@capawesome/capacitor-passkeys 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CapawesomeCapacitorPasskeys.podspec +17 -0
- package/LICENSE +21 -0
- package/Package.swift +28 -0
- package/README.md +472 -0
- package/android/build.gradle +61 -0
- package/android/src/main/AndroidManifest.xml +2 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/Passkeys.java +173 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/PasskeysPlugin.java +115 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/CustomException.java +20 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/CustomExceptions.java +12 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/options/CreatePasskeyOptions.java +38 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/options/GetPasskeyOptions.java +33 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/results/CreatePasskeyResult.java +22 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/results/GetPasskeyResult.java +22 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/classes/results/IsAvailableResult.java +22 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/interfaces/Callback.java +5 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/interfaces/NonEmptyResultCallback.java +7 -0
- package/android/src/main/java/io/capawesome/capacitorjs/plugins/passkeys/interfaces/Result.java +7 -0
- package/android/src/main/res/.gitkeep +0 -0
- package/dist/docs.json +1091 -0
- package/dist/esm/definitions.d.ts +567 -0
- package/dist/esm/definitions.js +47 -0
- package/dist/esm/definitions.js.map +1 -0
- package/dist/esm/index.d.ts +4 -0
- package/dist/esm/index.js +7 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/web.d.ts +18 -0
- package/dist/esm/web.js +184 -0
- package/dist/esm/web.js.map +1 -0
- package/dist/plugin.cjs.js +244 -0
- package/dist/plugin.cjs.js.map +1 -0
- package/dist/plugin.js +247 -0
- package/dist/plugin.js.map +1 -0
- package/ios/Plugin/Classes/Options/CreatePasskeyOptions.swift +81 -0
- package/ios/Plugin/Classes/Options/GetPasskeyOptions.swift +54 -0
- package/ios/Plugin/Classes/Results/CreatePasskeyResult.swift +28 -0
- package/ios/Plugin/Classes/Results/GetPasskeyResult.swift +34 -0
- package/ios/Plugin/Classes/Results/IsAvailableResult.swift +16 -0
- package/ios/Plugin/Enums/CustomError.swift +65 -0
- package/ios/Plugin/Info.plist +24 -0
- package/ios/Plugin/Passkeys.swift +118 -0
- package/ios/Plugin/PasskeysHelper.swift +20 -0
- package/ios/Plugin/PasskeysPlugin.swift +86 -0
- package/ios/Plugin/Protocols/Result.swift +5 -0
- package/package.json +91 -0
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
require 'json'
|
|
2
|
+
|
|
3
|
+
package = JSON.parse(File.read(File.join(__dir__, 'package.json')))
|
|
4
|
+
|
|
5
|
+
Pod::Spec.new do |s|
|
|
6
|
+
s.name = 'CapawesomeCapacitorPasskeys'
|
|
7
|
+
s.version = package['version']
|
|
8
|
+
s.summary = package['description']
|
|
9
|
+
s.license = package['license']
|
|
10
|
+
s.homepage = package['repository']['url']
|
|
11
|
+
s.author = package['author']
|
|
12
|
+
s.source = { :git => package['repository']['url'], :tag => s.version.to_s }
|
|
13
|
+
s.source_files = 'ios/Plugin/**/*.{swift,h,m,c,cc,mm,cpp}'
|
|
14
|
+
s.ios.deployment_target = '15.0'
|
|
15
|
+
s.dependency 'Capacitor'
|
|
16
|
+
s.swift_version = '5.1'
|
|
17
|
+
end
|
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Robin Genz
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/Package.swift
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
// swift-tools-version: 5.9
|
|
2
|
+
import PackageDescription
|
|
3
|
+
|
|
4
|
+
let package = Package(
|
|
5
|
+
name: "CapawesomeCapacitorPasskeys",
|
|
6
|
+
platforms: [.iOS(.v15)],
|
|
7
|
+
products: [
|
|
8
|
+
.library(
|
|
9
|
+
name: "CapawesomeCapacitorPasskeys",
|
|
10
|
+
targets: ["PasskeysPlugin"])
|
|
11
|
+
],
|
|
12
|
+
dependencies: [
|
|
13
|
+
.package(url: "https://github.com/ionic-team/capacitor-swift-pm.git", from: "8.0.0")
|
|
14
|
+
],
|
|
15
|
+
targets: [
|
|
16
|
+
.target(
|
|
17
|
+
name: "PasskeysPlugin",
|
|
18
|
+
dependencies: [
|
|
19
|
+
.product(name: "Capacitor", package: "capacitor-swift-pm"),
|
|
20
|
+
.product(name: "Cordova", package: "capacitor-swift-pm")
|
|
21
|
+
],
|
|
22
|
+
path: "ios/Plugin"),
|
|
23
|
+
.testTarget(
|
|
24
|
+
name: "PasskeysPluginTests",
|
|
25
|
+
dependencies: ["PasskeysPlugin"],
|
|
26
|
+
path: "ios/PluginTests")
|
|
27
|
+
]
|
|
28
|
+
)
|
package/README.md
ADDED
|
@@ -0,0 +1,472 @@
|
|
|
1
|
+
# @capawesome/capacitor-passkeys
|
|
2
|
+
|
|
3
|
+
Capacitor plugin to create and authenticate with [passkeys](https://fidoalliance.org/passkeys/) based on the [WebAuthn](https://www.w3.org/TR/webauthn-2/) standard.
