webauthntypes

package

v0.0.0-...-5c79d48 Latest Latest Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juser0719/teleport

Documentation ¶

Overview ¶

Package webauthntypes provides WebAuthn types and conversions for both client-side and server-side implementations.

Many of the types found in the package are replicas of go-webauthn/webauthn types, "frozen" as to avoid changes in their JSON representation.

Index ¶

Constants
func CredentialAssertionResponseToProto(car *CredentialAssertionResponse) *wanpb.CredentialAssertionResponse
func CredentialAssertionToProto(assertion *CredentialAssertion) *wanpb.CredentialAssertion
func CredentialCreationResponseToProto(ccr *CredentialCreationResponse) *wanpb.CredentialCreationResponse
func CredentialCreationToProto(cc *CredentialCreation) *wanpb.CredentialCreation
func SessionDataToProtocol(sd *SessionData) *webauthn.SessionData
type AuthenticationExtensions
type AuthenticationExtensionsClientOutputs
type AuthenticatorAssertionResponse
type AuthenticatorAttestationResponse
type AuthenticatorResponse
type AuthenticatorSelection
type Challenge
- func CreateChallenge() (Challenge, error)
- func (c Challenge) String() string
type Credential
type CredentialAssertion
- func CredentialAssertionFromProto(assertion *wanpb.CredentialAssertion) *CredentialAssertion
- func CredentialAssertionFromProtocol(a *protocol.CredentialAssertion) *CredentialAssertion
- func (ca *CredentialAssertion) Validate() error
type CredentialAssertionResponse
- func CredentialAssertionResponseFromProto(car *wanpb.CredentialAssertionResponse) *CredentialAssertionResponse
type CredentialCreation
- func CredentialCreationFromProto(cc *wanpb.CredentialCreation) *CredentialCreation
- func CredentialCreationFromProtocol(cc *protocol.CredentialCreation) *CredentialCreation
- func (cc *CredentialCreation) RequireResidentKey() (bool, error)
- func (cc *CredentialCreation) Validate() error
type CredentialCreationResponse
- func CredentialCreationResponseFromProto(ccr *wanpb.CredentialCreationResponse) *CredentialCreationResponse
type CredentialDescriptor
type CredentialEntity
type CredentialParameter
type PublicKeyCredential
type PublicKeyCredentialCreationOptions
type PublicKeyCredentialRequestOptions
- func (a *PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs() [][]byte
type RelyingPartyEntity
type SessionData
- func SessionDataFromProtocol(sd *webauthn.SessionData) (*SessionData, error)
type UserEntity

Constants ¶

View Source

const AppIDExtension = "appid"

AppIDExtension is the key for the appid extension. https://www.w3.org/TR/webauthn-2/#sctn-appid-extension.

Variables ¶

This section is empty.

Functions ¶

func CredentialAssertionResponseToProto ¶

func CredentialAssertionResponseToProto(car *CredentialAssertionResponse) *wanpb.CredentialAssertionResponse

CredentialAssertionResponseToProto converts a CredentialAssertionResponse to its proto counterpart.

func CredentialAssertionToProto ¶

func CredentialAssertionToProto(assertion *CredentialAssertion) *wanpb.CredentialAssertion

CredentialAssertionToProto converts a CredentialAssertion to its proto counterpart.

func CredentialCreationResponseToProto ¶

func CredentialCreationResponseToProto(ccr *CredentialCreationResponse) *wanpb.CredentialCreationResponse

CredentialCreationResponseToProto converts a CredentialCreationResponse to its proto counterpart.

func CredentialCreationToProto ¶

func CredentialCreationToProto(cc *CredentialCreation) *wanpb.CredentialCreation

CredentialCreationToProto converts a CredentialCreation to its proto counterpart.

func SessionDataToProtocol ¶

func SessionDataToProtocol(sd *SessionData) *webauthn.SessionData

SessionDataFromProtocol converts an internal SessionData struct to a webauthn.SessionData struct.

Types ¶

type AuthenticationExtensions ¶

type AuthenticationExtensions = protocol.AuthenticationExtensions

AuthenticationExtensions is a clone of protocol.AuthenticationExtensions, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticationExtensionsClientOutputs ¶

type AuthenticationExtensionsClientOutputs struct {
	AppID bool `json:"appid,omitempty"`
}

AuthenticationExtensionsClientOutputs is a clone of protocol.AuthenticationExtensionsClientOutputs, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorAssertionResponse ¶

type AuthenticatorAssertionResponse struct {
	AuthenticatorResponse
	AuthenticatorData protocol.URLEncodedBase64 `json:"authenticatorData"`
	Signature         protocol.URLEncodedBase64 `json:"signature"`
	UserHandle        protocol.URLEncodedBase64 `json:"userHandle,omitempty"`
}

