Documentation
¶
Overview ¶
Package mockwallet is a software FIDO2/WebAuthn authenticator that stands in for the Privasys Wallet in end-to-end tests. It completes the IdP's device authorization the way a phone would, so the CLI's onboarding flow (`auth begin` / `auth_begin` -> approve -> `auth poll`) can be driven without a real device.
The WebAuthn cryptography is handled by github.com/descope/virtualwebauthn, the matched client for the IdP's server-side github.com/go-webauthn/webauthn. This package only adds the Privasys-specific glue: the `/fido2/*` ceremony endpoints, the `session_id` binding, and the device-approver that maps a user_code to the in-flight session.
It is a TEST helper, never compiled into the privasys binary.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Wallet ¶
type Wallet struct {
// contains filtered or unexported fields
}
Wallet is a single software authenticator identity (one credential).
func New ¶
func New() *Wallet
New creates a fresh wallet identity (a new P-256 credential + user handle). Each E2E run gets a new test user, which keeps runs independent.
func (*Wallet) ApproveDevice ¶
ApproveDevice completes a pending device authorization for the given user_code: it looks up the device's session and registers a fresh credential bound to it, which marks the session authenticated (the CLI's poll then receives a token). idpURL is the IdP origin (no trailing slash).
func (*Wallet) AssertStepUp ¶
AssertStepUp signs a WebAuthn assertion for the given options with this wallet's credential. It matches secrets.StepUpAssertFunc, so the CLI's export flow can hand it the IdP's /fido2/vault-approval/begin options and get back the assertion body the /complete step expects — exactly what the Privasys Wallet's "Vault approvals" screen will do for a human. The wallet must have registered first (ApproveDevice), so its credential exists for the user.