|
|
4
|
+
|
|
5
|
+
<div class="capawesome-z29o10a">
|
|
6
|
+
<a href="https://cloud.capawesome.io/" target="_blank">
|
|
7
|
+
<img alt="Deliver Live Updates to your Capacitor app with Capawesome Cloud" src="https://cloud.capawesome.io/assets/banners/cloud-build-and-deploy-capacitor-apps.png?t=1" />
|
|
8
|
+
</a>
|
|
9
|
+
</div>
|
|
10
|
+
|
|
11
|
+
## Features
|
|
12
|
+
|
|
13
|
+
We are proud to offer one of the most complete and feature-rich Capacitor plugins for passkeys. Here are some of the key features:
|
|
14
|
+
|
|
15
|
+
- 🔐 **Passkey creation**: Register new passkeys with the platform authenticator.
|
|
16
|
+
- 🔑 **Passkey authentication**: Authenticate users with their existing passkeys.
|
|
17
|
+
- 🌐 **WebAuthn standard**: Uses the WebAuthn JSON serialization so any WebAuthn server library works unchanged.
|
|
18
|
+
- 📱 **Availability check**: Check if passkeys are available on the device.
|
|
19
|
+
- 🖥️ **Web support**: Full web support via the native WebAuthn browser API.
|
|
20
|
+
- 🔗 **Compatibility**: Works alongside the [Biometrics](https://capawesome.io/plugins/biometrics/) and [OAuth](https://capawesome.io/plugins/oauth/) plugins.
|
|
21
|
+
- 📦 **CocoaPods & SPM**: Supports CocoaPods and Swift Package Manager for iOS.
|
|
22
|
+
- 🔁 **Up-to-date**: Always supports the latest Capacitor version.
|
|
23
|
+
|
|
24
|
+
Missing a feature? Just [open an issue](https://github.com/capawesome-team/capacitor-plugins/issues) and we'll take a look!
|
|
25
|
+
|
|
26
|
+
## Newsletter
|
|
27
|
+
|
|
28
|
+
Stay up to date with the latest news and updates about the Capawesome, Capacitor, and Ionic ecosystem by subscribing to our [Capawesome Newsletter](https://cloud.capawesome.io/newsletter/).
|
|
29
|
+
|
|
30
|
+
## Compatibility
|
|
31
|
+
|
|
32
|
+
| Plugin Version | Capacitor Version | Status |
|
|
33
|
+
| -------------- | ----------------- | -------------- |
|
|
34
|
+
| 0.x.x | >=8.x.x | Active support |
|
|
35
|
+
|
|
36
|
+
## Installation
|
|
37
|
+
|
|
38
|
+
You can use our **AI-Assisted Setup** to install the plugin.
|
|
39
|
+
Add the [Capawesome Skills](https://github.com/capawesome-team/skills) to your AI tool using the following command:
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
npx skills add capawesome-team/skills --skill capacitor-plugins
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Then use the following prompt:
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
Use the `capacitor-plugins` skill from `capawesome-team/skills` to install the `@capawesome/capacitor-passkeys` plugin in my project.
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
If you prefer **Manual Setup**, install the plugin by running the following commands and follow the platform-specific instructions below:
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
npm install @capawesome/capacitor-passkeys
|
|
55
|
+
npx cap sync
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
### Android
|
|
59
|
+
|
|
60
|
+
On Android, passkeys are supported on Android 9 (API level 28) and higher with an available credential provider (e.g. Google Password Manager).
|
|
61
|
+
|
|
62
|
+
#### Variables
|
|
63
|
+
|
|
64
|
+
This plugin will use the following project variables (defined in your app’s `variables.gradle` file):
|
|
65
|
+
|
|
66
|
+
- `$androidxCredentialsVersion` version of `androidx.credentials:credentials` and `androidx.credentials:credentials-play-services-auth` (default: `1.5.0`)
|
|
67
|
+
|
|
68
|
+
#### Digital Asset Links
|
|
69
|
+
|
|
70
|
+
Your app must be associated with the domain of the relying party (`rp.id` / `rpId`) using [Digital Asset Links](https://developers.google.com/digital-asset-links). For this, host a JSON file at `https://<your-domain>/.well-known/assetlinks.json` that delegates the `common.get_login_creds` permission to your app:
|
|
71
|
+
|
|
72
|
+
```json
|
|
73
|
+
[
|
|
74
|
+
{
|
|
75
|
+
"relation": [
|
|
76
|
+
"delegate_permission/common.handle_all_urls",
|
|
77
|
+
"delegate_permission/common.get_login_creds"
|
|
78
|
+
],
|
|
79
|
+
"target": {
|
|
80
|
+
"namespace": "android_app",
|
|
81
|
+
"package_name": "com.example.app",
|
|
82
|
+
"sha256_cert_fingerprints": [
|
|
83
|
+
"01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF"
|
|
84
|
+
]
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
]
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
Replace `com.example.app` with the application ID of your app and the fingerprint with the SHA-256 fingerprint of your app's signing certificate. Otherwise, the plugin methods will reject with the `DOMAIN_NOT_ASSOCIATED` error code.
