webauthn 1.14.0 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 812396778f9d74667ca7be0273e1ac38c0f0275aae8eb32b35f4d7aa5a52b6ec
-  data.tar.gz: 66539bc1f99c17b31f51e91df71b4423b059519eb0d8ccb7e4d637e6db8c588b
+  metadata.gz: ac8a0cc80530217e636ae8c83128363f9f9e725243cb40f5dad4e0941db4149f
+  data.tar.gz: b781f8035cf6c25626b6da8e0ced92838d5d6f5defcecc7180f826af4184540d
 SHA512:
-  metadata.gz: 875d8b449345498f08caf64f7a9b7cf01d537e85ac188d398ba337b2e13c24a2dd07c8013c201d0b00deb0eb191c8328abfed212e806afee287c91c63c6f8a46
-  data.tar.gz: fa8d32da1d05d15d9a74868c343cf2f907f31d9eab4830c1a3b4eead8317440e4ade8695ff19f463d494ee356a02486ffe37b5c52bf5beff3e70a78d4f4ccbd8
+  metadata.gz: '01449706124d9e42b81c4691075e1de5f6192651a9cb8f798c2b78bb31ef0171d9ece8ef09412b73cbdb3444f38e963455439a5d1cf9eb781c8804e713dd5002'
+  data.tar.gz: 4f5c370130707a529566f4be6887c592c600674caf5f2b198d9329de9b7de3098ec775cc222400d2ab8fe214310058b1b8563b769cc006089ddc1f2910526187

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [v1.15.0] - 2019-05-16
+
+### Added
+
+- Ability to configure Origin, RP ID and RP Name via `WebAuthn.configure`
+
 ## [v1.14.0] - 2019-04-25
 
 ### Added
@@ -173,6 +179,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
   - `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
 - Works with ruby 2.5
 
+[v1.15.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.14.0...v1.15.0/
 [v1.14.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.13.0...v1.14.0/
 [v1.13.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.12.0...v1.13.0/
 [v1.12.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.11.0...v1.12.0/

data/README.md

@@ -1,17 +1,23 @@
-# WebAuthn ruby library :key:
+# WebAuthn ruby server library :key:
 
-Make your Ruby/Rails web server become a conformant WebAuthn Relying Party.
+Makes your Ruby/Rails web server become a functional [WebAuthn Relying Party](https://www.w3.org/TR/webauthn/#webauthn-relying-party).
+
+Takes care of the [server-side operations](https://www.w3.org/TR/webauthn/#rp-operations) needed to
+[register](https://www.w3.org/TR/webauthn/#registration) or [authenticate](https://www.w3.org/TR/webauthn/#authentication)
+a user [credential](https://www.w3.org/TR/webauthn/#public-key-credential), including the necessary cryptographic checks.
 
 [![Gem](https://img.shields.io/gem/v/webauthn.svg?style=flat-square)](https://rubygems.org/gems/webauthn)
 [![Travis](https://img.shields.io/travis/cedarcode/webauthn-ruby/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/webauthn-ruby)
 [![Join the chat at https://gitter.im/cedarcode/webauthn-ruby](https://badges.gitter.im/cedarcode/webauthn-ruby.svg)](https://gitter.im/cedarcode/webauthn-ruby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
+## Why WebAuthn in my web server?
+
+- [Security Benefits for WebAuthn Relying Parties](https://www.w3.org/TR/webauthn/#sctn-rp-benefits)
+
 ## What is WebAuthn?
 
 WebAuthn (Web Authentication) is a W3C standard for secure public-key authentication on the Web supported by all leading browsers and platforms.
 
-For more:
-
 - WebAuthn [W3C Recommendation](https://www.w3.org/TR/webauthn/) (i.e. "The Standard")
 - WebAuthn [intro](https://www.yubico.com/webauthn/) by Yubico
 - WebAuthn [article](https://en.wikipedia.org/wiki/WebAuthn) in Wikipedia
@@ -22,7 +28,7 @@ For more:
 
 This ruby library will help your Ruby/Rails server act as a conforming [_Relying-Party_](https://www.w3.org/TR/webauthn/#relying-party), in WebAuthn terminology. But for the [_Registration_](https://www.w3.org/TR/webauthn/#registration) and [_Authentication_](https://www.w3.org/TR/webauthn/#authentication) ceremonies to fully work, you will also need to add two more pieces to the puzzle, a conforming [User Agent](https://www.w3.org/TR/webauthn/#conforming-user-agents) + [Authenticator](https://www.w3.org/TR/webauthn/#conforming-authenticators) pair.
 
