passkeys-rails 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a137b9b4f2ab7aac24fef0747ff112588215d496034f0542983df3790bc32de7
-  data.tar.gz: 412185131a984a883a11af7fae1bbbb69806819a978871a08e0929921c766fe4
+  metadata.gz: 8aeb76eb5817dbc1b1fac8a6205b5154772bd04d91f45596952b9b10e319f997
+  data.tar.gz: 0f3eb68558500c17ea980a1a1e0b00db8ddf13dfead9ef8568fb8a8d295f96ae
 SHA512:
-  metadata.gz: bdf2974d31cb561bbeabaf599a29d99bb9cda2e4050cff913cbe5104a747c4eba2eb11a53936fcef013861ede39051208a2edbc3062a6b25a34476678388eba9
-  data.tar.gz: 149c795d0b56a7569170160426b466ff42abc75bcb2f46fc5adae3b35ad3eb9d6d465ce05f0834cbbfaf3bc30944d809b776c1112913c0e490175c316784e859
+  metadata.gz: 2f136f27de81f280d9d8e55e96b2f7c4729ded92a7b9c0339f0c766d0b8604732de430dd5f6e082ed700dca9422cc3c1af975dfae74aa267757d955b3bc15733
+  data.tar.gz: 92587364bdb4f41aa35dfaeef432bab42e77d6dd4a8e49b6797b12bd2a42f4ef0ecd9ed6dca5575abf3e068c0005c998d863f3eb7b1443eb4d01ac2271f73205

data/CHANGELOG.md

@@ -1,60 +1,65 @@
-### 0.3.1
+### 0.3.2 (2024/10/01)
 
-* Fixed a bug in reading session/cookie variables
-* Added webauthn configuration parameters to this gem's configuration
-* Moved configuration to its own class
-* Added more info to the README
+- Changed from unsigned cookies to short lived signed cookies
+- Added RELEASING.md
 
-### 0.3.0
+### 0.3.1 (2023/11/30)
 
-* Added debug_register endpoint.
-* Fixed authenticatable_params for register enpoint.
-* Added notifications to certain controller actions.
-* Improved spec error helper.
+- Fixed a bug in reading session/cookie variables
+- Added webauthn configuration parameters to this gem's configuration
+- Moved configuration to its own class
+- Added more info to the README
 
-### 0.2.1
+### 0.3.0 (2023/08/01)
+
+- Added debug_register endpoint.
+- Fixed authenticatable_params for register enpoint.
+- Added notifications to certain controller actions.
+- Improved spec error helper.
+
+### 0.2.1 (2023/07/29)
 
 Added ability to pass either the auth token string or a request with one in the header to authenticate methods.
 
-### 0.2.0
+### 0.2.0 (2023/07/28)
 
-* Added passkeys/debug_login functionality.
+- Added passkeys/debug_login functionality.
 
-### 0.1.7
+### 0.1.7 (2023/07/26)
 
-* Added IntegrationHelpers to support client testing.
-* Updated methods for interfacing with Rails client app.
-* Changed route path added by the generator.
+- Added IntegrationHelpers to support client testing.
+- Updated methods for interfacing with Rails client app.
+- Changed route path added by the generator.
 
-### 0.1.6
+### 0.1.6 (2023/07/26)
 
-* Added default_class and class_whitelist config parameters.
+- Added default_class and class_whitelist config parameters.
 
-### 0.1.5
+### 0.1.5 (2023/07/24)
 
-* Updated validation to ensure the agent has completed registration to be considered valid.
+- Updated validation to ensure the agent has completed registration to be considered valid.
 
-### 0.1.4
+### 0.1.4 (2023/07/23)
 
-* Changed namespace from Passkeys::Rails to PasskeysRails
+- Changed namespace from Passkeys::Rails to PasskeysRails
 
-### 0.1.3
+### 0.1.3 (2023/07/23)
 
-* More restructuring and fixed issue where autoloading failed
+- More restructuring and fixed issue where autoloading failed
   during client app initialization.
 
-### 0.1.2
+### 0.1.2 (2023/07/23)
 
-* Restructured lib directory.
+- Restructured lib directory.
 
-* Fixed naming convention for gem/gemspec.
+- Fixed naming convention for gem/gemspec.
 
-* Fixed exception handling.
+- Fixed exception handling.
 
-### 0.1.1
+### 0.1.1 (2023/07/23)
 
-* Fixed dependency
+- Fixed dependency
 
-### 0.1.0
+### 0.1.0 (2023/07/23)
 
-* Initial release - looking for feedback
+- Initial release - looking for feedback

data/README.md

@@ -188,7 +188,7 @@ end
  - When `.code` is `:expired_token`, `.message` is **The token has expired**, which means that the token is valid, but expired, thuis it's not considered authentic.
  - When `.code` is `:token_error`, `.message` is a description of the error.  This is a catch-all in the event we are unable to decode the token.
 
- In the future, the intention is to have the `.code` value stay consistent even if the `.message` changes.  This also allows you to localize the messages as need using the code.
+ In the future, the intention is to have the `.code` value stay consistent even if the `.message` changes.  This also allows you to localize the messages as needed using the code.
 