|
|
91
|
+
|
|
92
|
+
### iOS
|
|
93
|
+
|
|
94
|
+
On iOS, passkeys are supported on iOS 15 and higher.
|
|
95
|
+
|
|
96
|
+
#### Associated Domains
|
|
97
|
+
|
|
98
|
+
Your app must be associated with the domain of the relying party (`rp.id` / `rpId`). For this, add the [Associated Domains](https://developer.apple.com/documentation/xcode/supporting-associated-domains) capability with the `webcredentials` service type to your app:
|
|
99
|
+
|
|
100
|
+
```xml
|
|
101
|
+
<key>com.apple.developer.associated-domains</key>
|
|
102
|
+
<array>
|
|
103
|
+
<string>webcredentials:example.com</string>
|
|
104
|
+
</array>
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
Additionally, host an [`apple-app-site-association`](https://developer.apple.com/documentation/xcode/supporting-associated-domains) file at `https://<your-domain>/.well-known/apple-app-site-association`:
|
|
108
|
+
|
|
109
|
+
```json
|
|
110
|
+
{
|
|
111
|
+
"webcredentials": {
|
|
112
|
+
"apps": ["TEAMID.com.example.app"]
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
Replace `TEAMID` with your Apple Developer Team ID and `com.example.app` with the bundle identifier of your app. Otherwise, the plugin methods will reject with the `DOMAIN_NOT_ASSOCIATED` error code.
|
|
118
|
+
|
|
119
|
+
## Configuration
|
|
120
|
+
|
|
121
|
+
No configuration required for this plugin.
|
|
122
|
+
|
|
123
|
+
## Usage
|
|
124
|
+
|
|
125
|
+
```typescript
|
|
126
|
+
import { Passkeys } from '@capawesome/capacitor-passkeys';
|
|
127
|
+
|
|
128
|
+
const createPasskey = async () => {
|
|
129
|
+
// In a real app, the options must be provided by your WebAuthn server,
|
|
130
|
+
// e.g. via `generateRegistrationOptions()` from SimpleWebAuthn.
|
|
131
|
+
const result = await Passkeys.createPasskey({
|
|
132
|
+
attestation: 'none',
|
|
133
|
+
authenticatorSelection: {
|
|
134
|
+
residentKey: 'required',
|
|
135
|
+
userVerification: 'required',
|
|
136
|
+
},
|
|
137
|
+
challenge: 'dGhpc2lzYWNoYWxsZW5nZQ',
|
|
138
|
+
pubKeyCredParams: [
|
|
139
|
+
{ alg: -7, type: 'public-key' },
|
|
140
|
+
{ alg: -257, type: 'public-key' },
|
|
141
|
+
],
|
|
142
|
+
rp: { id: 'example.com', name: 'Example Inc.' },
|
|
143
|
+
user: {
|
|
144
|
+
displayName: 'Jane Doe',
|
|
145
|
+
id: 'anVzdGFyYW5kb21pZA',
|
|
146
|
+
name: 'jane.doe@example.com',
|
|
147
|
+
},
|
|
148
|
+
});
|
|
149
|
+
// Pass the result to your WebAuthn server for verification,
|
|
150
|
+
// e.g. via `verifyRegistrationResponse()` from SimpleWebAuthn.
|
|
151
|
+
return result;
|
|
152
|
+
};
|
|
153
|
+
|
|
154
|
+
const getPasskey = async () => {
|
|
155
|
+
// In a real app, the options must be provided by your WebAuthn server,
|
|
156
|
+
// e.g. via `generateAuthenticationOptions()` from SimpleWebAuthn.
|
|
157
|
+
const result = await Passkeys.getPasskey({
|
|
158
|
+
challenge: 'dGhpc2lzYWNoYWxsZW5nZQ',
|
|
159
|
+
rpId: 'example.com',
|
|
160
|
+
userVerification: 'required',
|
|
161
|
+
});
|
|
162
|
+
// Pass the result to your WebAuthn server for verification,
|
|
163
|
+
// e.g. via `verifyAuthenticationResponse()` from SimpleWebAuthn.
