@simplewebauthn/server@13.2.2Built and signed on GitHub ActionsBuilt and signed on GitHub Actions
SimpleWebAuthn for Servers
langCode -> "en-US", "ja-JP", etc...
Values for an attestation object's fmt
Values passed to all attestation format verifiers, from which they are free to use as they please
A slightly-modified AuthenticationCredential to simplify working with ArrayBuffers that are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
Available only in secure contexts.
A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
Available only in secure contexts.
AuthenticatorAttestationResponse in TypeScript's DOM lib is outdated (up through v3.9.7). Maintain an augmented version here so we can implement additional properties as the WebAuthn spec evolves.
A slightly-modified AuthenticatorAttestationResponse to simplify working with ArrayBuffers that are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
A super class of TypeScript's AuthenticatorTransport that includes support for the latest
transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
know about it (sometime after 4.6.3)
An attempt to communicate that this isn't just any string, but a Base64URL-encoded string
An implementation of MetadataService that can download and parse BLOBs, and support on-demand
requesting and caching of individual metadata statements.
Types defined in the FIDO Metadata Statement spec
The two types of credentials as defined by bit 3 ("Backup Eligibility") in authenticator data:
Basic cryptography features available in the current context. It allows access to a cryptographically strong random number generator and to cryptographic primitives.
Prepare a value to pass into navigator.credentials.get(...) for authenticator authentication
Prepare a value to pass into navigator.credentials.create(...) for authenticator registration
- aaguid
- aaid
- alternativeDescriptions
- attachmentHint
- attestationCertificateKeyIdentifiers
- attestationRootCertificates
- attestationTypes
- authenticationAlgorithms
- authenticatorGetInfo
- authenticatorVersion
- cryptoStrength
- description
- ecdaaTrustAnchors
- icon
- isFreshUserVerificationRequired
- isKeyRestricted
- keyProtection
- legalHeader
- matcherProtection
- protocolFamily
- publicKeyAlgAndEncodings
- schema
- supportedExtensions
- tcDisplay
- tcDisplayContentType
- tcDisplayPNGCharacteristics
- upv
- userVerificationDetails
Available only in secure contexts.
A variant of PublicKeyCredentialCreationOptions suitable for JSON transmission to the browser to (eventually) get passed into navigator.credentials.create(...) in the browser.
A super class of TypeScript's PublicKeyCredentialDescriptor that knows about the latest
transports. Should eventually be replaced by TypeScript's when TypeScript gets updated to
know about it (sometime after 4.6.3)
A super class of TypeScript's PublicKeyCredential that knows about upcoming WebAuthn features
Categories of authenticators that Relying Parties can pass along to browsers during registration. Browsers that understand these values can optimize their modal experience to start the user off in a particular registration flow:
A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission to the browser to (eventually) get passed into navigator.credentials.get(...) in the browser.
A slightly-modified RegistrationCredential to simplify working with ArrayBuffers that are Base64URL-encoded in the browser so that they can be sent as JSON to the server.
Supported crypto algo identifiers See https://w3c.github.io/webauthn/#sctn-alg-identifier and https://www.iana.org/assignments/cose/cose.xhtml#algorithms
Equivalent to Uint8Array before TypeScript 5.7, and Uint8Array<ArrayBuffer> in TypeScript 5.7
and beyond.
Allow MetadataService to accommodate unregistered AAGUIDs ("permissive"), or only allow
registered AAGUIDs ("strict"). Currently primarily impacts how getStatement() operates
Result of registration verification
Verify that the user has legitimately completed the authentication process
Configurable options when calling verifyAuthenticationResponse()
Verify that the user has legitimately completed the registration process
Configurable options when calling verifyRegistrationResponse()
Public key credential information needed to verify authentication responses
AttestationStatement will be an instance of Map, but these keys help make finite the list of
possible values within it.
Convert the aaguid buffer in authData into a UUID string
Convert buffer to an OpenSSL-compatible PEM text format.
Takes COSE-encoded public key and converts it to PKCS key
COSE Algorithms
COSE Curves
COSE Keys
COSE Key Types
Values specific to Elliptic Curve Cryptography public keys
Values specific to Octet Key Pair public keys
Values specific to RSA public keys
A type guard for determining if a COSE public key is an EC2 key pair
A type guard for determining if a COSE public key is an OKP key pair
A type guard for determining if a COSE public key is an RSA key pair
Convert an AttestationObject buffer to a proper object
Decode an authenticator's base64url-encoded clientDataJSON to JSON
Generate a suitably random value to be used as an attestation or assertion challenge
Generate a suitably random value to be used as user ID
Extract PEM certificate info
A method to pull a CRL from a certificate and compare its serial number to the list of revoked certificate serial numbers within the CRL.
A runtime-agnostic collection of methods for working with Base64URL encoding
Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various credential response ArrayBuffers to string for sending back to the server as JSON.
Encode a UTF-8 string to base64url
Confirm that the string is encoded into base64
Confirm that the string is encoded into base64url, with support for optional padding
Convert a base64url string into base64
Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or excludeCredentials.
Decode a base64url string into its original UTF-8 string
Remove optional padding from a base64url-encoded string
A runtime-agnostic collection of methods for working with CBOR encoding
Decode and return the first item in a sequence of CBOR-encoded values
Encode data to CBOR
A runtime-agnostic collection of methods for working with the WebCrypto API
Make sure two Uint8Arrays are deeply equivalent
Combine multiple Uint8Arrays into a single Uint8Array
Convert an ASCII string to Uint8Array
Convert a hexadecimal string to isoUint8Array.
Convert a UTF-8 string back into bytes
Prepare a DataView we can slice our way around in as we parse the bytes in a Uint8Array
Convert a Uint8Array to Hexadecimal.
Convert bytes into a UTF-8 string
Make sense of the authData buffer contained in an Attestation
Returns hash digest of the given data, using the given algorithm when provided. Defaults to using SHA-256.
Traverse an array of PEM certificates and ensure they form a proper chain
Verify an authenticator's signature