AuthenticatorAssertionResponse is a clone of protocol.AuthenticatorAssertionResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorAttestationResponse ¶

type AuthenticatorAttestationResponse struct {
	AuthenticatorResponse
	AttestationObject protocol.URLEncodedBase64 `json:"attestationObject"`
}

AuthenticatorAttestationResponse is a clone of protocol.AuthenticatorAttestationResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorResponse ¶

type AuthenticatorResponse protocol.AuthenticatorResponse

AuthenticatorResponse is a clone of protocol.AuthenticatorResponse, materialized here to keep a stable JSON marshal/unmarshal representation.

type AuthenticatorSelection ¶

type AuthenticatorSelection struct {
	AuthenticatorAttachment protocol.AuthenticatorAttachment     `json:"authenticatorAttachment,omitempty"`
	RequireResidentKey      *bool                                `json:"requireResidentKey,omitempty"`
	ResidentKey             protocol.ResidentKeyRequirement      `json:"residentKey,omitempty"`
	UserVerification        protocol.UserVerificationRequirement `json:"userVerification,omitempty"`
}

AuthenticatorSelection is a clone of protocol.AuthenticatorSelection, materialized here to keep a stable JSON marshal/unmarshal representation.

type Challenge ¶

type Challenge []byte

Challenge represents a WebAuthn challenge. It is used instead of protocol.URLEncodedBase64 so its JSON marshal/unmarshal representation won't change in relation to older Teleport versions.

func CreateChallenge ¶

func CreateChallenge() (Challenge, error)

func (Challenge) String ¶

func (c Challenge) String() string

type Credential ¶

type Credential protocol.Credential

Credential is a clone of protocol.Credential, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialAssertion ¶

type CredentialAssertion struct {
	Response PublicKeyCredentialRequestOptions `json:"publicKey"`
}

CredentialAssertion is the payload sent to authenticators to initiate login.

func CredentialAssertionFromProto ¶

func CredentialAssertionFromProto(assertion *wanpb.CredentialAssertion) *CredentialAssertion

CredentialAssertionFromProto converts a CredentialAssertion proto to its lib counterpart.

func CredentialAssertionFromProtocol ¶

func CredentialAssertionFromProtocol(a *protocol.CredentialAssertion) *CredentialAssertion

CredentialAssertionFromProtocol converts a protocol.CredentialAssertion to a CredentialAssertion.

func (*CredentialAssertion) Validate ¶

func (ca *CredentialAssertion) Validate() error

Validate performs client-side validation of CredentialAssertion. It makes sure that data are valid and can be sent to authenticator. This is general purpose validation and authenticator should add its own on top of it, if necessary.

type CredentialAssertionResponse ¶

type CredentialAssertionResponse struct {
	PublicKeyCredential
	AssertionResponse AuthenticatorAssertionResponse `json:"response"`
}

CredentialAssertionResponse is the reply from authenticators to complete login.

func CredentialAssertionResponseFromProto ¶

func CredentialAssertionResponseFromProto(car *wanpb.CredentialAssertionResponse) *CredentialAssertionResponse

CredentialAssertionResponseFromProto converts a CredentialAssertionResponse proto to its lib counterpart.

type CredentialCreation ¶

type CredentialCreation struct {
	Response PublicKeyCredentialCreationOptions `json:"publicKey"`
}

CredentialCreation is the payload sent to authenticators to initiate registration.

func CredentialCreationFromProto ¶

func CredentialCreationFromProto(cc *wanpb.CredentialCreation) *CredentialCreation

CredentialCreationFromProto converts a CredentialCreation proto to its lib counterpart.

func CredentialCreationFromProtocol ¶

func CredentialCreationFromProtocol(cc *protocol.CredentialCreation) *CredentialCreation

CredentialCreationFromProtocol converts a protocol.CredentialCreation to a CredentialCreation.

func (*CredentialCreation) RequireResidentKey ¶

func (cc *CredentialCreation) RequireResidentKey() (bool, error)

RequireResidentKey returns information whether resident key is required or not. It checks ResidentKey and fallbacks to RequireResidentKey.

func (*CredentialCreation) Validate ¶

func (cc *CredentialCreation) Validate() error

Validate performs client-side validation of CredentialCreation. It makes sure that data are valid and can be sent to authenticator. This is general purpose validation and authenticator should add its own on top of it, if necessary.

type CredentialCreationResponse ¶

type CredentialCreationResponse struct {
	PublicKeyCredential
	AttestationResponse AuthenticatorAttestationResponse `json:"response"`
}

CredentialCreationResponse is the reply from authenticators to complete registration.

func CredentialCreationResponseFromProto ¶

func CredentialCreationResponseFromProto(ccr *wanpb.CredentialCreationResponse) *CredentialCreationResponse

