1.0.0 • Published 10 months ago

@oslojs/webauthn v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

@oslojs/webauthn

Documentation: https://webauthn.oslojs.dev

A JavaScript library for working with the Web Authentication API on the server by Oslo.

  • Runtime-agnostic
  • No third-party dependencies
  • Fully typed
import { parseAttestationObject, COSEKeyType, coseAlgorithmES256 } from "@oslojs/webauthn";

const { attestationStatement, authenticatorData } = await parseAttestationObject(encoded);
if (!authenticatorData.userPresent || !authenticatorData.userVerified) {
	throw new Error("User must be verified");
}

if (!authenticatorData.verifyRelyingPartyIdHash("example.com")) {
	throw new Error("Invalid relying party ID hash");
}
if (authenticatorData.credential === null) {
	throw new Error("Expected credential");
}
if (authenticatorData.credential.publicKey.type() !== COSEKeyType.EC2) {
	throw new Error("Unsupported algorithm");
}
if (authenticatorData.credential.publicKey.algorithm() !== coseAlgorithmES256) {
	throw new Error("Unsupported algorithm");
}
const publicKey = authenticatorData.credential.publicKey.ec2();

This package currently does not support attestation extensions and also does not provide APIs for verifying attestation statements (e.g FIDO-U2F, TPM).

Installation

npm i @oslojs/webauthn
authwebauthnpasskey
@oslojs/asn1@oslojs/binary@oslojs/cbor@oslojs/crypto@oslojs/encoding
1.0.0

10 months ago

0.6.4

11 months ago

0.6.3

12 months ago

0.6.2

12 months ago

0.6.1

12 months ago

0.6.0

1 year ago

0.5.2

1 year ago

0.5.1

1 year ago

0.5.0

1 year ago

0.4.0

1 year ago

0.3.0

1 year ago

0.2.1

1 year ago

0.2.0

1 year ago

0.1.0

1 year ago