RubyGems - better_auth-passkey - Versions diffs - 0.1.0 - Mend

better_auth-passkey 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +5 -0
data/README.md +27 -0
data/lib/better_auth/passkey/version.rb +7 -0
data/lib/better_auth/passkey.rb +10 -0
data/lib/better_auth/plugins/passkey.rb +487 -0
metadata +160 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a9d897b27289670fa9776d35b6f8d7e24232626b3079feaa9df4989bf1778d41
+  data.tar.gz: 42ca8da646e0db4a2c4ce0c7380a6bd657385470beddfa0a3e45f4d33179f578
+SHA512:
+  metadata.gz: 653ff4209165b99511fda3f9bf433069b3ffd85915f88a014913ae9671e18abfcec1fd283a72d2014db6b9baca97441fb99ca658cb3f36b4548bb8294d22a201
+  data.tar.gz: 11af45bc047d37897caa689ef15d5dda7bd794b17c6c6a607c00e6d3b475a5f9907af6c941a7f4bb07ec5b6503587d8c1c3285dcdcc1071853f55167f248d21f

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Changelog
+## [Unreleased]
+- Initial external passkey package extracted from `better_auth`.

data/README.md ADDED Viewed

@@ -0,0 +1,27 @@
+# better_auth-passkey
+Passkey/WebAuthn plugin package for Better Auth Ruby.
+## Installation
+Add the gem and require the package before configuring the plugin:
+```ruby
+gem "better_auth-passkey"
+```
+```ruby
+require "better_auth/passkey"
+auth = BetterAuth.auth(
+  secret: ENV.fetch("BETTER_AUTH_SECRET"),
+  database: :memory,
+  plugins: [
+    BetterAuth::Plugins.passkey
+  ]
+)
+```
+## Notes
+This package depends on the maintained `webauthn` gem. Keeping passkeys outside `better_auth` avoids installing WebAuthn dependencies for applications that do not use passkeys.

data/lib/better_auth/passkey/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Passkey
+    VERSION = "0.1.0"
+  end
+end

data/lib/better_auth/passkey.rb ADDED Viewed

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+require "better_auth"
+require_relative "passkey/version"
+require_relative "plugins/passkey"
+module BetterAuth
+  module Passkey
+  end
+end

data/lib/better_auth/plugins/passkey.rb ADDED Viewed

@@ -0,0 +1,487 @@
+# frozen_string_literal: true
+require "base64"
+require "json"
+require "uri"
+require "webauthn"
+module BetterAuth
+  module Plugins
+    singleton_class.remove_method(:passkey) if singleton_class.method_defined?(:passkey)
+    remove_method(:passkey) if method_defined?(:passkey) || private_method_defined?(:passkey)
+    module_function
+    PASSKEY_ERROR_CODES = {
+      "CHALLENGE_NOT_FOUND" => "Challenge not found",
+      "YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY" => "You are not allowed to register this passkey",
+      "FAILED_TO_VERIFY_REGISTRATION" => "Failed to verify registration",
+      "PASSKEY_NOT_FOUND" => "Passkey not found",
+      "AUTHENTICATION_FAILED" => "Authentication failed",
+      "UNABLE_TO_CREATE_SESSION" => "Unable to create session",
+      "FAILED_TO_UPDATE_PASSKEY" => "Failed to update passkey",
+      "PREVIOUSLY_REGISTERED" => "Previously registered",
+      "REGISTRATION_CANCELLED" => "Registration cancelled",
+      "AUTH_CANCELLED" => "Auth cancelled",
+      "UNKNOWN_ERROR" => "Unknown error",
+      "SESSION_REQUIRED" => "Passkey registration requires an authenticated session",
+      "RESOLVE_USER_REQUIRED" => "Passkey registration requires either an authenticated session or a resolveUser callback when requireSession is false",
+      "RESOLVED_USER_INVALID" => "Resolved user is invalid"
+    }.freeze
+    PASSKEY_CHALLENGE_MAX_AGE = 60 * 5
+    def passkey(options = {})
+      config = {
+        origin: nil,
+        advanced: {
+          web_authn_challenge_cookie: "better-auth-passkey"
+        }
+      }.merge(normalize_hash(options))
+      config[:advanced] = {
+        web_authn_challenge_cookie: "better-auth-passkey"
+      }.merge(config[:advanced] || {})
+      Plugin.new(