|
|
164
|
+
return result;
|
|
165
|
+
};
|
|
166
|
+
|
|
167
|
+
const isAvailable = async () => {
|
|
168
|
+
const { available } = await Passkeys.isAvailable();
|
|
169
|
+
return available;
|
|
170
|
+
};
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
## API
|
|
174
|
+
|
|
175
|
+
<docgen-index>
|
|
176
|
+
|
|
177
|
+
* [`createPasskey(...)`](#createpasskey)
|
|
178
|
+
* [`getPasskey(...)`](#getpasskey)
|
|
179
|
+
* [`isAvailable()`](#isavailable)
|
|
180
|
+
* [Interfaces](#interfaces)
|
|
181
|
+
* [Type Aliases](#type-aliases)
|
|
182
|
+
|
|
183
|
+
</docgen-index>
|
|
184
|
+
|
|
185
|
+
<docgen-api>
|
|
186
|
+
<!--Update the source file JSDoc comments and rerun docgen to update the docs below-->
|
|
187
|
+
|
|
188
|
+
### createPasskey(...)
|
|
189
|
+
|
|
190
|
+
```typescript
|
|
191
|
+
createPasskey(options: CreatePasskeyOptions) => Promise<CreatePasskeyResult>
|
|
192
|
+
```
|
|
193
|
+
|
|
194
|
+
Create (register) a new passkey.
|
|
195
|
+
|
|
196
|
+
The options mirror the WebAuthn `PublicKeyCredentialCreationOptions` JSON
|
|
197
|
+
serialization so that the values provided by any WebAuthn server library
|
|
198
|
+
can be passed through unchanged.
|
|
199
|
+
|
|
200
|
+
| Param | Type |
|
|
201
|
+
| ------------- | --------------------------------------------------------------------- |
|
|
202
|
+
| **`options`** | <code><a href="#createpasskeyoptions">CreatePasskeyOptions</a></code> |
|
|
203
|
+
|
|
204
|
+
**Returns:** <code>Promise<<a href="#createpasskeyresult">CreatePasskeyResult</a>></code>
|
|
205
|
+
|
|
206
|
+
**Since:** 0.1.0
|
|
207
|
+
|
|
208
|
+
--------------------
|
|
209
|
+
|
|
210
|
+
|
|
211
|
+
### getPasskey(...)
|
|
212
|
+
|
|
213
|
+
```typescript
|
|
214
|
+
getPasskey(options: GetPasskeyOptions) => Promise<GetPasskeyResult>
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
Get (authenticate with) an existing passkey.
|
|
218
|
+
|
|
219
|
+
The options mirror the WebAuthn `PublicKeyCredentialRequestOptions` JSON
|
|
220
|
+
serialization so that the values provided by any WebAuthn server library
|
|
221
|
+
can be passed through unchanged.
|
|
222
|
+
|
|
223
|
+
| Param | Type |
|
|
224
|
+
| ------------- | --------------------------------------------------------------- |
|
|
225
|
+
| **`options`** | <code><a href="#getpasskeyoptions">GetPasskeyOptions</a></code> |
|
|
226
|
+
|
|
227
|
+
**Returns:** <code>Promise<<a href="#getpasskeyresult">GetPasskeyResult</a>></code>
|
|
228
|
+
|
|
229
|
+
**Since:** 0.1.0
|
|
230
|
+
|
|
231
|
+
--------------------
|
|
232
|
+
|
|
233
|
+
|
|
234
|
+
### isAvailable()
|
|
235
|
+
|
|
236
|
+
```typescript
|
|
237
|
+
isAvailable() => Promise<IsAvailableResult>
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
Check if passkeys are available on this device.
|
|
241
|
+
|
|
242
|
+
On **Android**, this returns `true` if the device runs Android 9 (API level 28) or higher.
|
|
243
|
+
On **iOS**, this always returns `true`.
|
|
244
|
+
On **Web**, this returns `true` if the browser supports WebAuthn and
|
|
245
|
+
a user-verifying platform authenticator is available.
|
|
246
|
+
|
|
247
|
+
**Returns:** <code>Promise<<a href="#isavailableresult">IsAvailableResult</a>></code>
|
|
248
|
+
|
|
249
|
+
**Since:** 0.1.0
|
|
250
|
+
|
|
251
|
+
--------------------
|
|
252
|
+
|
|
253
|
+
|
|
254
|
+
### Interfaces
|
|
255
|
+
|
|
256
|
+
|
|
257
|
+
#### CreatePasskeyResult
|
|
258
|
+
|
|
259
|
+
The result of the passkey creation.
|
|
260
|
+
|
|
261
|
+
This mirrors the WebAuthn `RegistrationResponseJSON` so it can be
|
|
262
|
+
passed to any WebAuthn server library for verification.