 ## Testing
 
@@ -239,11 +239,11 @@ For iOS, you need to associate your app with your server.  This amounts to setti
 
 ### Mobile API Endpoints
 
-There are 3 groups of API endpoints that your mobile application may consume.
+There are 3 groups of API endpoints that your mobile application might consume.
 
 1. Unauthenticated (public) endpoints
 1. Authenticated (private) endpoints
-1. Passey endpoints (for supporting authentication)
+1. Passkey endpoints (for supporting authentication)
 
 **Unauthenticated endpoints** can be consumed without any authentication.
 
@@ -253,7 +253,7 @@ There are 3 groups of API endpoints that your mobile application may consume.
 
 This gem supports the Passkey endpoints.
 
-### Endpoints
+### Passkey Endpoints
 
 * [POST /passkeys/challenge](post-passkeys-challenge)
 * [POST /passkeys/register](post-passkeys-register)
@@ -291,12 +291,18 @@ Some endpoints return an `AuthResponse`, which has this JSON structure:
 
 Submit this to begin registration or authentication.
 
-Supply a `{ "username": "unique username" } ` to register a new credential.
+#### Registration (register)
+
+To begin registration of a new credential, supply a `{ "username": "unique username" }`.
 If all goes well, the JSON response will be the `options_for_create` from webauthn.
 If the username is already in use, or anything else goes wrong, an error with code `validation_errors` will be returned.
 
-Omit the `username` when authenticating (logging in).
-The JSON response will be the `options_for_get` from webauthn.
+After receiving a successful response, follow up with a POST to `/passkeys/register`, below.
+
+#### Authentication (login)
+To begin authenticating an existing credential, omit the `username`.  The JSON response will be the `options_for_get` from webauthn.
+
+After receiving a successful response, follow up with a POST to `/passkeys/authenticate`, below.
 
 ### POST /passkeys/register
 
@@ -391,17 +397,17 @@ Possible **failure codes** (using the `ErrorResponse` structure) are:
 
 As it may not be possible to acess Passkey functionality in mobile simulators, this endpoint may be called to register a username while bypassing the normal challenge/response sequence.
 
-This endpoint only responds if DEBUG_LOGIN_REGEX is set in the server environment.  It is **very insecure to set this variable in a production environment** as it bypasses all Passkey checks.  It is only intended to be used during mobile application development.
+This endpoint only responds if `DEBUG_LOGIN_REGEX` is set in the server environment.  It is **very insecure to set this variable in a production environment** as it bypasses all Passkey checks.  It is only intended to be used during mobile application development.
 
 To use this endpoint:
 
-1. Set DEBUG_LOGIN_REGEX to a regex that matches any username you want to use during development - for example `^test(-\d+)?$` will match `test`, `test-1`, `test-123`, etc.
+1. Set `DEBUG_LOGIN_REGEX` to a regex that matches any username you want to use during development - for example `^test(-\d+)?$` will match `test`, `test-1`, `test-123`, etc.
 
-1. In the mobile application, call this endpoint in stead of the /passkeys/challenge and /passkeys/register.  The response is identicial to that of /passkeys/register.
+1. In the mobile application, call this endpoint in stead of the `/passkeys/challenge` and `/passkeys/register`.  The response is identicial to that of `/passkeys/register`.
 
-1. Use the response as if it was from /passkeys/register.
+1. Use the response as if it was from `/passkeys/register`.
 
-If you supply a username that doesn't match the DEBUG_LOGIN_REGEX, the endpoint will respond with an error.
+If you supply a username that doesn't match the `DEBUG_LOGIN_REGEX`, the endpoint will respond with an error.
 
 Supply the following JSON structure:
 
@@ -425,19 +431,19 @@ Possible **failure codes** (using the `ErrorResponse` structure) are:
 
 As it may not be possible to acess Passkey functionality in mobile simulators, this endpoint may be called to login (authenticate) a username while bypassing the normal challenge/response sequence.
 
-This endpoint only responds if DEBUG_LOGIN_REGEX is set in the server environment.  It is **very insecure to set this variable in a production environment** as it bypasses all Passkey checks.  It is only intended to be used during mobile application development.
+This endpoint only responds if `DEBUG_LOGIN_REGEX` is set in the server environment.  It is **very insecure to set this variable in a production environment** as it bypasses all Passkey checks.  It is only intended to be used during mobile application development.
 
 To use this endpoint:
 
 1. Manually create one or more PasskeysRails::Agent records in the database.  A unique username is required for each.
 
-1. Set DEBUG_LOGIN_REGEX to a regex that matches any username you want to use during development - for example `^test(-\d+)?$` will match `test`, `test-1`, `test-123`, etc.
+1. Set `DEBUG_LOGIN_REGEX` to a regex that matches any username you want to use during development - for example `^test(-\d+)?$` will match `test`, `test-1`, `test-123`, etc.
 
