Skip to content

Commit

Permalink
pr fixes and added decode method
Browse files Browse the repository at this point in the history
  • Loading branch information
@niftyvictor
niftyvictor committed Oct 21, 2024
1 parent 64a4a6b commit 3186aa5
Showing 1 changed file with 123 additions and 7 deletions.
130 changes: 123 additions & 7 deletions lib/ts/recipe/webauthn/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ export type TypeInputGetOrigin = (input: {
type RegisterCredentialErrorResponse =
| { status: "WRONG_CREDENTIALS_ERROR" }
// when the attestation is checked and is not valid or other cases in whcih the authenticator is not correct
| { status: "INVALID_AUTHENTICATOR_ERROR" };
| { status: "INVALID_AUTHENTICATOR_ERROR"; reason: string };

type VerifyCredentialsErrorResponse =
| { status: "WRONG_CREDENTIALS_ERROR" }
Expand All @@ -113,6 +113,10 @@ type ConsumeRecoverAccountTokenErrorResponse =

type RemoveCredentialErrorResponse = { status: "CREDENTIAL_NOT_FOUND_ERROR" };

type DecodeCredentialErrorResponse = { status: "WRONG_CREDENTIALS_ERROR" };

type Base64URLString = string;

export type RecipeInterface = {
// should have a way to access the user email: passed as a param, through session, or using recoverAccountToken
// it should have at least one of those 3 options
Expand All @@ -139,9 +143,6 @@ export type RecipeInterface = {
| {
email: string;
}
| {
session: SessionContainerInterface;
}
)
): Promise<
| {
Expand Down Expand Up @@ -301,6 +302,78 @@ export type RecipeInterface = {
| ConsumeRecoverAccountTokenErrorResponse
>;

decodeCredential(input: {
credential: {
id: string;
rawId: string;
response: {
clientDataJSON: string;
attestationObject: string;
transports?: ("ble" | "cable" | "hybrid" | "internal" | "nfc" | "smart-card" | "usb")[];
userHandle: string;
};
authenticatorAttachment: "platform" | "cross-platform";
clientExtensionResults: Record<string, unknown>;
type: "public-key";
};
}): Promise<
| {
status: "OK";
credential: {
id: string;
rawId: string;
response: {
clientDataJSON: {
type: string;
challenge: string;
origin: string;
crossOrigin?: boolean;
tokenBinding?: {
id?: string;
status: "present" | "supported" | "not-supported";
};
};
attestationObject: {
fmt: "packed" | "tpm" | "android-key" | "android-safetynet" | "fido-u2f" | "none";
authData: {
rpIdHash: string;
flags: {
up: boolean;
uv: boolean;
be: boolean;
bs: boolean;
at: boolean;
ed: boolean;
flagsInt: number;
};
counter: number;
aaguid?: string;
credentialID?: string;
credentialPublicKey?: string;
extensionsData?: unknown;
};
attStmt: {
sig?: Base64URLString;
x5c?: Base64URLString[];
response?: Base64URLString;
alg?: number;
ver?: string;
certInfo?: Base64URLString;
pubArea?: Base64URLString;
size: number;
};
};
transports?: ("ble" | "cable" | "hybrid" | "internal" | "nfc" | "smart-card" | "usb")[];
userHandle: string;
};
authenticatorAttachment: "platform" | "cross-platform";
clientExtensionResults: Record<string, unknown>;
type: string;
};
}
| DecodeCredentialErrorResponse
>;

// used internally for creating a credential during account recovery flow or when adding a credential to an existing user
// email will be taken from the options
// no need for recoverAccountToken, as that will be used upstream
Expand All @@ -322,11 +395,10 @@ export type RecipeInterface = {
};
tenantId: string;
userContext: UserContext;
recipeUserId: RecipeUserId;
}): Promise<
| {
status: "OK";
user: User;
recipeUserId: RecipeUserId;
}
| RegisterCredentialErrorResponse
>;
Expand Down Expand Up @@ -391,6 +463,7 @@ export type RecipeInterface = {
// credentials CRUD
removeCredential(input: {
webauthnCredentialId: string;
recipeUserId: RecipeUserId;
userContext: UserContext;
}): Promise<
| {
Expand All @@ -399,7 +472,24 @@ export type RecipeInterface = {
| RemoveCredentialErrorResponse
>;

getCredential(input: {
webauthnCredentialId: string;
recipeUserId: RecipeUserId;
userContext: UserContext;
}): Promise<
| {
status: "OK";
credential: {
id: string;
rp_id: string;
created_at: number;
};
}
| RemoveCredentialErrorResponse
>;

listCredentials(input: {
recipeUserId: RecipeUserId;
userContext: UserContext;
}): Promise<{
status: "OK";
Expand Down Expand Up @@ -473,6 +563,11 @@ type ListCredentialsPOSTErrorResponse = {
reason: string;
};

type GetCredentialGETErrorResponse = {
status: "GET_CREDENTIAL_NOT_ALLOWED";
reason: string;
};

export type APIInterface = {
registerOptionsPOST:
| undefined
Expand Down Expand Up @@ -707,7 +802,7 @@ export type APIInterface = {
| GeneralErrorResponse
>);

listCredentialsPOST:
listCredentialsGET:
| undefined
| ((input: {
tenantId: string;
Expand All @@ -726,6 +821,27 @@ export type APIInterface = {
| ListCredentialsPOSTErrorResponse
| GeneralErrorResponse
>);

getCredentialGET:
| undefined
| ((input: {
webauthnCredentialId: string;
tenantId: string;
session: SessionContainerInterface;
options: APIOptions;
userContext: UserContext;
}) => Promise<
| {
status: "OK";
credential: {
id: string;
rp_id: string;
created_at: number;
};
}
| GetCredentialGETErrorResponse
| GeneralErrorResponse
>);
};

export type TypeWebauthnRecoverAccountEmailDeliveryInput = {
Expand Down

0 comments on commit 3186aa5

Please sign in to comment.