-A very small set of known conformant pairs are for example:
+Known conformant pairs are, for example:
 
 - Google Chrome for Android 70+ and Android's Fingerprint-based platform authenticator
 - Microsoft Edge and Windows 10 platform authenticator
@@ -54,6 +60,30 @@ Or install it yourself as:
 
 NOTE: You can find a working example on how to use this gem in a __Rails__ app in [webauthn-rails-demo-app](https://github.com/cedarcode/webauthn-rails-demo-app).
 
+### Configuration
+
+For a Rails application this would go in `config/initializers/webauthn.rb`.
+
+```ruby
+WebAuthn.configure do |config|
+  # This value needs to match `window.location.origin` evaluated by
+  # the User Agent during registration and authentication ceremonies.
+  config.origin = "https://auth.example.com"
+
+  # Relying Party name for display purposes
+  config.rp_name = "Example Inc."
+
+  # You can optionally specify a different Relying Party ID
+  # (https://www.w3.org/TR/webauthn/#relying-party-identifier)
+  # if it differs from the default one.
+  #
+  # In this case the default would be "auth.example.com", but you can set it to
+  # the suffix "example.com"
+  #
+  # config.rp_id = "example.com"
+end
+```
+
 ### Registration
 
 #### Initiation phase
@@ -91,17 +121,9 @@ attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
   client_data_json: client_data_json
 )
 
-# This value needs to match `window.location.origin` evaluated by
-# the User Agent as part of the verification phase.
-expected_origin = "https://www.example.com"
-
-# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `expected_origin` was used on
-# `navigator.credentials.create`, it needs to specified for verification.
-# Otherwise, you can ignore passing in this value to the `verify` method below.
-rp_id = "example.com"
 
 begin
-  attestation_response.verify(expected_challenge, expected_origin, rp_id: rp_id)
+  attestation_response.verify(expected_challenge)
 
   # 1. Register the new user and
   # 2. Keep Credential ID and Credential Public Key under storage
@@ -158,15 +180,6 @@ assertion_response = WebAuthn::AuthenticatorAssertionResponse.new(
   signature: signature
 )
 
-# This value needs to match `window.location.origin` evaluated by
-# the User Agent as part of the verification phase.
-expected_origin = "https://www.example.com"
-
-# In the case that a Relying Party ID (https://www.w3.org/TR/webauthn/#relying-party-identifier) different from `expected_origin` was used on
-# `navigator.credentials.get`, it needs to be specified for verification.
-# Otherwise, you can ignore passing in this value to the `verify` method below.`
-rp_id = "example.com"
-
 # This hash must have the id and its corresponding public key of the
 # previously stored credential for the user that is attempting to sign in.
 allowed_credential = {
@@ -175,7 +188,7 @@ allowed_credential = {
 }
 
 begin
-  assertion_response.verify(expected_challenge, expected_origin, allowed_credentials: [allowed_credential], rp_id: rp_id)
+  assertion_response.verify(expected_challenge, allowed_credentials: [allowed_credential])
 
   # Sign in the user
 rescue WebAuthn::VerificationError => e

data/lib/android_safetynet/attestation_response.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
+require "base64"
 require "jwt"
+require "webauthn/security_utils"
 
 module AndroidSafetynet
   # Decoupled from WebAuthn, candidate for extraction
@@ -46,7 +48,7 @@ module AndroidSafetynet
     private
 
     def valid_nonce?(nonce)
-      payload["nonce"] == nonce
+      WebAuthn::SecurityUtils.secure_compare(payload["nonce"], nonce)
     end
 
     def valid_attestation_domain?
@@ -58,22 +60,11 @@ module AndroidSafetynet
     end
 
     def valid_signature?
-      JWT.decode(response, leaf_certificate.public_key, true, algorithms: algorithm_for(leaf_certificate.public_key))
+      JWT.decode(response, leaf_certificate.public_key, true, algorithms: ["ES256", "RS256"])
     rescue JWT::VerificationError
       false
     end
 