-1. In the mobile application, call this endpoint in stead of the /passkeys/challenge and /passkeys/authenticate.  The response is identicial to that of /passkeys/authenticate.
+1. In the mobile application, call this endpoint in stead of the `/passkeys/challenge` and `/passkeys/authenticate`.  The response is identicial to that of `/passkeys/authenticate`.
 
-1. Use the response as if it was from /passkeys/authenticate.
+1. Use the response as if it was from `/passkeys/authenticate`.
 
-If you supply a username that doesn't match the DEBUG_LOGIN_REGEX, the endpoint will respond with an error.
+If you supply a username that doesn't match the `DEBUG_LOGIN_REGEX`, the endpoint will respond with an error.
 
 Supply the following JSON structure:
 

data/app/controllers/passkeys_rails/passkeys_controller.rb

@@ -7,13 +7,19 @@ module PasskeysRails
       result = PasskeysRails::BeginChallenge.call!(username: challenge_params[:username])
 
       # Store the challenge so we can verify the future register or authentication request
-      cookies[:passkeys_rails] = result.cookie_data
+      cookies.signed[:passkeys_rails] = {
+        value: result.cookie_data.to_json,
+        expire: Time.now.utc + (result.response.timeout / 1000),
+        secure: true,
+        httponly: true,
+        same_site: :strict
+      }
 
       render json: result.response.as_json
     end
 
     def register
-      cookie_data = cookies["passkeys_rails"] || {}
+      cookie_data = JSON.parse(cookies.signed["passkeys_rails"] || "{}")
       result = PasskeysRails::FinishRegistration.call!(credential: attestation_credential_params.to_h,
                                                        authenticatable_info: authenticatable_params&.to_h,
                                                        username: cookie_data["username"],
@@ -25,7 +31,7 @@ module PasskeysRails
     end
 
     def authenticate
-      cookie_data = cookies["passkeys_rails"] || {}
+      cookie_data = JSON.parse(cookies.signed["passkeys_rails"] || "{}")
       result = PasskeysRails::FinishAuthentication.call!(credential: authentication_params.to_h,
                                                          challenge: cookie_data["challenge"])
 

data/lib/passkeys_rails/version.rb

@@ -1,3 +1,3 @@
 module PasskeysRails
-  VERSION = "0.3.1".freeze
+  VERSION = "0.3.2".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passkeys-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Troy Anderson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-30 00:00:00.000000000 Z
+date: 2024-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,20 +16,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.5
+        version: 7.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '7.0'
+        version: '7.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 7.0.5
+        version: 7.2.1
 - !ruby/object:Gem::Dependency
   name: interactor
   requirement: !ruby/object:Gem::Requirement
@@ -50,266 +50,280 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.1
+        version: 2.9.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.7.1
+        version: 2.9.1
 - !ruby/object:Gem::Dependency
   name: webauthn
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: cbor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.9.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.9.8
 - !ruby/object:Gem::Dependency
   name: dotenv
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.1
+        version: 3.1.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.8.1
+        version: 3.1.4
 - !ruby/object:Gem::Dependency
   name: puma
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.6.5
+        version: 6.4.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 5.6.5
+        version: 6.4.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: 13.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: 13.2.1
 - !ruby/object:Gem::Dependency
   name: sprockets-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.4.2
+        version: 3.5.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.4.2
+        version: 3.5.2
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 2.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.3
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: codecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.12
+        version: 0.6.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.12
+        version: 0.6.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.9.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.9.2
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.21.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.22.0
+        version: 0.21.2
 - !ruby/object:Gem::Dependency
   name: reek
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.1.4
+        version: 6.3.0
 - !ruby/object:Gem::Dependency
   name: factory_bot_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.2.0
+        version: 6.4.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.2.0
+        version: 6.4.3
 - !ruby/object:Gem::Dependency
   name: generator_spec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.4
+        version: 0.10.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.4
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 3.13.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 3.13.0
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.3
+        version: 7.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 6.0.3
+        version: 7.0.1
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.6
+        version: 0.9.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.6
+        version: 0.9.10
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: 1.66.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.21'
+        version: 1.66.1
 - !ruby/object:Gem::Dependency
   name: rubocop-performance
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.22.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.18.0
+        version: 1.22.1
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.20.2
+        version: 2.26.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.20.2
+        version: 2.26.2
 - !ruby/object:Gem::Dependency
   name: rubocop-rake
   requirement: !ruby/object:Gem::Requirement
@@ -325,19 +339,61 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.6.0
 - !ruby/object:Gem::Dependency
-  name: rubocop-rspec
+  name: rubocop-rspec_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.30.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.30.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-factory_bot
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.26.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.26.1
+- !ruby/object:Gem::Dependency
+  name: danger-changelog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+- !ruby/object:Gem::Dependency
+  name: danger-toc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.22.0
+        version: 0.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.22.0
+        version: 0.2.0
 description: Devise is awesome, but we don't need all that UI/UX for PassKeys. This
   gem is to make it easy to provide a back end that authenticates a mobile front end
   with PassKeys.
@@ -409,7 +465,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.17
+rubygems_version: 3.4.21
 signing_key:
 specification_version: 4
 summary: PassKey authentication back end with simple API