+        id: "passkey",
+        schema: passkey_schema(config[:schema]),
+        endpoints: {
+          generate_passkey_registration_options: generate_passkey_registration_options_endpoint(config),
+          generate_passkey_authentication_options: generate_passkey_authentication_options_endpoint(config),
+          verify_passkey_registration: verify_passkey_registration_endpoint(config),
+          verify_passkey_authentication: verify_passkey_authentication_endpoint(config),
+          list_passkeys: list_passkeys_endpoint,
+          delete_passkey: delete_passkey_endpoint,
+          update_passkey: update_passkey_endpoint
+        },
+        error_codes: PASSKEY_ERROR_CODES,
+        options: config
+      )
+    end
+    def generate_passkey_registration_options_endpoint(config)
+      Endpoint.new(path: "/passkey/generate-register-options", method: "GET") do |ctx|
+        query = normalize_hash(ctx.query)
+        user = passkey_resolve_registration_user(config, ctx, query)
+        passkey_configure_webauthn(config, ctx)
+        existing = ctx.context.adapter.find_many(model: "passkey", where: [{field: "userId", value: user.fetch("id")}])
+        options = WebAuthn::Credential.options_for_create(
+          user: {
+            id: Crypto.random_string(32).downcase,
+            name: query[:name].to_s.empty? ? (user["email"] || user["name"] || user["id"]) : query[:name].to_s,
+            display_name: user["displayName"] || user["display_name"] || user["email"] || user["name"] || user["id"]
+          },
+          exclude: existing.map { |passkey| passkey_credential_id(passkey) },
+          authenticator_selection: passkey_authenticator_selection(config, query),
+          extensions: passkey_resolve_extensions(config.dig(:registration, :extensions), ctx)
+        )
+        passkey_store_challenge(ctx, config, options.challenge, {
+          id: user.fetch("id"),
+          name: user["name"] || user["email"] || user["id"],
+          displayName: user["displayName"] || user["display_name"]
+        }.compact)
+        ctx.json(options.as_json.merge(excludeCredentials: existing.map { |passkey| passkey_credential_descriptor(passkey) }))
+      end
+    end
+    def generate_passkey_authentication_options_endpoint(config)
+      Endpoint.new(path: "/passkey/generate-authenticate-options", method: "GET") do |ctx|
+        session = Routes.current_session(ctx, allow_nil: true)
+        passkey_configure_webauthn(config, ctx)
+        passkeys = if session
+          ctx.context.adapter.find_many(model: "passkey", where: [{field: "userId", value: session.fetch(:user).fetch("id")}])
+        else
+          []
+        end
+        options = WebAuthn::Credential.options_for_get(
+          allow: passkeys.map { |passkey| passkey_credential_id(passkey) },
+          extensions: passkey_resolve_extensions(config.dig(:authentication, :extensions), ctx)
+        )
+        passkey_store_challenge(ctx, config, options.challenge, session ? session.fetch(:user).fetch("id") : "")
+        payload = options.as_json.merge(userVerification: "preferred")
+        payload[:allowCredentials] = passkeys.map { |passkey| passkey_credential_descriptor(passkey) } if passkeys.any?
+        ctx.json(payload)
+      end
+    end
+    def verify_passkey_registration_endpoint(config)
+      Endpoint.new(path: "/passkey/verify-registration", method: "POST") do |ctx|
+        require_session = config.dig(:registration, :require_session) != false
+        session = require_session ? Routes.current_session(ctx, sensitive: true) : Routes.current_session(ctx, allow_nil: true, sensitive: true)
+        origin = passkey_origin(config, ctx)
+        raise APIError.new("BAD_REQUEST", message: "origin missing") if origin.to_s.empty?