-    def algorithm_for(public_key)
-      case public_key
-      when OpenSSL::PKey::RSA
-        "RS256"
-      when OpenSSL::PKey::EC, OpenSSL::PKey::EC::Point
-        "ES256"
-      else
-        raise "Unsupported algorithm"
-      end
-    end
-
     def leaf_certificate
       certificate_chain[0]
     end

data/lib/webauthn.rb

@@ -1,48 +1,8 @@
 # frozen_string_literal: true
 
-require "cose/algorithm"
 require "webauthn/authenticator_attestation_response"
 require "webauthn/authenticator_assertion_response"
-require "webauthn/security_utils"
+require "webauthn/configuration"
+require "webauthn/credential_creation_options"
+require "webauthn/credential_request_options"
 require "webauthn/version"
-
-require "base64"
-require "securerandom"
-require "json"
-
-module WebAuthn
-  DEFAULT_ALGORITHMS = ["ES256", "RS256"].freeze
-
-  DEFAULT_PUB_KEY_CRED_PARAMS = DEFAULT_ALGORITHMS.map do |alg_name|
-    { type: "public-key", alg: COSE::Algorithm.by_name(alg_name).id }
-  end.freeze
-
-  TYPES = { create: "webauthn.create", get: "webauthn.get" }.freeze
-
-  # TODO: make keyword arguments mandatory in next major version
-  def self.credential_creation_options(
-    rp_name: "web-server",
-    user_name: "web-user",
-    display_name: "web-user",
-    user_id: "1"
-  )
-    {
-      challenge: challenge,
-      pubKeyCredParams: DEFAULT_PUB_KEY_CRED_PARAMS,
-      rp: { name: rp_name },
-      user: { name: user_name, displayName: display_name, id: user_id }
-    }
-  end
-
-  def self.credential_request_options
-    {
-      challenge: challenge,
-      allowCredentials: []
-    }
-  end
-
-  def self.challenge
-    SecureRandom.random_bytes(32)
-  end
-  private_class_method :challenge
-end

data/lib/webauthn/attestation_statement.rb

@@ -13,13 +13,6 @@ module WebAuthn
     ATTESTATION_FORMAT_ANDROID_KEY = "android-key"
     ATTESTATION_FORMAT_TPM = "tpm"
 
-    ATTESTATION_TYPE_NONE = "None"
-    ATTESTATION_TYPE_BASIC = "Basic"
-    ATTESTATION_TYPE_SELF = "Self"
-    ATTESTATION_TYPE_ATTCA = "AttCA"
-    ATTESTATION_TYPE_ECDAA = "ECDAA"
-    ATTESTATION_TYPE_BASIC_OR_ATTCA = "Basic_or_AttCA"
-
     def self.from(format, statement)
       case format
       when ATTESTATION_FORMAT_NONE

data/lib/webauthn/attestation_statement/android_key.rb

@@ -3,6 +3,7 @@
 require "openssl"
 require "webauthn/attestation_statement/android_key/key_description"
 require "webauthn/attestation_statement/base"
+require "webauthn/security_utils"
 require "webauthn/signature_verifier"
 
 module WebAuthn

data/lib/webauthn/attestation_statement/base.rb

@@ -1,10 +1,18 @@
 # frozen_string_literal: true
 
 require "openssl"
+require "webauthn/authenticator_data/attested_credential_data"
 require "webauthn/error"
 
 module WebAuthn
   module AttestationStatement
+    ATTESTATION_TYPE_NONE = "None"
+    ATTESTATION_TYPE_BASIC = "Basic"
+    ATTESTATION_TYPE_SELF = "Self"
+    ATTESTATION_TYPE_ATTCA = "AttCA"
+    ATTESTATION_TYPE_ECDAA = "ECDAA"
+    ATTESTATION_TYPE_BASIC_OR_ATTCA = "Basic_or_AttCA"
+
     class Base
       class NotSupportedError < Error; end
 

