * @example * const authentication = await authenticate({ * challenge: 'base64url-encoded-challenge', * allowCredentials: [], * customProperties: { * extensions: { * uvm: true, // User verification methods extension * appid: "https://legacy-app-id.example.com", // App ID extension for backward compatibility * }, * }, * }); */ export declare function authenticate(options: AuthenticateOptions): Promise<AuthenticationJSON>;