@dfns/sdk-browser 0.6.0-rc1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/signers/webauthn.d.ts +22 -4
- package/signers/webauthn.js +9 -6
package/package.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dfns/sdk-browser",
|
|
3
|
-
"version": "0.6.0
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"dependencies": {
|
|
5
5
|
"buffer": "6.0.3",
|
|
6
6
|
"cross-fetch": "3.1.6",
|
|
7
7
|
"uuid": "9.0.0"
|
|
8
8
|
},
|
|
9
9
|
"peerDependencies": {
|
|
10
|
-
"@dfns/sdk": "0.6.0
|
|
10
|
+
"@dfns/sdk": "0.6.0"
|
|
11
11
|
},
|
|
12
12
|
"main": "./index.js",
|
|
13
13
|
"type": "commonjs"
|
package/signers/webauthn.d.ts
CHANGED
|
@@ -1,13 +1,31 @@
|
|
|
1
1
|
import { CredentialSigner, CredentialStore, Fido2Assertion, Fido2Attestation, UserActionChallenge } from '@dfns/sdk';
|
|
2
2
|
import { CreateCredentialChallengeResponse, CreateRegistrationChallengeResponse } from '@dfns/sdk/generated/auth';
|
|
3
3
|
export declare const DEFAULT_WAIT_TIMEOUT = 60000;
|
|
4
|
+
interface WebAuthnSignerConf {
|
|
5
|
+
/**
|
|
6
|
+
* The relying party identifies your application to users, when users create/use passkeys. (Read more [here](https://www.w3.org/TR/webauthn-2/#relying-party)).
|
|
7
|
+
* - id: The relying party identifier is a valid domain string identifying the WebAuthn Relying Party.
|
|
8
|
+
* In other words, its the domain your application is running on, which will be tied to the passkeys that users create.
|
|
9
|
+
* We advise to use the root domain, not the full domain (eg `acme.com`, not `app.acme.com` nor `foo.app.acme.com`), that way, passkeys created
|
|
10
|
+
* by your users can be re-used on other subdomains (eg. on `foo.acme.com` and `bar.acme.com`) in the future. Read more [here](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp).
|
|
11
|
+
* - name: A string representing the name of the relying party (e.g. "Acme"). This is the name the user will be presented with when creating or validating a WebAuthn operation.
|
|
12
|
+
*/
|
|
13
|
+
relyingParty: {
|
|
14
|
+
id: string;
|
|
15
|
+
name: string;
|
|
16
|
+
};
|
|
17
|
+
/**
|
|
18
|
+
* Timeout to use for navigotor.credentials calls. That's the time after which if user did not successfully
|
|
19
|
+
* select and use his passkey, an error will be thrown by webauthn client. Read more [here](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#timeout).
|
|
20
|
+
* */
|
|
21
|
+
timeout?: number;
|
|
22
|
+
}
|
|
4
23
|
export declare class WebAuthnSigner implements CredentialSigner<Fido2Assertion>, CredentialStore<Fido2Attestation> {
|
|
5
|
-
private
|
|
6
|
-
constructor(
|
|
7
|
-
timeout?: number | undefined;
|
|
8
|
-
} | undefined);
|
|
24
|
+
private conf;
|
|
25
|
+
constructor(conf: WebAuthnSignerConf);
|
|
9
26
|
sign(challenge: UserActionChallenge): Promise<Fido2Assertion>;
|
|
10
27
|
create(challenge: CreateRegistrationChallengeResponse | (CreateCredentialChallengeResponse & {
|
|
11
28
|
kind: 'Fido2';
|
|
12
29
|
})): Promise<Fido2Attestation>;
|
|
13
30
|
}
|
|
31
|
+
export {};
|
package/signers/webauthn.js
CHANGED
|
@@ -6,8 +6,11 @@ const utils_1 = require("@dfns/sdk/utils");
|
|
|
6
6
|
const buffer_1 = require("buffer");
|
|
7
7
|
exports.DEFAULT_WAIT_TIMEOUT = 60000;
|
|
8
8
|
class WebAuthnSigner {
|
|
9
|
-
constructor(
|
|
10
|
-
this.
|
|
9
|
+
constructor(conf) {
|
|
10
|
+
this.conf = conf;
|
|
11
|
+
if (!this.conf?.relyingParty?.id || !this.conf?.relyingParty?.name) {
|
|
12
|
+
throw new sdk_1.DfnsError(-1, `Relying party ID and name must be specified in the WebauthnSigner initializer`);
|
|
13
|
+
}
|
|
11
14
|
}
|
|
12
15
|
async sign(challenge) {
|
|
13
16
|
const response = await navigator.credentials.get({
|
|
@@ -17,9 +20,9 @@ class WebAuthnSigner {
|
|
|
17
20
|
id: (0, utils_1.fromBase64Url)(id),
|
|
18
21
|
type,
|
|
19
22
|
})),
|
|
20
|
-
rpId:
|
|
23
|
+
rpId: this.conf.relyingParty.id,
|
|
21
24
|
userVerification: challenge.userVerification,
|
|
22
|
-
timeout: this.
|
|
25
|
+
timeout: this.conf.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
|
|
23
26
|
},
|
|
24
27
|
});
|
|
25
28
|
if (response === null) {
|
|
@@ -43,7 +46,7 @@ class WebAuthnSigner {
|
|
|
43
46
|
publicKey: {
|
|
44
47
|
challenge: buffer_1.Buffer.from(challenge.challenge),
|
|
45
48
|
pubKeyCredParams: challenge.pubKeyCredParams,
|
|
46
|
-
rp:
|
|
49
|
+
rp: this.conf.relyingParty,
|
|
47
50
|
user: {
|
|
48
51
|
displayName: challenge.user.displayName,
|
|
49
52
|
id: buffer_1.Buffer.from(challenge.user.id),
|
|
@@ -55,7 +58,7 @@ class WebAuthnSigner {
|
|
|
55
58
|
type,
|
|
56
59
|
})),
|
|
57
60
|
authenticatorSelection: challenge.authenticatorSelection,
|
|
58
|
-
timeout: this.
|
|
61
|
+
timeout: this.conf.timeout ?? exports.DEFAULT_WAIT_TIMEOUT,
|
|
59
62
|
},
|
|
60
63
|
};
|
|
61
64
|
const response = await navigator.credentials.create(options);
|