+        verification_token = passkey_challenge_token(ctx, config)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("CHALLENGE_NOT_FOUND")) unless verification_token
+        challenge = passkey_find_challenge(ctx, verification_token)
+        unless challenge
+          raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("CHALLENGE_NOT_FOUND"))
+        end
+        if session && challenge.fetch("userData").fetch("id") != session.fetch(:user).fetch("id")
+          raise APIError.new("UNAUTHORIZED", message: PASSKEY_ERROR_CODES.fetch("YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY"))
+        end
+        response = passkey_webauthn_response(normalize_hash(ctx.body)[:response])
+        passkey_configure_webauthn(config, ctx, origin: origin)
+        credential = WebAuthn::Credential.from_create(response)
+        credential.verify(challenge.fetch("expectedChallenge"), user_verification: false)
+        authenticator_data = passkey_authenticator_data(credential)
+        body = normalize_hash(ctx.body)
+        target_user_id = passkey_after_registration_verification_user_id(config, ctx, credential, challenge, response, session)
+        data = ctx.context.adapter.create(
+          model: "passkey",
+          data: {
+            name: body[:name],
+            userId: target_user_id,
+            credentialID: credential.id,
+            publicKey: Base64.strict_encode64(credential.public_key),
+            counter: credential.sign_count,
+            deviceType: authenticator_data&.credential_backup_eligible? ? "multiDevice" : "singleDevice",
+            backedUp: authenticator_data&.credential_backed_up? || false,
+            transports: Array(passkey_attestation_response(credential)&.transports).join(","),
+            createdAt: Time.now,
+            aaguid: passkey_attestation_response(credential)&.aaguid
+          }
+        )
+        ctx.context.internal_adapter.delete_verification_by_identifier(verification_token)
+        ctx.json(passkey_wire(data))
+      rescue WebAuthn::Error => error
+        ctx.context.logger&.error("Failed to verify registration", error)
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: PASSKEY_ERROR_CODES.fetch("FAILED_TO_VERIFY_REGISTRATION"))
+      end
+    end
+    def verify_passkey_authentication_endpoint(config)
+      Endpoint.new(path: "/passkey/verify-authentication", method: "POST") do |ctx|
+        origin = passkey_origin(config, ctx)
+        raise APIError.new("BAD_REQUEST", message: "origin missing") if origin.to_s.empty?
+        verification_token = passkey_challenge_token(ctx, config)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("CHALLENGE_NOT_FOUND")) unless verification_token
+        challenge = passkey_find_challenge(ctx, verification_token)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("CHALLENGE_NOT_FOUND")) unless challenge
+        response = passkey_webauthn_response(normalize_hash(ctx.body)[:response])
+        credential_id = response.fetch("id")
+        passkey = ctx.context.adapter.find_one(model: "passkey", where: [{field: "credentialID", value: credential_id}])
+        raise APIError.new("UNAUTHORIZED", message: PASSKEY_ERROR_CODES.fetch("PASSKEY_NOT_FOUND")) unless passkey
+        passkey_configure_webauthn(config, ctx, origin: origin)
+        credential = WebAuthn::Credential.from_get(response)
+        credential.verify(
+          challenge.fetch("expectedChallenge"),
+          public_key: Base64.strict_decode64(passkey.fetch("publicKey")),
+          sign_count: passkey.fetch("counter").to_i,
+          user_verification: false
+        )
+        passkey_call_callback(config.dig(:authentication, :after_verification), {
+          ctx: ctx,
+          verification: credential,
+          client_data: response
+        })
+        ctx.context.adapter.update(
+          model: "passkey",
+          where: [{field: "id", value: passkey.fetch("id")}],
+          update: {counter: credential.sign_count}
+        )
+        session = ctx.context.internal_adapter.create_session(passkey.fetch("userId"))
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: PASSKEY_ERROR_CODES.fetch("UNABLE_TO_CREATE_SESSION")) unless session
+        user = ctx.context.internal_adapter.find_user_by_id(passkey.fetch("userId"))
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: "User not found") unless user
+        Cookies.set_session_cookie(ctx, {session: session, user: user})
