Documentation
¶
Index ¶
- Variables
- func AttemptDeleteNonInteractive(credentialID string) error
- func AttemptLogin(origin, user string, assertion *wantypes.CredentialAssertion, ...) (*wantypes.CredentialAssertionResponse, string, error)
- func DeleteCredential(credentialID string) error
- func HasCredentials(rpid, user string) bool
- func IsAvailable() bool
- func Login(origin, user string, assertion *wantypes.CredentialAssertion, ...) (*wantypes.CredentialAssertionResponse, string, error)
- type AuthContext
- type CredentialInfo
- type CredentialPicker
- type DiagResult
- type ErrAttemptFailed
- type Registration
- type UserInfo
Constants ¶
This section is empty.
Variables ¶
var ( ErrCredentialNotFound = errors.New("credential not found") ErrNotAvailable = errors.New("touch ID not available") // PromptPlatformMessage is the message shown before Touch ID prompts. PromptPlatformMessage = "Using platform authenticator, follow the OS prompt" // PromptWriter is the writer used for prompt messages. PromptWriter io.Writer = os.Stderr )
Functions ¶
func AttemptDeleteNonInteractive ¶
AttemptDeleteNonInteractive attempts to delete a Secure Enclave credential. Does not require user interaction.
func AttemptLogin ¶
func AttemptLogin(origin, user string, assertion *wantypes.CredentialAssertion, picker CredentialPicker) (*wantypes.CredentialAssertionResponse, string, error)
AttemptLogin attempts a touch ID login. It returns ErrAttemptFailed if the attempt failed before user interaction. See Login.
func DeleteCredential ¶
DeleteCredential deletes a Secure Enclave credential. Requires user interaction.
func HasCredentials ¶
HasCredentials checks if there are any credentials registered for given user. If user is empty it checks if there are credentials registered for any user. It does not require user interactions.
func IsAvailable ¶
func IsAvailable() bool
IsAvailable returns true if Touch ID is available in the system. Typically, a series of checks is performed in an attempt to avoid false positives. See Diag.
func Login ¶
func Login(origin, user string, assertion *wantypes.CredentialAssertion, picker CredentialPicker) (*wantypes.CredentialAssertionResponse, string, error)
Login authenticates using a Secure Enclave-backed biometric credential. It returns the assertion response and the user that owns the credential to sign it.
Types ¶
type AuthContext ¶
type AuthContext interface {
// Guard guards the invocation of fn behind an authentication check.
Guard(fn func()) error
// Close closes the context, releasing any held resources.
Close()
}
AuthContext is an optional, shared authentication context. Allows reusing a single authentication prompt/gesture between different functions, provided the functions are invoked in a short time interval. Only used by native touchid implementations.
type CredentialInfo ¶
type CredentialInfo struct {
CredentialID string
RPID string
User UserInfo
PublicKey *ecdsa.PublicKey
CreateTime time.Time
// contains filtered or unexported fields
}
CredentialInfo holds information about a Secure Enclave credential.
func ListCredentials ¶
func ListCredentials() ([]CredentialInfo, error)
ListCredentials lists all registered Secure Enclave credentials. Requires user interaction.
type CredentialPicker ¶
type CredentialPicker interface {
// PromptCredential prompts the user to pick a credential from the list.
// Prompts only happen if there is more than one credential to choose from.
// Must return one of the pointers from the slice or an error.
PromptCredential(creds []*CredentialInfo) (*CredentialInfo, error)
}
CredentialPicker allows users to choose a credential for login.
type DiagResult ¶
type DiagResult struct {
HasCompileSupport bool
HasSignature bool
HasEntitlements bool
PassedLAPolicyTest bool
PassedSecureEnclaveTest bool
// IsAvailable is true if Touch ID is considered functional.
// It means enough of the preceding tests to enable the feature.
IsAvailable bool
// contains filtered or unexported fields
}
DiagResult is the result from a Touch ID self diagnostics check.
func Diag ¶
func Diag() (*DiagResult, error)
Diag returns diagnostics information about Touch ID support.
func (*DiagResult) IsClamshellFailure ¶
func (d *DiagResult) IsClamshellFailure() bool
IsClamshellFailure returns true if the lack of touch ID availability could be due to clamshell mode.
type ErrAttemptFailed ¶
type ErrAttemptFailed struct {
// Err is the underlying failure for the attempt.
Err error
}
ErrAttemptFailed is returned by AttemptLogin and AttemptDeleteNonInteractive for attempts that failed before user interaction.
func (*ErrAttemptFailed) As ¶
func (e *ErrAttemptFailed) As(target interface{}) bool
func (*ErrAttemptFailed) Error ¶
func (e *ErrAttemptFailed) Error() string
func (*ErrAttemptFailed) Is ¶
func (e *ErrAttemptFailed) Is(target error) bool
func (*ErrAttemptFailed) Unwrap ¶
func (e *ErrAttemptFailed) Unwrap() error
type Registration ¶
type Registration struct {
CCR *wantypes.CredentialCreationResponse
// contains filtered or unexported fields
}
Registration represents an ongoing registration, with an already-created Secure Enclave key. The created key may be used as-is, but callers are encouraged to explicitly Confirm or Rollback the registration. Rollback assumes the server-side registration failed and removes the created Secure Enclave key. Confirm may replace equivalent keys with the new key, at the implementation's discretion.
func Register ¶
func Register(origin string, cc *wantypes.CredentialCreation) (*Registration, error)
Register creates a new Secure Enclave-backed biometric credential. Callers are encouraged to either explicitly Confirm or Rollback the returned registration. See Registration.
func (*Registration) Confirm ¶
func (r *Registration) Confirm() error
Confirm confirms the registration. Keys equivalent to the current registration may be replaced by it, at the implementation's discretion.
func (*Registration) Rollback ¶
func (r *Registration) Rollback() error
Rollback rolls back the registration, deleting the Secure Enclave key as a result.
Source Files