Module: Unmagic::Passkeys::WebAuthn

Defined in:: lib/unmagic/passkeys/web_authn.rb

Overview

Action Pack WebAuthn

Provides a pure-Ruby implementation of the WebAuthn (Web Authentication) specification for passkey registration and authentication. This module is the top-level namespace for all WebAuthn components and provides shared utilities used across ceremonies.

Components

[Unmagic::Passkeys::WebAuthn::RelyingParty] Identifies your application to authenticators.

[Unmagic::Passkeys::WebAuthn::PublicKeyCredential] Orchestrates registration and authentication ceremonies.

[Unmagic::Passkeys::WebAuthn::Authenticator] Parses and validates authenticator responses.

[Unmagic::Passkeys::WebAuthn::CborDecoder] Decodes CBOR-encoded data from authenticators.

[Unmagic::Passkeys::WebAuthn::CoseKey] Parses COSE public keys into OpenSSL key objects.

Extending Attestation Formats

By default only the "none" attestation format is supported. Register additional verifiers with:

Unmagic::Passkeys::WebAuthn.register_attestation_verifier("packed", MyPackedVerifier.new)

Defined Under Namespace

Modules: Authenticator Classes: CborDecoder, CoseKey, Current, InvalidCborError, InvalidKeyError, InvalidOptionsError, InvalidResponseError, PublicKeyCredential, RelyingParty, UnsupportedKeyTypeError

Class Method Summary collapse

.attestation_verifiers ⇒ Object
Returns the registry of attestation format verifiers, keyed by format string (e.g., "none", "packed").
.challenge_verifier ⇒ Object
Returns the MessageVerifier used to sign and verify WebAuthn challenges.
.register_attestation_verifier(format, verifier) ⇒ Object
Registers a custom attestation verifier for the given format.
.relying_party ⇒ Object
Returns a new RelyingParty.

Class Method Details

.attestation_verifiers ⇒ `Object`

Returns the registry of attestation format verifiers, keyed by format string (e.g., "none", "packed"). Only "none" is registered by default.

# File 'lib/unmagic/passkeys/web_authn.rb', line 59

def attestation_verifiers
  @attestation_verifiers ||= {
    "none" => Authenticator::AttestationVerifiers::None.new
  }
end

.challenge_verifier ⇒ `Object`

Returns the MessageVerifier used to sign and verify WebAuthn challenges.



53
54
55

# File 'lib/unmagic/passkeys/web_authn.rb', line 53

def challenge_verifier
  Rails.application.message_verifier("action_pack.webauthn.challenge")
end

.register_attestation_verifier(format, verifier) ⇒ `Object`

Registers a custom attestation verifier for the given format. The verifier must respond to verify!(attestation, client_data_json:).



67
68
69

# File 'lib/unmagic/passkeys/web_authn.rb', line 67

def register_attestation_verifier(format, verifier)
  attestation_verifiers[format.to_s] = verifier
end

.relying_party ⇒ `Object`

Returns a new RelyingParty. Identity comes from Unmagic::Passkeys.configuration when set, otherwise falls back to the current request host and Rails.application.name.

# File 'lib/unmagic/passkeys/web_authn.rb', line 43

def relying_party
  config = Unmagic::Passkeys.configuration

  RelyingParty.new(
    id: config.relying_party_id || Current.host,
    name: config.relying_party_name || Rails.application.name
  )
end