|
|
263
|
+
|
|
264
|
+
| Prop | Type | Description | Since |
|
|
265
|
+
| ----------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ----- |
|
|
266
|
+
| **`authenticatorAttachment`** | <code><a href="#passkeyauthenticatorattachment">PasskeyAuthenticatorAttachment</a></code> | The attachment of the authenticator that created the passkey. | 0.1.0 |
|
|
267
|
+
| **`id`** | <code>string</code> | The credential identifier as a base64url-encoded string. | 0.1.0 |
|
|
268
|
+
| **`rawId`** | <code>string</code> | The raw credential identifier as a base64url-encoded string. | 0.1.0 |
|
|
269
|
+
| **`response`** | <code><a href="#createpasskeyresponse">CreatePasskeyResponse</a></code> | The response of the authenticator. | 0.1.0 |
|
|
270
|
+
| **`type`** | <code>'public-key'</code> | The credential type. | 0.1.0 |
|
|
271
|
+
|
|
272
|
+
|
|
273
|
+
#### CreatePasskeyResponse
|
|
274
|
+
|
|
275
|
+
The response of the authenticator for the registration of a new passkey.
|
|
276
|
+
|
|
277
|
+
This mirrors the WebAuthn `AuthenticatorAttestationResponse` JSON
|
|
278
|
+
serialization.
|
|
279
|
+
|
|
280
|
+
| Prop | Type | Description | Since |
|
|
281
|
+
| ------------------------ | ------------------------------- | -------------------------------------------------------------------------------------------- | ----- |
|
|
282
|
+
| **`attestationObject`** | <code>string</code> | The attestation object as a base64url-encoded string. | 0.1.0 |
|
|
283
|
+
| **`authenticatorData`** | <code>string</code> | The authenticator data as a base64url-encoded string. Only available on Android and Web. | 0.1.0 |
|
|
284
|
+
| **`clientDataJSON`** | <code>string</code> | The client data as a base64url-encoded string. | 0.1.0 |
|
|
285
|
+
| **`publicKey`** | <code>string</code> | The DER-encoded public key as a base64url-encoded string. Only available on Android and Web. | 0.1.0 |
|
|
286
|
+
| **`publicKeyAlgorithm`** | <code>number</code> | The COSE algorithm identifier of the public key. Only available on Android and Web. | 0.1.0 |
|
|
287
|
+
| **`transports`** | <code>PasskeyTransport[]</code> | The transports that the authenticator supports. Only available on Android and Web. | 0.1.0 |
|
|
288
|
+
|
|
289
|
+
|
|
290
|
+
#### CreatePasskeyOptions
|
|
291
|
+
|
|
292
|
+
| Prop | Type | Description | Default | Since |
|
|
293
|
+
| ---------------------------- | --------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | ----- |
|
|
294
|
+
| **`attestation`** | <code><a href="#passkeyattestation">PasskeyAttestation</a></code> | The attestation conveyance preference. | <code>'none'</code> | 0.1.0 |
|
|
295
|
+
| **`authenticatorSelection`** | <code><a href="#passkeyauthenticatorselection">PasskeyAuthenticatorSelection</a></code> | Criteria that the authenticator must meet. | | 0.1.0 |
|
|
296
|
+
| **`challenge`** | <code>string</code> | The challenge provided by the relying party server as a base64url-encoded string. | | 0.1.0 |
|
|
297
|
+
| **`excludeCredentials`** | <code>PasskeyCredentialDescriptor[]</code> | Credentials that already exist for the user, so that the authenticator does not create a second passkey for the same account. On **iOS**, this option is only applied on iOS 17.4 and later. | | 0.1.0 |
|
|
298
|
+
| **`pubKeyCredParams`** | <code>PasskeyCredentialParameter[]</code> | The public key credential types and algorithms that the relying party server supports, ordered from most to least preferred. Only available on Android and Web. | | 0.1.0 |
|
|
299
|
+
| **`rp`** | <code><a href="#passkeyrelyingparty">PasskeyRelyingParty</a></code> | The relying party for which the passkey is created. | | 0.1.0 |
|
|
300
|
+
| **`timeout`** | <code>number</code> | The time in milliseconds that the caller is willing to wait for the operation to complete. Only available on Android and Web. | | 0.1.0 |
|
|
301
|
+
| **`user`** | <code><a href="#passkeyuser">PasskeyUser</a></code> | The user account for which the passkey is created. | | 0.1.0 |
|
|
302
|
+
|
|
303
|
+
|
|
304
|
+
#### PasskeyAuthenticatorSelection
|
|
305
|
+
|
|
306
|
+
Criteria that the authenticator must meet to create a passkey.
