UNPKG

@simplewebauthn/server

Version:

SimpleWebAuthn for Servers

github.com/MasterKale/SimpleWebAuthn/tree/master/packages/server

MasterKale/SimpleWebAuthn

88 lines 4.81 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import type { COSEAlgorithmIdentifier, CredentialDeviceType, RegistrationResponseJSON, WebAuthnCredential } from '../types/index.js'; import { type AttestationFormat, type AttestationStatement } from '../helpers/decodeAttestationObject.js'; import type { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions.js'; /** * Configurable options when calling `verifyRegistrationResponse()` */ export type VerifyRegistrationResponseOpts = Parameters<typeof verifyRegistrationResponse>[0]; /** * Verify that the user has legitimately completed the registration process * * **Options:** * * @param response - Response returned by **@simplewebauthn/browser**'s `startAuthentication()` * @param expectedChallenge - The base64url-encoded `options.challenge` returned by `generateRegistrationOptions()` * @param expectedOrigin - Website URL (or array of URLs) that the registration should have occurred on * @param expectedRPID - RP ID (or array of IDs) that was specified in the registration options * @param expectedType **(Optional)** - The response type expected ('webauthn.create') * @param requireUserPresence **(Optional)** - Enforce user presence by the authenticator (or skip it during auto registration) Defaults to `true` * @param requireUserVerification **(Optional)** - Enforce user verification by the authenticator (via PIN, fingerprint, etc...) Defaults to `true` * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to all supported algorithm IDs */ export declare function verifyRegistrationResponse(options: { response: RegistrationResponseJSON; expectedChallenge: string | ((challenge: string) => boolean | Promise<boolean>); expectedOrigin: string | string[]; expectedRPID?: string | string[]; expectedType?: string | string[]; requireUserPresence?: boolean; requireUserVerification?: boolean; supportedAlgorithmIDs?: COSEAlgorithmIdentifier[]; }): Promise<VerifiedRegistrationResponse>; /** * Result of registration verification * * @param verified If the assertion response could be verified * @param registrationInfo.fmt Type of attestation * @param registrationInfo.counter The number of times the authenticator reported it has been used. * **Should be kept in a DB for later reference to help prevent replay attacks!** * @param registrationInfo.aaguid Authenticator's Attestation GUID indicating the type of the * authenticator * @param registrationInfo.credentialPublicKey The credential's public key * @param registrationInfo.credentialID The credential's credential ID for the public key above * @param registrationInfo.credentialType The type of the credential returned by the browser * @param registrationInfo.userVerified Whether the user was uniquely identified during attestation * @param registrationInfo.attestationObject The raw `response.attestationObject` Buffer returned by * the authenticator * @param registrationInfo.credentialDeviceType Whether this is a single-device or multi-device * credential. **Should be kept in a DB for later reference!** * @param registrationInfo.credentialBackedUp Whether or not the multi-device credential has been * backed up. Always `false` for single-device credentials. **Should be kept in a DB for later * reference!** * @param registrationInfo.origin The origin of the website that the registration occurred on * @param registrationInfo?.rpID The RP ID that the registration occurred on, if one or more were * specified in the registration options * @param registrationInfo?.authenticatorExtensionResults The authenticator extensions returned * by the browser */ export type VerifiedRegistrationResponse = { verified: boolean; registrationInfo?: { fmt: AttestationFormat; aaguid: string; credential: WebAuthnCredential; credentialType: 'public-key'; attestationObject: Uint8Array; userVerified: boolean; credentialDeviceType: CredentialDeviceType; credentialBackedUp: boolean; origin: string; rpID?: string; authenticatorExtensionResults?: AuthenticationExtensionsAuthenticatorOutputs; }; }; /** * Values passed to all attestation format verifiers, from which they are free to use as they please */ export type AttestationFormatVerifierOpts = { aaguid: Uint8Array; attStmt: AttestationStatement; authData: Uint8Array; clientDataHash: Uint8Array; credentialID: Uint8Array; credentialPublicKey: Uint8Array; rootCertificates: string[]; rpIdHash: Uint8Array; verifyTimestampMS?: boolean; }; //# sourceMappingURL=verifyRegistrationResponse.d.ts.map