+        ctx.context.internal_adapter.delete_verification_by_identifier(verification_token)
+        ctx.json({session: session, user: user})
+      rescue WebAuthn::Error, ArgumentError => error
+        ctx.context.logger&.error("Failed to verify authentication", error)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("AUTHENTICATION_FAILED"))
+      end
+    end
+    def list_passkeys_endpoint
+      Endpoint.new(path: "/passkey/list-user-passkeys", method: "GET") do |ctx|
+        session = Routes.current_session(ctx)
+        passkeys = ctx.context.adapter.find_many(model: "passkey", where: [{field: "userId", value: session.fetch(:user).fetch("id")}])
+        ctx.json(passkeys.map { |passkey| passkey_wire(passkey) })
+      end
+    end
+    def delete_passkey_endpoint
+      Endpoint.new(path: "/passkey/delete-passkey", method: "POST") do |ctx|
+        session = Routes.current_session(ctx)
+        body = normalize_hash(ctx.body)
+        passkey = ctx.context.adapter.find_one(model: "passkey", where: [{field: "id", value: body[:id]}])
+        raise APIError.new("NOT_FOUND", message: PASSKEY_ERROR_CODES.fetch("PASSKEY_NOT_FOUND")) unless passkey
+        raise APIError.new("UNAUTHORIZED") unless passkey.fetch("userId") == session.fetch(:user).fetch("id")
+        ctx.context.adapter.delete(model: "passkey", where: [{field: "id", value: passkey.fetch("id")}])
+        ctx.json({status: true})
+      end
+    end
+    def update_passkey_endpoint
+      Endpoint.new(path: "/passkey/update-passkey", method: "POST") do |ctx|
+        session = Routes.current_session(ctx)
+        body = normalize_hash(ctx.body)
+        passkey = ctx.context.adapter.find_one(model: "passkey", where: [{field: "id", value: body[:id]}])
+        raise APIError.new("NOT_FOUND", message: PASSKEY_ERROR_CODES.fetch("PASSKEY_NOT_FOUND")) unless passkey
+        if passkey.fetch("userId") != session.fetch(:user).fetch("id")
+          raise APIError.new("UNAUTHORIZED", message: PASSKEY_ERROR_CODES.fetch("YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY"))
+        end
+        updated = ctx.context.adapter.update(
+          model: "passkey",
+          where: [{field: "id", value: body[:id]}],
+          update: {name: body[:name].to_s}
+        )
+        raise APIError.new("INTERNAL_SERVER_ERROR", message: PASSKEY_ERROR_CODES.fetch("FAILED_TO_UPDATE_PASSKEY")) unless updated
+        ctx.json({passkey: passkey_wire(updated)})
+      end
+    end
+    def passkey_schema(custom_schema = nil)
+      base = {
+        passkey: {
+          model_name: "passkeys",
+          fields: {
+            name: {type: "string", required: false},
+            publicKey: {type: "string", required: true},
+            userId: {type: "string", references: {model: "user", field: "id"}, required: true, index: true},
+            credentialID: {type: "string", required: true, index: true},
+            counter: {type: "number", required: true},
+            deviceType: {type: "string", required: true},
+            backedUp: {type: "boolean", required: true},
+            transports: {type: "string", required: false},
+            createdAt: {type: "date", required: false},
+            aaguid: {type: "string", required: false}
+          }
+        }
+      }
+      return base unless custom_schema.is_a?(Hash)
+      base.merge(custom_schema) do |_key, old_value, new_value|
+        (old_value.is_a?(Hash) && new_value.is_a?(Hash)) ? old_value.merge(new_value) : new_value
+      end
+    end
+    def passkey_store_challenge(ctx, config, challenge, user_id)
+      user_data = user_id.is_a?(Hash) ? user_id : {id: user_id}
+      verification_token = Crypto.random_string(32)
+      cookie = passkey_challenge_cookie(ctx, config)
+      ctx.set_signed_cookie(cookie.name, verification_token, ctx.context.secret, cookie.attributes.merge(max_age: PASSKEY_CHALLENGE_MAX_AGE))
+      ctx.context.internal_adapter.create_verification_value(
+        identifier: verification_token,
+        value: JSON.generate({
+          expectedChallenge: challenge,
+          userData: user_data,
+          context: normalize_hash(ctx.query)[:context]
+        }),
+        expiresAt: Time.now + PASSKEY_CHALLENGE_MAX_AGE
+      )
+    end
+    def passkey_find_challenge(ctx, verification_token)
+      verification = ctx.context.internal_adapter.find_verification_value(verification_token)
+      return nil unless verification && !Routes.expired_time?(verification["expiresAt"])