|
|
307
|
+
|
|
308
|
+
| Prop | Type | Description | Default | Since |
|
|
309
|
+
| ----------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ----- |
|
|
310
|
+
| **`authenticatorAttachment`** | <code><a href="#passkeyauthenticatorattachment">PasskeyAuthenticatorAttachment</a></code> | The authenticator attachment modality. Only available on Android and Web. | | 0.1.0 |
|
|
311
|
+
| **`requireResidentKey`** | <code>boolean</code> | Whether or not a discoverable credential (passkey) is required. This property is retained for backwards compatibility with WebAuthn Level 1. Prefer `residentKey`. Only available on Android and Web. | | 0.1.0 |
|
|
312
|
+
| **`residentKey`** | <code><a href="#passkeyresidentkey">PasskeyResidentKey</a></code> | The extent to which the relying party desires to create a discoverable credential (passkey). Only available on Android and Web. | | 0.1.0 |
|
|
313
|
+
| **`userVerification`** | <code><a href="#passkeyuserverification">PasskeyUserVerification</a></code> | The user verification requirement. | <code>'preferred'</code> | 0.1.0 |
|
|
314
|
+
|
|
315
|
+
|
|
316
|
+
#### PasskeyCredentialDescriptor
|
|
317
|
+
|
|
318
|
+
A descriptor that identifies a specific credential.
|
|
319
|
+
|
|
320
|
+
| Prop | Type | Description | Since |
|
|
321
|
+
| ---------------- | ------------------------------- | ---------------------------------------------------------------------------------------------------- | ----- |
|
|
322
|
+
| **`id`** | <code>string</code> | The credential identifier as a base64url-encoded string. | 0.1.0 |
|
|
323
|
+
| **`transports`** | <code>PasskeyTransport[]</code> | The transports that the authenticator of the credential supports. Only available on Android and Web. | 0.1.0 |
|
|
324
|
+
| **`type`** | <code>'public-key'</code> | The credential type. | 0.1.0 |
|
|
325
|
+
|
|
326
|
+
|
|
327
|
+
#### PasskeyCredentialParameter
|
|
328
|
+
|
|
329
|
+
A public key credential type and algorithm that the relying party
|
|
330
|
+
server supports.
|
|
331
|
+
|
|
332
|
+
| Prop | Type | Description | Since |
|
|
333
|
+
| ---------- | ------------------------- | ----------------------------------------------------------------------- | ----- |
|
|
334
|
+
| **`alg`** | <code>number</code> | The COSE algorithm identifier, e.g. `-7` for ES256 or `-257` for RS256. | 0.1.0 |
|
|
335
|
+
| **`type`** | <code>'public-key'</code> | The credential type. | 0.1.0 |
|
|
336
|
+
|
|
337
|
+
|
|
338
|
+
#### PasskeyRelyingParty
|
|
339
|
+
|
|
340
|
+
The relying party for which a passkey is created.
|
|
341
|
+
|
|
342
|
+
| Prop | Type | Description | Since |
|
|
343
|
+
| ---------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ----- |
|
|
344
|
+
| **`id`** | <code>string</code> | The identifier of the relying party. This must be a registrable domain suffix of (or equal to) the domain that the app is associated with. | 0.1.0 |
|
|
345
|
+
| **`name`** | <code>string</code> | The human-readable name of the relying party. | 0.1.0 |
|
|
346
|
+
|
|
347
|
+
|
|
348
|
+
#### PasskeyUser
|
|
349
|
+
|
|
350
|
+
The user account for which a passkey is created.
|
|
351
|
+
|
|
352
|
+
| Prop | Type | Description | Since |
|
|
353
|
+
| ----------------- | ------------------- | ------------------------------------------------------------------------------ | ----- |
|
|
354
|
+
| **`displayName`** | <code>string</code> | The human-readable display name of the user account. | 0.1.0 |
|
|
355
|
+
| **`id`** | <code>string</code> | The user handle of the user account as a base64url-encoded string. | 0.1.0 |
|
|
356
|
+
| **`name`** | <code>string</code> | The human-readable name of the user account, e.g. a username or email address. | 0.1.0 |
|
|
357
|
+
|
|
358
|
+
|
|
359
|
+
#### GetPasskeyResult
|
|
360
|
+
|
|
361
|
+
The result of the passkey authentication.
|
|
362
|
+
|
|
363
|
+
This mirrors the WebAuthn `AuthenticationResponseJSON` so it can be
|
|
364
|
+
passed to any WebAuthn server library for verification.
|
|
365
|
+
|
|
366
|
+
| Prop | Type | Description | Since |
|
|
367
|
+
| ----------------------------- | ----------------------------------------------------------------------------------------- | -------------------------------------------------------------- | ----- |
|
|
368
|
+
| **`authenticatorAttachment`** | <code><a href="#passkeyauthenticatorattachment">PasskeyAuthenticatorAttachment</a></code> | The attachment of the authenticator that provided the passkey. | 0.1.0 |
|
|
369
|
+
| **`id`** | <code>string</code> | The credential identifier as a base64url-encoded string. | 0.1.0 |
|
|
370
|
+
| **`rawId`** | <code>string</code> | The raw credential identifier as a base64url-encoded string. | 0.1.0 |
|
|
371
|
+
| **`response`** | <code><a href="#getpasskeyresponse">GetPasskeyResponse</a></code> | The response of the authenticator. | 0.1.0 |
|
|
372
|
+
| **`type`** | <code>'public-key'</code> | The credential type. | 0.1.0 |
|
|
373
|
+
|
|
374
|
+
|
|
375
|
+
#### GetPasskeyResponse
|
|
376
|
+
|
|
377
|
+
The response of the authenticator for the authentication with an
|
|
378
|
+
existing passkey.
