Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateSecureKey(n int) ([]byte, error)
- func NotFound(c *fiber.Ctx) error
- func ParseCredentialCreationResponse(ccr protocol.CredentialCreationResponse) (*protocol.ParsedCredentialCreationData, error)
- func ParseCredentialRequestResponse(car protocol.CredentialAssertionResponse) (*protocol.ParsedCredentialAssertionData, error)
- func StatusToString(status byte) string
- type Challenge
- type CreateNaturalPersonRequest
- type LoginResponse
- type Map
- type RegistrationResponse
- type Server
- type SessionStore
- func (store *SessionStore) GetWebauthnSession(key string, r *http.Request) (webauthn.SessionData, error)
- func (store *SessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData, r *http.Request, w http.ResponseWriter) ([]byte, error)
- func (store *SessionStore) Set(key string, value interface{}, r *http.Request, w http.ResponseWriter) error
- type SignTokenRequest
- type State
- type User
- type WalletServer
- func (s *WalletServer) AddRoutesPB(app *pocketbase.PocketBase)
- func (s *WalletServer) BeginLoginPB(c echo.Context) error
- func (s *WalletServer) BeginRegistrationPB(c echo.Context) error
- func (s *WalletServer) CreateNaturalPerson(c echo.Context) error
- func (s *WalletServer) FinishLoginPB(c echo.Context) error
- func (s *WalletServer) FinishRegistrationPB(c echo.Context) error
- func (s *WalletServer) IssuerHome(c echo.Context) error
- func (s *WalletServer) SignToken(c echo.Context) error
- type WebAuthnHandler
- func (s *WebAuthnHandler) AddRoutes(f *Server)
- func (s *WebAuthnHandler) BeginLogin(c *fiber.Ctx) error
- func (s *WebAuthnHandler) BeginRegistration(c *fiber.Ctx) error
- func (s *WebAuthnHandler) FinishLogin(c *fiber.Ctx) error
- func (s *WebAuthnHandler) FinishRegistration(c *fiber.Ctx) error
- func (s *WebAuthnHandler) ListCredentials(c *fiber.Ctx) error
- func (s *WebAuthnHandler) Logoff(c *fiber.Ctx) error
Constants ¶
const ( StatePending = 0 StateRegistering = 1 StateAuthenticating = 2 StateCompleted = 3 StateDenied = 4 StateExpirationDuration = 200 * time.Second )
const ChallengeLength = 32
ChallengeLength - Length of bytes to generate for a challenge
const DefaultEncryptionKeyLength = 32
DefaultEncryptionKeyLength is the length of the generated encryption keys used for session management.
const WebauthnSession = "webauthn-session"
WebauthnSession is the name of the session cookie used to manage session- related information.
Variables ¶
var ( ErrNoStateReceived = errors.New("no state received") ErrInvalidStateReceived = errors.New("invalid state received") ErrNoCredentialFoundInState = errors.New("no credential found in state") ErrBadCredentialFormat = errors.New("credential received not in JSON format") )
var ErrInsufficientBytesRead = errors.New("insufficient bytes read")
ErrInsufficientBytesRead is returned in the rare case that an unexpected number of bytes are returned from the crypto/rand reader when creating session cookie encryption keys.
var ErrMarshal = errors.New("error unmarshaling data")
ErrMarshal is returned if unexpected data is present in a webauthn session.
Functions ¶
func GenerateSecureKey ¶
GenerateSecureKey reads and returns n bytes from the crypto/rand reader
func ParseCredentialCreationResponse ¶
func ParseCredentialCreationResponse(ccr protocol.CredentialCreationResponse) (*protocol.ParsedCredentialCreationData, error)
func ParseCredentialRequestResponse ¶
func ParseCredentialRequestResponse(car protocol.CredentialAssertionResponse) (*protocol.ParsedCredentialAssertionData, error)
Parse the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete. This takes an io.Reader that contains the assertion response data in a raw, mostly base64 encoded format, and parses the data into manageable structures
func StatusToString ¶
Types ¶
type Challenge ¶
type Challenge protocol.URLEncodedBase64
Challenge that should be signed and returned by the authenticator
func CreateChallenge ¶
Create a new challenge to be sent to the authenticator. The spec recommends using at least 16 bytes with 100 bits of entropy. We use 32 bytes.
type LoginResponse ¶
type LoginResponse struct { Response protocol.CredentialAssertionResponse `json:"response"` Session string `json:"session"` }
type RegistrationResponse ¶
type RegistrationResponse struct { Response protocol.CredentialCreationResponse `json:"response"` Session string `json:"session"` }
type Server ¶
Server is the struct holding the state of the server
func (*Server) HandleHome ¶
func (*Server) HandleStop ¶
func (*Server) HandleWalletProviderHome ¶
HandleWalletProviderHome displays a QR code to be scanned and obtain the wallet
type SessionStore ¶
type SessionStore struct {
*sessions.CookieStore
}
SessionStore is a wrapper around sessions.CookieStore which provides some helper methods related to webauthn operations.