+      JSON.parse(verification.fetch("value"))
+    rescue JSON::ParserError
+      nil
+    end
+    def passkey_challenge_token(ctx, config)
+      ctx.get_signed_cookie(passkey_challenge_cookie(ctx, config).name, ctx.context.secret)
+    end
+    def passkey_challenge_cookie(ctx, config)
+      ctx.context.create_auth_cookie(config.dig(:advanced, :web_authn_challenge_cookie), max_age: PASSKEY_CHALLENGE_MAX_AGE)
+    end
+    def passkey_configure_webauthn(config, ctx, origin: nil)
+      WebAuthn.configuration.rp_id = passkey_rp_id(config, ctx)
+      WebAuthn.configuration.rp_name = config[:rp_name] || ctx.context.app_name
+      WebAuthn.configuration.allowed_origins = passkey_allowed_origins(config, ctx, origin: origin)
+    end
+    def passkey_origin(config, ctx)
+      config[:origin] || ctx.headers["origin"]
+    end
+    def passkey_allowed_origins(config, ctx, origin: nil)
+      Array(origin || config[:origin] || ctx.context.options.base_url).compact
+    end
+    def passkey_rp_id(config, ctx)
+      return config[:rp_id] if config[:rp_id]
+      URI.parse(ctx.context.options.base_url.to_s).host || "localhost"
+    rescue URI::InvalidURIError
+      "localhost"
+    end
+    def passkey_authenticator_selection(config, query)
+      selection = normalize_hash(config[:authenticator_selection] || {})
+      attachment = query[:authenticator_attachment]
+      selection[:authenticator_attachment] = attachment if attachment
+      {
+        resident_key: selection[:resident_key] || "preferred",
+        user_verification: selection[:user_verification] || "preferred",
+        authenticator_attachment: selection[:authenticator_attachment]
+      }.compact
+    end
+    def passkey_resolve_registration_user(config, ctx, query)
+      require_session = config.dig(:registration, :require_session) != false
+      if require_session
+        session = Routes.current_session(ctx, sensitive: true)
+        user = session.fetch(:user)
+        return passkey_registration_user_data(
+          id: user.fetch("id"),
+          name: user["email"] || user["id"],
+          display_name: user["email"] || user["id"],
+          email: user["email"]
+        )
+      end
+      session = Routes.current_session(ctx, allow_nil: true)
+      if session
+        user = session.fetch(:user)
+        return passkey_registration_user_data(
+          id: user.fetch("id"),
+          name: user["email"] || user["id"],
+          display_name: user["email"] || user["id"],
+          email: user["email"]
+        )
+      end
+      resolver = config.dig(:registration, :resolve_user)
+      unless resolver.respond_to?(:call)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("RESOLVE_USER_REQUIRED"))
+      end
+      resolved = normalize_hash(passkey_call_callback(resolver, {ctx: ctx, context: query[:context]}) || {})
+      unless resolved[:id].to_s != "" && resolved[:name].to_s != ""
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("RESOLVED_USER_INVALID"))
+      end
+      passkey_registration_user_data(
+        id: resolved[:id],
+        name: resolved[:name],
+        display_name: resolved[:display_name],
+        email: resolved[:email]
+      )
+    end
+    def passkey_registration_user_data(id:, name:, display_name: nil, email: nil)
+      {
+        "id" => id,
+        "name" => name,
+        "displayName" => display_name,
+        "email" => email
+      }.compact
+    end
+    def passkey_resolve_extensions(extensions, ctx)
+      return nil unless extensions
+      normalize_hash(extensions.respond_to?(:call) ? passkey_call_callback(extensions, {ctx: ctx}) : extensions)
+    end
+    def passkey_after_registration_verification_user_id(config, ctx, credential, challenge, response, session)
+      user_data = challenge.fetch("userData")
+      target_user_id = user_data.fetch("id")
+      callback = config.dig(:registration, :after_verification)
+      return target_user_id unless callback.respond_to?(:call)
+      result = normalize_hash(passkey_call_callback(callback, {
+        ctx: ctx,
+        verification: credential,
+        user: {
+          id: user_data.fetch("id"),
+          name: user_data["name"] || user_data.fetch("id"),
+          display_name: user_data["displayName"] || user_data["display_name"]
+        },
+        client_data: response,
+        context: challenge["context"]
+      }) || {})
+      returned_user_id = result[:user_id]
+      return target_user_id if returned_user_id.to_s.empty?