|
|
379
|
+
|
|
380
|
+
This mirrors the WebAuthn `AuthenticatorAssertionResponse` JSON
|
|
381
|
+
serialization.
|
|
382
|
+
|
|
383
|
+
| Prop | Type | Description | Since |
|
|
384
|
+
| ----------------------- | ------------------- | --------------------------------------------------------------------------------------- | ----- |
|
|
385
|
+
| **`authenticatorData`** | <code>string</code> | The authenticator data as a base64url-encoded string. | 0.1.0 |
|
|
386
|
+
| **`clientDataJSON`** | <code>string</code> | The client data as a base64url-encoded string. | 0.1.0 |
|
|
387
|
+
| **`signature`** | <code>string</code> | The signature as a base64url-encoded string. | 0.1.0 |
|
|
388
|
+
| **`userHandle`** | <code>string</code> | The user handle (the `user.id` provided during creation) as a base64url-encoded string. | 0.1.0 |
|
|
389
|
+
|
|
390
|
+
|
|
391
|
+
#### GetPasskeyOptions
|
|
392
|
+
|
|
393
|
+
| Prop | Type | Description | Default | Since |
|
|
394
|
+
| ---------------------- | --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | ----- |
|
|
395
|
+
| **`allowCredentials`** | <code>PasskeyCredentialDescriptor[]</code> | The credentials that are acceptable to the relying party server. If not provided, the user can select from any discoverable credential (passkey) of the relying party. | | 0.1.0 |
|
|
396
|
+
| **`challenge`** | <code>string</code> | The challenge provided by the relying party server as a base64url-encoded string. | | 0.1.0 |
|
|
397
|
+
| **`rpId`** | <code>string</code> | The identifier of the relying party. | | 0.1.0 |
|
|
398
|
+
| **`timeout`** | <code>number</code> | The time in milliseconds that the caller is willing to wait for the operation to complete. Only available on Android and Web. | | 0.1.0 |
|
|
399
|
+
| **`userVerification`** | <code><a href="#passkeyuserverification">PasskeyUserVerification</a></code> | The user verification requirement. | <code>'preferred'</code> | 0.1.0 |
|
|
400
|
+
|
|
401
|
+
|
|
402
|
+
#### IsAvailableResult
|
|
403
|
+
|
|
404
|
+
| Prop | Type | Description | Since |
|
|
405
|
+
| --------------- | -------------------- | ----------------------------------------------------- | ----- |
|
|
406
|
+
| **`available`** | <code>boolean</code> | Whether or not passkeys are available on this device. | 0.1.0 |
|
|
407
|
+
|
|
408
|
+
|
|
409
|
+
### Type Aliases
|
|
410
|
+
|
|
411
|
+
|
|
412
|
+
#### PasskeyAuthenticatorAttachment
|
|
413
|
+
|
|
414
|
+
The authenticator attachment modality.
|
|
415
|
+
|
|
416
|
+
<code>'cross-platform' | 'platform'</code>
|
|
417
|
+
|
|
418
|
+
|
|
419
|
+
#### PasskeyTransport
|
|
420
|
+
|
|
421
|
+
A transport that an authenticator supports.
|
|
422
|
+
|
|
423
|
+
<code>'ble' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb'</code>
|
|
424
|
+
|
|
425
|
+
|
|
426
|
+
#### PasskeyAttestation
|
|
427
|
+
|
|
428
|
+
The attestation conveyance preference.
|
|
429
|
+
|
|
430
|
+
<code>'direct' | 'enterprise' | 'indirect' | 'none'</code>
|
|
431
|
+
|
|
432
|
+
|
|
433
|
+
#### PasskeyResidentKey
|
|
434
|
+
|
|
435
|
+
The extent to which the relying party desires to create a
|
|
436
|
+
discoverable credential (passkey).
|
|
437
|
+
|
|
438
|
+
<code>'discouraged' | 'preferred' | 'required'</code>
|
|
439
|
+
|
|
440
|
+
|
|
441
|
+
#### PasskeyUserVerification
|
|
442
|
+
|
|
443
|
+
The user verification requirement.
|
|
444
|
+
|
|
445
|
+
- `discouraged`: The relying party prefers no user verification.
|
|
446
|
+
- `preferred`: The relying party prefers user verification but will
|
|
447
|
+
not fail the operation without it.
|
|
448
|
+
- `required`: The relying party requires user verification.
