Skip to content

Instantly share code, notes, and snippets.

@dwaite
Created November 17, 2021 19:26
Show Gist options
  • Save dwaite/6afb1856e092e02ae6ada85f3ff1655d to your computer and use it in GitHub Desktop.
Save dwaite/6afb1856e092e02ae6ada85f3ff1655d to your computer and use it in GitHub Desktop.
; WebAuthn create()
PublicKeyCredentialCreationRequest = {
publicKey: {
rp: PublicKeyCredentialRpEntity,
user: PublicKeyCredentialUserEntity,
challenge: bstr,
pubKeyCredParams: [* PublicKeyCredentialParameters],
? timeout: int,
? excludeCredentials: [* PublicKeyCredentialDescriptor] .default [],
? authenticatorSelection : AuthenticatorSelectionCriteria,
? attestation: AttestationConveyancePreference .default "none",
? extensions: AuthenticationExtensionsClientInput,
* tstr => any
}
}
PublicKeyCredentialEntity = ( name: tstr )
PublicKeyCredentialRpEntity = {
PublicKeyCredentialEntity,
id: tstr,
* tstr => any
}
PublicKeyCredentialUserEntity = {
PublicKeyCredentialEntity,
id: bstr,
displayName: tstr,
* tstr => any
};
PublicKeyCredentialParameters = {
type: "public-key",
alg: COSEAlgorithmIdentifier,
* tstr => any
};
COSEAlgorithmIdentifier = int
PublicKeyCredentialDescriptor = {
type: "public-key",
id: bstr,
? transports: [* AuthenticatorTransport]
};
AuthenticatorTransport =
"usb" / "nfc" / "ble" / "internal" / tstr
AuthenticatorSelectionCriteria = {
? authenticatorAttachment: AuthenticatorAttachment,
? residentKey: ResidentKeyRequirement,
? requireResidentKey: bool .default false,
? userVerification: UserVerificationRequirement .default "preferred",
* tstr => any
};
AuthenticatorAttachment = "platform" / "cross-platform" / tstr
ResidentKeyRequirement = "discouraged" / "preferred" / "required" / tstr
UserVerificationRequirement = "required" / "preferred" / "discouraged" / tstr
AttestationConveyancePreference = "none" / "indirect" / "direct" / "enterprise" / tstr
; WebAuthn get()
PublicKeyCredentialRequest = {
publicKey: {
CredentialRequestOptions,
challenge: bstr,
? timeout: int,
? rpId: tstr,
? allowCredentials: [* PublicKeyCredentialDescriptor] .default [],
? userVerification: UserVerificationRequirement .default "preferred",
? extensions: AuthenticationExtensionsClientInputs,
* tstr => any
}
}
CredentialRequestOptions = (
? mediation: CredentialMediationRequirement .default "optional"
)
CredentialMediationRequirement =
"silent" / "optional" / "required" / tstr
; WebAuthn create() response
PublicKeyCredentialResponse = (
type: "public-key",
? rawId: bstr,
? clientExtensionResults: AuthenticationExtensionsClientOutputs,
)
PublicKeyCredentialCreationResponse = {
PublicKeyCredentialResponse,
response: AuthenticatorAttestationResponse,
authenticatorAttachment: AuthenticatorAttachment,
}
AuthenticatorResponse = (
clientDataJSON: bstr
)
AuthenticatorAttestationResponse = {
attestationObject: bstr,
transports: [* AuthenticatorTransport],
authenticatorData: bstr,
AuthenticatorResponse
}
PublicKeyCredentialAssertionResponse = {
PublicKeyCredentialResponse,
response: AuthenticatorAssertionResponse,
authenticatorAttachment: AuthenticatorAttachment,
}
AuthenticatorAssertionResponse = {
authenticatorData: bstr,
signature: bstr,
? userHandle: bstr,
AuthenticatorResponse
};
CollectedClientData = {
type: "public-key",
challenge: tstr,
origin: tstr,
? crossOrigin: bool,
? tokenBinding: TokenBinding
}
TokenBinding = {
status: TokenBindingStatus,
? id: tstr
}
TokenBindingStatus = "present" / "supported" / tstr
;partial dictionary
AuthenticationExtensionsClientInputs = {
? appId: tstr,
? appidExclude: tstr,
? uvm: bool,
? credProps: bool,
? largeBlob: AuthenticationExtensionsLargeBlobInputs,
* tstr => any
}
; partial dictionary
AuthenticationExtensionsClientOutputs = {
? appid: bool,
? appidExclude: bool,
? uvm: UvmEntries,
? credProps: CredentialPropertiesOutput,
? largeBlob: AuthenticationExtensionsLargeBlobOutputs,
* tstr => any
}
UvmEntry = [* uint]
UvmEntries = [* UvmEntry]
CredentialPropertiesOutput = {
rk: bool;
}
LargeBlobSupport = "required" / "preferred" / tstr
AuthenticationExtensionsLargeBlobInputs = {
support: LargeBlobSupport,
read: bool,
write: bstr
}
AuthenticationExtensionsLargeBlobOutputs = {
supported: bool,
blob: bstr,
written: bool
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment