-
Notifications
You must be signed in to change notification settings - Fork 13
/
example-server.d.ts
39 lines (38 loc) · 1.47 KB
/
example-server.d.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import type { AuthenticatorDevice } from "@simplewebauthn/typescript-types";
/**
* You'll need a database to store a few things:
*
* 1. Users
*
* You'll need to be able to associate registration and authentications challenges, and
* authenticators to a specific user. See `LoggedInUser` below for an idea of the minimum amount of
* info you'll need to track for a specific user during these flows.
*
* 2. Challenges
*
* The totally-random-unique-every-time values you pass into every execution of
* `generateRegistrationOptions()` or `generateAuthenticationOptions()` MUST be stored until
* `verifyRegistrationResponse()` or `verifyAuthenticationResponse()` (respectively) is called to verify
* that the response contains the signed challenge.
*
* These values only need to be persisted for `timeout` number of milliseconds (see the `generate`
* methods and their optional `timeout` parameter)
*
* 3. Authenticator Devices
*
* After registration, you'll need to store three things about the authenticator:
*
* - Base64-encoded "Credential ID" (varchar)
* - Base64-encoded "Public Key" (varchar)
* - Counter (int)
*
* Each authenticator must also be associated to a user so that you can generate a list of
* authenticator credential IDs to pass into `generateAuthenticationOptions()`, from which one is
* expected to generate an authentication response.
*/
interface LoggedInUser {
id: string;
username: string;
devices: AuthenticatorDevice[];
currentChallenge?: string;
}