data/lib/webauthn/attestation_statement/tpm/cert_info.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
+require "openssl"
 require "tpm/constants"
 require "tpm/s_attest"
+require "webauthn/attestation_statement/base"
 
 module WebAuthn
   module AttestationStatement

data/lib/webauthn/attestation_statement/tpm/pub_area.rb

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
+require "cose/algorithm"
 require "cose/key"
 require "tpm/constants"
 require "tpm/t_public"
+require "webauthn/attestation_statement/base"
 
 module WebAuthn
   module AttestationStatement
@@ -19,7 +21,7 @@ module WebAuthn
         }.freeze
 
         COSE_TO_TPM_CURVE = {
-          COSE::Key::EC2::CRV_P256 => ::TPM::ECC_NIST_P256
+          COSE::Key::Curve.by_name("P-256").id => ::TPM::ECC_NIST_P256
         }.freeze
 
         def initialize(data)

data/lib/webauthn/authenticator_assertion_response.rb

@@ -3,6 +3,7 @@
 require "cose/algorithm"
 require "cose/key"
 require "webauthn/attestation_statement/fido_u2f/public_key"
+require "webauthn/authenticator_data"
 require "webauthn/authenticator_response"
 require "webauthn/signature_verifier"
 
@@ -19,7 +20,7 @@ module WebAuthn
       @signature = signature
     end
 
-    def verify(expected_challenge, expected_origin, allowed_credentials:, rp_id: nil)
+    def verify(expected_challenge, expected_origin = nil, allowed_credentials:, rp_id: nil)
       super(expected_challenge, expected_origin, rp_id: rp_id)
 
       verify_item(:credential, allowed_credentials)

data/lib/webauthn/authenticator_attestation_response.rb

@@ -21,7 +21,7 @@ module WebAuthn
       @attestation_object = attestation_object
     end
 
-    def verify(expected_challenge, expected_origin, rp_id: nil)
+    def verify(expected_challenge, expected_origin = nil, rp_id: nil)
       super
 
       verify_item(:attestation_statement)

data/lib/webauthn/authenticator_response.rb

@@ -1,8 +1,13 @@
 # frozen_string_literal: true
 
+require "base64"
+require "webauthn/client_data"
 require "webauthn/error"
+require "webauthn/security_utils"
 
 module WebAuthn
+  TYPES = { create: "webauthn.create", get: "webauthn.get" }.freeze
+
   class VerificationError < Error; end
 
   class AuthenticatorDataVerificationError < VerificationError; end
@@ -18,7 +23,10 @@ module WebAuthn
       @client_data_json = client_data_json
     end
 
-    def verify(expected_challenge, expected_origin, rp_id: nil)
+    def verify(expected_challenge, expected_origin = nil, rp_id: nil)
+      expected_origin ||= WebAuthn.configuration.origin || raise("Unspecified expected origin")
+      rp_id ||= WebAuthn.configuration.rp_id
+
       verify_item(:type)
       verify_item(:token_binding)
       verify_item(:challenge, expected_challenge)
@@ -67,7 +75,7 @@ module WebAuthn
     end
 
     def valid_origin?(expected_origin)
-      client_data.origin == expected_origin
+      expected_origin && (client_data.origin == expected_origin)
     end
 
     def valid_rp_id?(rp_id)

data/lib/webauthn/client_data.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "json"
 require "openssl"
 require "webauthn/error"
 

data/lib/webauthn/configuration.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module WebAuthn
+  def self.configuration
+    @configuration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+
+  class Configuration
+    attr_accessor :origin
+    attr_accessor :rp_id
+    attr_accessor :rp_name
+  end
+end