func NewSessionStore ¶
func NewSessionStore(keyPairs ...[]byte) (*SessionStore, error)
NewSessionStore returns a new session store.
func (*SessionStore) GetWebauthnSession ¶
func (store *SessionStore) GetWebauthnSession(key string, r *http.Request) (webauthn.SessionData, error)
GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie.
func (*SessionStore) SaveWebauthnSession ¶
func (store *SessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData, r *http.Request, w http.ResponseWriter) ([]byte, error)
SaveWebauthnSession marhsals and saves the webauthn data to the provided key given the request and responsewriter
func (*SessionStore) Set ¶
func (store *SessionStore) Set(key string, value interface{}, r *http.Request, w http.ResponseWriter) error
Set stores a value to the session with the provided key.
type SignTokenRequest ¶
type State ¶
type State struct {
// contains filtered or unexported fields
}
func NewStateFromBytes ¶
func (*State) SetContent ¶
type User ¶
type User interface { // User ID according to the Relying Party WebAuthnID() []byte // User Name according to the Relying Party WebAuthnName() string // Display Name of the user WebAuthnDisplayName() string // User's icon url WebAuthnIcon() string // Credentials owned by the user WebAuthnCredentials() []webauthn.Credential }
User is built to interface with the Relying Party's User entry and elaborate the fields and methods needed for WebAuthn
type WalletServer ¶
type WalletServer struct {
// contains filtered or unexported fields
}
func NewWebAuthnHandlerPB ¶
func NewWebAuthnHandlerPB(app *pocketbase.PocketBase, cfg *yaml.YAML) *WalletServer
func (*WalletServer) AddRoutesPB ¶
func (s *WalletServer) AddRoutesPB(app *pocketbase.PocketBase)
func (*WalletServer) BeginLoginPB ¶
func (s *WalletServer) BeginLoginPB(c echo.Context) error
BeginLogin returns to the client app the structure needed by the client to request the Authenticator to create an assertion, using a previously created private key. The Authenticator will sign our challenge (and other items) with its private key, and the client will invoke the FinishLoging API, where we will be able to check the signature with the public key that we stored in a previous registration phase.
func (*WalletServer) BeginRegistrationPB ¶
func (s *WalletServer) BeginRegistrationPB(c echo.Context) error
BeginRegistration is called from the wallet to start registering a new authenticator device in the server
func (*WalletServer) CreateNaturalPerson ¶
func (s *WalletServer) CreateNaturalPerson(c echo.Context) error
func (*WalletServer) FinishLoginPB ¶
func (s *WalletServer) FinishLoginPB(c echo.Context) error
func (*WalletServer) FinishRegistrationPB ¶
func (s *WalletServer) FinishRegistrationPB(c echo.Context) error
func (*WalletServer) IssuerHome ¶
func (s *WalletServer) IssuerHome(c echo.Context) error
func (*WalletServer) SignToken ¶
func (s *WalletServer) SignToken(c echo.Context) error
type WebAuthnHandler ¶
type WebAuthnHandler struct { WebAuthn *webauthn.WebAuthn // contains filtered or unexported fields }
func NewWebAuthnHandler ¶
func (*WebAuthnHandler) AddRoutes ¶
func (s *WebAuthnHandler) AddRoutes(f *Server)
func (*WebAuthnHandler) BeginLogin ¶
func (s *WebAuthnHandler) BeginLogin(c *fiber.Ctx) error
BeginLogin returns to the client app the structure needed by the client to request the Authenticator to create an assertion, using a previously created private key. The Authenticator will sign our challenge (and other items) with its private key, and the client will invoke the FinishLoging API, where we will be able to check the signature with the public key that we stored in a previous registration phase.
func (*WebAuthnHandler) BeginRegistration ¶
func (s *WebAuthnHandler) BeginRegistration(c *fiber.Ctx) error
BeginRegistration is called from the wallet to start registering a new authenticator device in the server
func (*WebAuthnHandler) FinishLogin ¶
func (s *WebAuthnHandler) FinishLogin(c *fiber.Ctx) error
func (*WebAuthnHandler) FinishRegistration ¶
func (s *WebAuthnHandler) FinishRegistration(c *fiber.Ctx) error
func (*WebAuthnHandler) ListCredentials ¶
func (s *WebAuthnHandler) ListCredentials(c *fiber.Ctx) error
func (*WebAuthnHandler) Logoff ¶
func (s *WebAuthnHandler) Logoff(c *fiber.Ctx) error