Class: Unmagic::Passkeys::WebAuthn::PublicKeyCredential::CreationOptions

Inherits:

Options

Object
Options
Unmagic::Passkeys::WebAuthn::PublicKeyCredential::CreationOptions

show all

Defined in:: lib/unmagic/passkeys/web_authn/public_key_credential/creation_options.rb

Overview

Action Pack WebAuthn Public Key Credential Creation Options

Generates options for the WebAuthn registration ceremony (creating a new credential). These options are passed to navigator.credentials.create() in the browser to prompt the user to register an authenticator.

Usage

options = Unmagic::Passkeys::WebAuthn::PublicKeyCredential::CreationOptions.new(
  id: current_user.id,
  name: current_user.email,
  display_name: current_user.name
)

# In your controller, return as JSON for the JavaScript WebAuthn API
render json: { publicKey: options.as_json }

Attributes

id: A unique identifier for the user account. Will be Base64URL-encoded in the output. This should be an opaque identifier (like a primary key), not personally identifiable information.
name: A human-readable identifier for the user account, typically an email address or username. Displayed by the authenticator.
display_name: A human-friendly name for the user, typically their full name. Displayed by the authenticator during registration.
relying_party: The relying party (your application) configuration. Defaults to Unmagic::Passkeys::WebAuthn.relying_party.

Supported Algorithms

By default, supports ES256 (ECDSA with P-256 and SHA-256), EdDSA (Ed25519), and RS256 (RSASSA-PKCS1-v1_5 with SHA-256), which cover the vast majority of authenticators.

Constant Summary collapse

ES256 =

{ type: "public-key", alg: -7 }.freeze

EDDSA =

{ type: "public-key", alg: -8 }.freeze

RS256 =

{ type: "public-key", alg: -257 }.freeze

RESIDENT_KEY_OPTIONS =

%i[ preferred required discouraged ].freeze

ATTESTATION_PREFERENCES =

%i[ none indirect direct enterprise ].freeze

Constants inherited from Options

Options::CHALLENGE_LENGTH, Options::USER_VERIFICATION_OPTIONS

Instance Method Summary collapse

#as_json(options = {}) ⇒ Object

Returns a Hash suitable for JSON serialization and passing to the WebAuthn JavaScript API.
#initialize(attributes = {}) ⇒ CreationOptions constructor

A new instance of CreationOptions.

Methods inherited from Options

#challenge, #inspect, #validate!

Constructor Details

#initialize(attributes = {}) ⇒ `CreationOptions`

Returns a new instance of CreationOptions.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/creation_options.rb', line 62

def initialize(attributes = {})
  super
  self.resident_key = resident_key.to_sym
  self.attestation = attestation.to_sym
  validate!
end

Instance Method Details

#as_json(options = {}) ⇒ `Object`

Returns a Hash suitable for JSON serialization and passing to the WebAuthn JavaScript API.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/creation_options.rb', line 71

def as_json(options = {})
  json = {
    challenge: challenge,
    rp: relying_party.as_json,
    user: {
      id: Base64.urlsafe_encode64(id.to_s, padding: false),
      name: name,
      displayName: display_name
    },
    pubKeyCredParams: [
      ES256,
      EDDSA,
      RS256
    ],
    authenticatorSelection: {
      residentKey: resident_key.to_s,
      requireResidentKey: resident_key == :required,
      userVerification: user_verification.to_s
    }
  }

  if exclude_credentials.any?
    json[:excludeCredentials] = exclude_credentials.map { |credential| exclude_credential_json(credential) }
  end

  if attestation != :none
    json[:attestation] = attestation.to_s
  end

  json.as_json(options)
end