data/lib/webauthn/credential_creation_options.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require "cose/algorithm"
+require "webauthn/credential_options"
+require "webauthn/credential_rp_entity"
+require "webauthn/credential_user_entity"
+
+module WebAuthn
+  # TODO: make keyword arguments mandatory in next major version
+  def self.credential_creation_options(rp_name: nil, user_name: "web-user", display_name: "web-user", user_id: "1")
+    CredentialCreationOptions.new(
+      rp_name: rp_name, user_id: user_id, user_name: user_name, user_display_name: display_name
+    ).to_h
+  end
+
+  class CredentialCreationOptions < CredentialOptions
+    DEFAULT_ALGORITHMS = ["ES256", "RS256"].freeze
+    DEFAULT_RP_NAME = "web-server"
+
+    DEFAULT_PUB_KEY_CRED_PARAMS = DEFAULT_ALGORITHMS.map do |alg_name|
+      { type: "public-key", alg: COSE::Algorithm.by_name(alg_name).id }
+    end.freeze
+
+    def initialize(user_id:, user_name:, user_display_name: nil, rp_name: nil)
+      @user_id = user_id
+      @user_name = user_name
+      @user_display_name = user_display_name
+      @rp_name = rp_name
+    end
+
+    def to_h
+      {
+        challenge: challenge,
+        pubKeyCredParams: pub_key_cred_params,
+        user: { id: user.id, name: user.name, displayName: user.display_name },
+        rp: { name: rp.name }
+      }
+    end
+
+    def pub_key_cred_params
+      DEFAULT_PUB_KEY_CRED_PARAMS
+    end
+
+    def rp
+      @rp ||= CredentialRPEntity.new(name: rp_name || configuration.rp_name || DEFAULT_RP_NAME)
+    end
+
+    def user
+      @user ||= CredentialUserEntity.new(id: user_id, name: user_name, display_name: user_display_name)
+    end
+
+    private
+
+    attr_reader :user_id, :user_name, :user_display_name, :rp_name
+
+    def configuration
+      WebAuthn.configuration
+    end
+  end
+end

data/lib/webauthn/credential_entity.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module WebAuthn
+  class CredentialEntity
+    attr_reader :name
+
+    def initialize(name:)
+      @name = name
+    end
+  end
+end

data/lib/webauthn/credential_options.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+module WebAuthn
+  class CredentialOptions
+    CHALLENGE_LENGTH = 32
+
+    def challenge
+      @challenge ||= SecureRandom.random_bytes(CHALLENGE_LENGTH)
+    end
+  end
+end

data/lib/webauthn/credential_request_options.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require "webauthn/credential_options"
+
+module WebAuthn
+  def self.credential_request_options
+    CredentialRequestOptions.new.to_h
+  end
+
+  class CredentialRequestOptions < CredentialOptions
+    def to_h
+      { challenge: challenge, allowCredentials: allow_credentials }
+    end
+
+    def allow_credentials
+      []
+    end
+  end
+end

data/lib/webauthn/credential_rp_entity.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "webauthn/credential_entity"
+
+module WebAuthn
+  class CredentialRPEntity < CredentialEntity
+  end
+end

data/lib/webauthn/credential_user_entity.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "webauthn/credential_entity"
+
+module WebAuthn
+  class CredentialUserEntity < CredentialEntity
+    attr_reader :id, :display_name
+
+    def initialize(id:, display_name: nil, **keyword_arguments)
+      super(**keyword_arguments)
+
+      @id = id
+      @display_name = display_name || name
+    end
+  end
+end

data/lib/webauthn/fake_authenticator.rb

@@ -8,8 +8,6 @@ require "webauthn/fake_authenticator/authenticator_data"
 
 module WebAuthn
   class FakeAuthenticator
-    AAGUID = SecureRandom.random_bytes(16)
-
     def initialize
       @credentials = {}
     end
@@ -32,7 +30,13 @@ module WebAuthn
       attestation_object
     end
 
-    def get_assertion(rp_id:, client_data_hash:, user_present: true, user_verified: false, aaguid: AAGUID)
+    def get_assertion(
+      rp_id:,
+      client_data_hash:,
+      user_present: true,
+      user_verified: false,
+      aaguid: AuthenticatorData::AAGUID
+    )
       credential_options = credentials[rp_id]
 