+      unless returned_user_id.is_a?(String)
+        raise APIError.new("BAD_REQUEST", message: PASSKEY_ERROR_CODES.fetch("RESOLVED_USER_INVALID"))
+      end
+      if session && returned_user_id != session.fetch(:user).fetch("id")
+        raise APIError.new("UNAUTHORIZED", message: PASSKEY_ERROR_CODES.fetch("YOU_ARE_NOT_ALLOWED_TO_REGISTER_THIS_PASSKEY"))
+      end
+      returned_user_id
+    end
+    def passkey_call_callback(callback, data)
+      return nil unless callback.respond_to?(:call)
+      if callback.parameters.any? { |kind, _name| [:key, :keyreq, :keyrest].include?(kind) }
+        callback.call(**data)
+      else
+        callback.call(data)
+      end
+    end
+    def passkey_webauthn_response(value)
+      data = normalize_hash(value || {})
+      response = normalize_hash(data[:response] || {})
+      webauthn = {
+        "type" => data[:type],
+        "id" => data[:id],
+        "rawId" => data[:raw_id],
+        "authenticatorAttachment" => data[:authenticator_attachment],
+        "clientExtensionResults" => data[:client_extension_results] || {},
+        "response" => {
+          "attestationObject" => response[:attestation_object],
+          "clientDataJSON" => response[:client_data_json],
+          "transports" => response[:transports],
+          "authenticatorData" => response[:authenticator_data],
+          "signature" => response[:signature],
+          "userHandle" => response[:user_handle]
+        }.compact
+      }.compact
+      webauthn["rawId"] ||= webauthn["id"]
+      webauthn
+    end
+    def passkey_attestation_response(credential)
+      credential.instance_variable_get(:@response)
+    end
+    def passkey_authenticator_data(credential)
+      passkey_attestation_response(credential)&.authenticator_data
+    end
+    def passkey_wire(record)
+      return record unless record.is_a?(Hash)
+      output = record.dup
+      output["credentialID"] = output.delete("credentialId") if output.key?("credentialId")
+      output
+    end
+    def passkey_credential_id(record)
+      record["credentialID"] || record["credentialId"] || record[:credentialID] || record[:credential_id]
+    end
+    def passkey_credential_descriptor(record)
+      descriptor = {
+        id: passkey_credential_id(record),
+        type: "public-key"
+      }
+      transports = (record["transports"] || record[:transports]).to_s.split(",").map(&:strip).reject(&:empty?)
+      descriptor[:transports] = transports if transports.any?
+      descriptor
+    end
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,160 @@
+--- !ruby/object:Gem::Specification
+name: better_auth-passkey
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Sebastian Sala
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: better_auth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: webauthn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.4.3
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.25'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.2'
+- !ruby/object:Gem::Dependency
+  name: standardrb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+description: Adds passkey/WebAuthn registration, authentication, and credential management
+  routes for Better Auth Ruby.
+email:
+- sebastian.sala.tech@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- README.md
+- lib/better_auth/passkey.rb
+- lib/better_auth/passkey/version.rb
+- lib/better_auth/plugins/passkey.rb
+homepage: https://github.com/sebasxsala/better-auth
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/sebasxsala/better-auth
+  source_code_uri: https://github.com/sebasxsala/better-auth
+  changelog_uri: https://github.com/sebasxsala/better-auth/blob/main/packages/better_auth-passkey/CHANGELOG.md
+  bug_tracker_uri: https://github.com/sebasxsala/better-auth/issues
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.2.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: Passkey/WebAuthn plugin package for Better Auth Ruby
+test_files: []