|
|
449
|
+
|
|
450
|
+
<code>'discouraged' | 'preferred' | 'required'</code>
|
|
451
|
+
|
|
452
|
+
</docgen-api>
|
|
453
|
+
|
|
454
|
+
## Testing
|
|
455
|
+
|
|
456
|
+
Keep the following in mind when testing your passkey integration:
|
|
457
|
+
|
|
458
|
+
- **Real device recommended**: Test on a real device with a screen lock set up. On iOS, the Simulator supports passkeys since iOS 16. On Android, the Emulator requires Google Play services and a Google account with Google Password Manager set up.
|
|
459
|
+
- **WebAuthn server**: The challenges in this plugin's examples are only placeholders. In production, the options must be generated and the results must be verified by a WebAuthn server library such as [SimpleWebAuthn](https://simplewebauthn.dev/) (Node.js) or [java-webauthn-server](https://github.com/Yubico/java-webauthn-server) (Java).
|
|
460
|
+
- **Domain association**: The relying party ID must be associated with your app (see the Installation section). Domain association changes can take some time to propagate, as the files are cached by Apple and Google.
|
|
461
|
+
|
|
462
|
+
## Limitations
|
|
463
|
+
|
|
464
|
+
Conditional UI (passkey autofill) is not supported by this plugin. The operating system autofill integrations target native text fields, not HTML inputs in a web view.
|
|
465
|
+
|
|
466
|
+
## Changelog
|
|
467
|
+
|
|
468
|
+
See [CHANGELOG.md](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/passkeys/CHANGELOG.md).
|
|
469
|
+
|
|
470
|
+
## License
|
|
471
|
+
|
|
472
|
+
See [LICENSE](https://github.com/capawesome-team/capacitor-plugins/blob/main/packages/passkeys/LICENSE).
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
ext {
|
|
2
|
+
junitVersion = project.hasProperty('junitVersion') ? rootProject.ext.junitVersion : '4.13.2'
|
|
3
|
+
androidxAppCompatVersion = project.hasProperty('androidxAppCompatVersion') ? rootProject.ext.androidxAppCompatVersion : '1.7.1'
|
|
4
|
+
androidxCredentialsVersion = project.hasProperty('androidxCredentialsVersion') ? rootProject.ext.androidxCredentialsVersion : '1.5.0'
|
|
5
|
+
androidxJunitVersion = project.hasProperty('androidxJunitVersion') ? rootProject.ext.androidxJunitVersion : '1.3.0'
|
|
6
|
+
androidxEspressoCoreVersion = project.hasProperty('androidxEspressoCoreVersion') ? rootProject.ext.androidxEspressoCoreVersion : '3.7.0'
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
buildscript {
|
|
10
|
+
repositories {
|
|
11
|
+
google()
|
|
12
|
+
mavenCentral()
|
|
13
|
+
}
|
|
14
|
+
dependencies {
|
|
15
|
+
classpath 'com.android.tools.build:gradle:8.13.0'
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
apply plugin: 'com.android.library'
|
|
20
|
+
|
|
21
|
+
android {
|
|
22
|
+
namespace = "io.capawesome.capacitorjs.plugins.passkeys"
|
|
23
|
+
compileSdk = project.hasProperty('compileSdkVersion') ? rootProject.ext.compileSdkVersion : 36
|
|
24
|
+
defaultConfig {
|
|
25
|
+
minSdkVersion project.hasProperty('minSdkVersion') ? rootProject.ext.minSdkVersion : 24
|
|
26
|
+
targetSdkVersion project.hasProperty('targetSdkVersion') ? rootProject.ext.targetSdkVersion : 36
|
|
27
|
+
versionCode 1
|
|
28
|
+
versionName "1.0"
|
|
29
|
+
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
|
|
30
|
+
}
|
|
31
|
+
buildTypes {
|
|
32
|
+
release {
|
|
33
|
+
minifyEnabled false
|
|
34
|
+
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
lintOptions {
|
|
38
|
+
abortOnError = false
|
|
39
|
+
}
|
|
40
|
+
compileOptions {
|
|
41
|
+
sourceCompatibility JavaVersion.VERSION_21
|
|
42
|
+
targetCompatibility JavaVersion.VERSION_21
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
repositories {
|
|
47
|
+
google()
|
|
48
|
+
mavenCentral()
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
|
|
52
|
+
dependencies {
|
|
53
|
+
implementation fileTree(dir: 'libs', include: ['*.jar'])
|
|
54
|
+
implementation project(':capacitor-android')
|
|
55
|
+
implementation "androidx.appcompat:appcompat:$androidxAppCompatVersion"
|
|
56
|
+
implementation "androidx.credentials:credentials:$androidxCredentialsVersion"
|
|
57
|
+
implementation "androidx.credentials:credentials-play-services-auth:$androidxCredentialsVersion"
|
|
58
|
+
testImplementation "junit:junit:$junitVersion"
|
|
59
|
+
androidTestImplementation "androidx.test.ext:junit:$androidxJunitVersion"
|
|
60
|
+
androidTestImplementation "androidx.test.espresso:espresso-core:$androidxEspressoCoreVersion"
|
|
61
|
+
}
|