       if credential_options

data/lib/webauthn/fake_authenticator/authenticator_data.rb

@@ -7,8 +7,10 @@ require "securerandom"
 module WebAuthn
   class FakeAuthenticator
     class AuthenticatorData
+      AAGUID = SecureRandom.random_bytes(16)
+
       def initialize(rp_id_hash:, credential: nil, sign_count: 0, user_present: true, user_verified: !user_present,
-                     aaguid: WebAuthn::FakeAuthenticator::AAGUID)
+                     aaguid: AAGUID)
         @rp_id_hash = rp_id_hash
         @credential = credential
         @sign_count = sign_count
@@ -100,9 +102,9 @@ module WebAuthn
           key.instance_variable_set(:@alg, -257)
         when OpenSSL::PKey::EC::Point
           alg = {
-            COSE::Key::EC2::CRV_P256 => -7,
-            COSE::Key::EC2::CRV_P384 => -35,
-            COSE::Key::EC2::CRV_P521 => -36
+            COSE::Key::Curve.by_name("P-256").id => -7,
+            COSE::Key::Curve.by_name("P-384").id => -35,
+            COSE::Key::Curve.by_name("P-521").id => -36
           }
 
           key = COSE::Key::EC2.from_pkey(credential[:public_key])

data/lib/webauthn/fake_client.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "base64"
 require "openssl"
 require "webauthn/authenticator_data"
 require "webauthn/fake_authenticator"

data/lib/webauthn/signature_verifier.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 require "cose/algorithm"
+require "cose/key"
+require "openssl"
+require "webauthn/error"
 
 module WebAuthn
   class SignatureVerifier

data/lib/webauthn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module WebAuthn
-  VERSION = "1.14.0"
+  VERSION = "1.15.0"
 end

data/webauthn.gemspec

@@ -10,8 +10,9 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Gonzalo Rodriguez", "Braulio Martinez"]
   spec.email         = ["gonzalo@cedarcode.com", "braulio@cedarcode.com"]
 
-  spec.summary       = "WebAuthn ruby library"
-  spec.description   = "Make your Ruby/Rails web server become a conformant WebAuthn Relying Party"
+  spec.summary       = "WebAuthn ruby server library"
+  spec.description   = 'WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
+    Relying Party and allow your users to authenticate with U2F and FIDO 2.0 authenticators.'
   spec.homepage      = "https://github.com/cedarcode/webauthn-ruby"
   spec.license       = "MIT"
 
@@ -32,7 +33,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "bindata", "~> 2.4"
   spec.add_dependency "cbor", "~> 0.5.9"
-  spec.add_dependency "cose", "~> 0.6.0"
+  spec.add_dependency "cose", "~> 0.7.0"
   spec.add_dependency "jwt", [">= 1.5", "< 3.0"]
   spec.add_dependency "openssl", "~> 2.0"
   spec.add_dependency "securecompare", "~> 1.0"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: webauthn
 version: !ruby/object:Gem::Version
-  version: 1.14.0
+  version: 1.15.0
 platform: ruby
 authors:
 - Gonzalo Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-04-25 00:00:00.000000000 Z
+date: 2019-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.0
+        version: 0.7.0
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -191,8 +191,9 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.67.2
-description: Make your Ruby/Rails web server become a conformant WebAuthn Relying
-  Party
+description: |-
+  WebAuthn ruby server library ― Make your application a W3C Web Authentication conformant
+      Relying Party and allow your users to authenticate with U2F and FIDO 2.0 authenticators.
 email:
 - gonzalo@cedarcode.com
 - braulio@cedarcode.com
@@ -243,6 +244,13 @@ files:
 - lib/webauthn/authenticator_data/attested_credential_data.rb
 - lib/webauthn/authenticator_response.rb
 - lib/webauthn/client_data.rb
+- lib/webauthn/configuration.rb
+- lib/webauthn/credential_creation_options.rb
+- lib/webauthn/credential_entity.rb
+- lib/webauthn/credential_options.rb
+- lib/webauthn/credential_request_options.rb
+- lib/webauthn/credential_rp_entity.rb
+- lib/webauthn/credential_user_entity.rb
 - lib/webauthn/error.rb
 - lib/webauthn/fake_authenticator.rb
 - lib/webauthn/fake_authenticator/attestation_object.rb
@@ -277,5 +285,5 @@ requirements: []
 rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
-summary: WebAuthn ruby library
+summary: WebAuthn ruby server library
 test_files: []