Class: Unmagic::Passkeys::WebAuthn::PublicKeyCredential::Options

Inherits:

Object

Object
Unmagic::Passkeys::WebAuthn::PublicKeyCredential::Options

show all

Includes:: ActiveModel::API, ActiveModel::Attributes

Defined in:: lib/unmagic/passkeys/web_authn/public_key_credential/options.rb

Overview

Action Pack WebAuthn Public Key Credential Options

Abstract base class for WebAuthn ceremony options. Provides shared attributes and challenge generation for both CreationOptions (registration) and RequestOptions (authentication).

This class should not be instantiated directly. Use CreationOptions or RequestOptions instead.

Challenge Generation

Each options object generates a signed, expiring challenge via Unmagic::Passkeys::WebAuthn.challenge_verifier. The challenge is Base64URL-encoded and includes an embedded timestamp so the server can reject stale challenges.

Attributes

user_verification: Controls whether user verification (biometrics/PIN) is required. One of :required, :preferred, or :discouraged. Defaults to :preferred.
relying_party: The RelyingParty configuration. Defaults to Unmagic::Passkeys::WebAuthn.relying_party.
challenge_expiration: How long the challenge remains valid. Defaults vary by ceremony type (configured in the Railtie).

Direct Known Subclasses

CreationOptions, RequestOptions

Constant Summary collapse

CHALLENGE_LENGTH =

USER_VERIFICATION_OPTIONS =

%i[ required preferred discouraged ].freeze

Instance Method Summary collapse

#challenge ⇒ Object

Returns a Base64URL-encoded signed challenge containing a random nonce and an embedded timestamp.
#initialize(attributes = {}) ⇒ Options constructor

A new instance of Options.
#inspect ⇒ Object

Returns a human-readable representation of the options.
#validate! ⇒ Object

Validates the options, raising InvalidOptionsError if any are invalid.

Constructor Details

#initialize(attributes = {}) ⇒ `Options`

Returns a new instance of Options.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/options.rb', line 43

def initialize(attributes = {})
  super
  self.user_verification = user_verification.to_sym
end

Instance Method Details

#challenge ⇒ `Object`

Returns a Base64URL-encoded signed challenge containing a random nonce and an embedded timestamp. The challenge is generated once and memoized for the lifetime of this object.

The timestamp allows the server to reject stale challenges. The expiration window is configurable per-ceremony via config.unmagic_passkeys.web_authn.creation_challenge_expiration and config.unmagic_passkeys.web_authn.request_challenge_expiration, or per-instance via the challenge_expiration attribute.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/options.rb', line 70

def challenge
  @challenge ||= Base64.urlsafe_encode64(
    Unmagic::Passkeys::WebAuthn.challenge_verifier.generate(
      Base64.strict_encode64(SecureRandom.random_bytes(CHALLENGE_LENGTH)),
      expires_in: challenge_expiration,
      purpose: challenge_purpose
    ),
    padding: false
  )
end

#inspect ⇒ `Object`

Returns a human-readable representation of the options.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/options.rb', line 56

def inspect
  attributes_string = attributes.map { |name, value| "#{name}: #{value.inspect}" }.join(", ")
  "#<#{self.class.name} #{attributes_string}>"
end

#validate! ⇒ `Object`

Validates the options, raising InvalidOptionsError if any are invalid.

# File 'lib/unmagic/passkeys/web_authn/public_key_credential/options.rb', line 49

def validate!
  super
rescue ActiveModel::ValidationError
  raise Unmagic::Passkeys::WebAuthn::InvalidOptionsError, errors.full_messages.to_sentence
end