CredentialCreationResponseFromProto converts a CredentialCreationResponse proto to its lib counterpart.

type CredentialDescriptor ¶

type CredentialDescriptor struct {
	Type            protocol.CredentialType           `json:"type"`
	CredentialID    []byte                            `json:"id"`
	Transport       []protocol.AuthenticatorTransport `json:"transports,omitempty"`
	AttestationType string                            `json:"-"`
}

CredentialDescriptor is a clone of protocol.CredentialDescriptor, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialEntity ¶

type CredentialEntity = protocol.CredentialEntity

CredentialEntity is a clone of protocol.CredentialEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

type CredentialParameter ¶

type CredentialParameter struct {
	Type      protocol.CredentialType              `json:"type"`
	Algorithm webauthncose.COSEAlgorithmIdentifier `json:"alg"`
}

CredentialParameter is a clone of protocol.CredentialParameter, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredential ¶

type PublicKeyCredential struct {
	Credential
	RawID      protocol.URLEncodedBase64              `json:"rawId"`
	Extensions *AuthenticationExtensionsClientOutputs `json:"extensions,omitempty"`
}

PublicKeyCredential is a clone of protocol.PublicKeyCredential, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredentialCreationOptions ¶

type PublicKeyCredentialCreationOptions struct {
	Challenge              Challenge                     `json:"challenge"`
	RelyingParty           RelyingPartyEntity            `json:"rp"`
	User                   UserEntity                    `json:"user"`
	Parameters             []CredentialParameter         `json:"pubKeyCredParams,omitempty"`
	AuthenticatorSelection AuthenticatorSelection        `json:"authenticatorSelection,omitempty"`
	Timeout                int                           `json:"timeout,omitempty"`
	CredentialExcludeList  []CredentialDescriptor        `json:"excludeCredentials,omitempty"`
	Extensions             AuthenticationExtensions      `json:"extensions,omitempty"`
	Attestation            protocol.ConveyancePreference `json:"attestation,omitempty"`
}

PublicKeyCredentialCreationOptions is a clone of protocol.PublicKeyCredentialCreationOptions, materialized here to keep a stable JSON marshal/unmarshal representation.

type PublicKeyCredentialRequestOptions ¶

type PublicKeyCredentialRequestOptions struct {
	Challenge          Challenge                            `json:"challenge"`
	Timeout            int                                  `json:"timeout,omitempty"`
	RelyingPartyID     string                               `json:"rpId,omitempty"`
	AllowedCredentials []CredentialDescriptor               `json:"allowCredentials,omitempty"`
	UserVerification   protocol.UserVerificationRequirement `json:"userVerification,omitempty"` // Default is "preferred"
	Extensions         AuthenticationExtensions             `json:"extensions,omitempty"`
}

PublicKeyCredentialRequestOptions is a clone of protocol.PublicKeyCredentialRequestOptions, materialized here to keep a stable JSON marshal/unmarshal representation.

func (*PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs ¶

func (a *PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs() [][]byte

type RelyingPartyEntity ¶

type RelyingPartyEntity struct {
	CredentialEntity
	ID string `json:"id"`
}

RelyingPartyEntity is a clone of protocol.RelyingPartyEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

type SessionData ¶

type SessionData struct {
	// Raw challenge used for the ceremony.
	Challenge []byte `json:"challenge,omitempty"`
	// Raw User ID.
	UserId []byte `json:"userId,omitempty"`
	// Raw Credential IDs of the credentials allowed for the ceremony.
	AllowCredentials [][]byte `json:"allowCredentials,omitempty"`
	// True if resident keys were required by the server / Relying Party.
	ResidentKey bool `json:"residentKey,omitempty"`
	// Requested user verification requirement, either "discouraged" or
	// "required".
	// An empty value is treated equivalently to "discouraged".
	UserVerification string `json:"userVerification,omitempty"`
	// ChallengeExtensions are Teleport extensions that apply to this webauthn session.
	ChallengeExtensions *mfav1.ChallengeExtensions `json:"challenge_extensions,omitempty"`
}

SessionData is a clone of webauthn.SessionData, materialized here to keep a stable JSON marshal/unmarshal representation and add extensions.

TODO(codingllama): Record extensions in stored session data.

func SessionDataFromProtocol ¶

func SessionDataFromProtocol(sd *webauthn.SessionData) (*SessionData, error)

SessionDataFromProtocol converts a webauthn.SessionData struct to an internal SessionData struct.

type UserEntity ¶

type UserEntity struct {
	CredentialEntity
	DisplayName string `json:"displayName,omitempty"`
	ID          []byte `json:"id"`
}

UserEntity is a clone of protocol.UserEntity, materialized here to keep a stable JSON marshal/unmarshal representation.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL