passkey

package

v1.6.0 Latest Latest Go to latest Published: Apr 2, 2026 License: GPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eugenioenko/autentico

Links

Open Source Insights

Documentation ¶

Index ¶

func CreatePasskeyChallenge(challenge PasskeyChallenge) error
func CreatePasskeyCredential(cred PasskeyCredential) error
func CredentialsToWebAuthn(creds []PasskeyCredential) []webauthn.Credential
func DeletePasskeyCredential(credentialID string) error
func GeneratePasskeyName() string
func HandleLoginBegin(w http.ResponseWriter, r *http.Request)
func HandleLoginFinish(w http.ResponseWriter, r *http.Request)
func HandleRegisterBegin(w http.ResponseWriter, r *http.Request)
func HandleRegisterFinish(w http.ResponseWriter, r *http.Request)
func MarkPasskeyChallengeUsed(id string) error
func NewWebAuthn() (*webauthn.WebAuthn, error)
func UpdatePasskeyCredential(credentialID string, cred webauthn.Credential) error
func UpdatePasskeyName(id, name string) error
type LoginState
type PasskeyChallenge
- func PasskeyChallengeByID(id string) (*PasskeyChallenge, error)
type PasskeyCredential
- func PasskeyByID(id string) (*PasskeyCredential, error)
- func PasskeyCredentialsByUserID(userID string) ([]PasskeyCredential, error)
type RegistrationState
type WebAuthnUser
- func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
- func (u WebAuthnUser) WebAuthnDisplayName() string
- func (u WebAuthnUser) WebAuthnID() []byte
- func (u WebAuthnUser) WebAuthnName() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreatePasskeyChallenge ¶

func CreatePasskeyChallenge(challenge PasskeyChallenge) error

func CreatePasskeyCredential ¶

func CreatePasskeyCredential(cred PasskeyCredential) error

func CredentialsToWebAuthn ¶

func CredentialsToWebAuthn(creds []PasskeyCredential) []webauthn.Credential

CredentialsToWebAuthn converts stored PasskeyCredentials to webauthn.Credential slice.

func DeletePasskeyCredential ¶

func DeletePasskeyCredential(credentialID string) error

func GeneratePasskeyName ¶ added in v1.6.0

func GeneratePasskeyName() string

GeneratePasskeyName returns a default name like "Passkey a3f2".

func HandleLoginBegin ¶

func HandleLoginBegin(w http.ResponseWriter, r *http.Request)

HandleLoginBegin starts a passkey authentication ceremony. @Summary Begin passkey login @Description Initiates a WebAuthn authentication ceremony. The user must already have a registered passkey. Returns the options for the navigator.credentials.get call. @Tags passkey @Accept json @Produce json @Param username query string true "User's username" @Param redirect_uri query string false "Redirect URI" @Param state query string false "OAuth2 state" @Param client_id query string false "OAuth2 client ID" @Success 200 {object} map[string]any "WebAuthn assertion options" @Router /oauth2/passkey/login/begin [get]

func HandleLoginFinish ¶

func HandleLoginFinish(w http.ResponseWriter, r *http.Request)

HandleLoginFinish completes a passkey authentication ceremony. @Summary Complete passkey login @Description Processes the WebAuthn assertion from the client and issues an authorization code. @Tags passkey @Accept json @Produce json @Param challenge_id query string true "Challenge ID from BeginLogin" @Param assertion body map[string]any true "WebAuthn assertion response" @Success 200 {object} map[string]string "Redirect URL" @Router /oauth2/passkey/login/finish [post]

func HandleRegisterBegin ¶ added in v1.3.2

func HandleRegisterBegin(w http.ResponseWriter, r *http.Request)

HandleRegisterBegin starts a passkey registration ceremony. @Summary Begin passkey registration @Description Creates a user account (if not already present) and initiates a WebAuthn registration ceremony. @Tags passkey @Produce json @Param username query string true "Desired username" @Param email query string false "Email address" @Param redirect_uri query string false "Redirect URI" @Param state query string false "OAuth2 state" @Param client_id query string false "OAuth2 client ID" @Success 200 {object} map[string]any "WebAuthn registration options" @Router /oauth2/passkey/register/begin [get]

func HandleRegisterFinish ¶

func HandleRegisterFinish(w http.ResponseWriter, r *http.Request)

HandleRegisterFinish completes a passkey registration ceremony. @Summary Complete passkey registration @Description Processes the WebAuthn attestation from the client and registers the passkey. @Tags passkey @Accept json @Produce json @Param challenge_id query string true "Challenge ID from BeginRegistration" @Param attestation body map[string]any true "WebAuthn attestation response" @Success 200 {object} map[string]string "Redirect URL" @Router /oauth2/passkey/register/finish [post]

func MarkPasskeyChallengeUsed ¶

func MarkPasskeyChallengeUsed(id string) error

func NewWebAuthn ¶

func NewWebAuthn() (*webauthn.WebAuthn, error)

NewWebAuthn creates a WebAuthn instance from the current config.

func UpdatePasskeyCredential ¶

func UpdatePasskeyCredential(credentialID string, cred webauthn.Credential) error

UpdatePasskeyCredential stores the updated credential (e.g. new sign count) and sets last_used_at.

func UpdatePasskeyName ¶ added in v1.3.2

func UpdatePasskeyName(id, name string) error

Types ¶

type LoginState ¶

type LoginState struct {
	RedirectURI         string `json:"redirect_uri"`
	State               string `json:"state"`
	ClientID            string `json:"client_id"`
	Scope               string `json:"scope"`
	Nonce               string `json:"nonce"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

type PasskeyChallenge ¶

type PasskeyChallenge struct {
	ID            string
	UserID        string
	ChallengeData string // JSON-encoded webauthn.SessionData
	Type          string // "registration" or "authentication"
	LoginState    string // JSON-encoded LoginState
	CreatedAt     time.Time
	ExpiresAt     time.Time
	Used          bool
}

func PasskeyChallengeByID ¶

func PasskeyChallengeByID(id string) (*PasskeyChallenge, error)

type PasskeyCredential ¶

type PasskeyCredential struct {
	ID         string
	UserID     string
	Name       string
	Credential string // JSON-encoded webauthn.Credential
	CreatedAt  time.Time
	LastUsedAt *time.Time
}

func PasskeyByID ¶ added in v1.3.2

func PasskeyByID(id string) (*PasskeyCredential, error)

func PasskeyCredentialsByUserID ¶

func PasskeyCredentialsByUserID(userID string) ([]PasskeyCredential, error)

type RegistrationState ¶ added in v1.3.2

type RegistrationState struct {
	Username            string `json:"username"`
	Email               string `json:"email"`
	RedirectURI         string `json:"redirect_uri"`
	State               string `json:"state"`
	ClientID            string `json:"client_id"`
	Scope               string `json:"scope"`
	Nonce               string `json:"nonce"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

RegistrationState is stored in passkey_challenges for registration ceremonies. It is a superset of LoginState so completeAuthFlow can deserialise it directly.

type WebAuthnUser ¶

type WebAuthnUser struct {
	ID          []byte
	Name        string
	Credentials []webauthn.Credential
}

WebAuthnUser implements the webauthn.User interface.

func (WebAuthnUser) WebAuthnCredentials ¶

func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

func (WebAuthnUser) WebAuthnDisplayName ¶

func (u WebAuthnUser) WebAuthnDisplayName() string

func (WebAuthnUser) WebAuthnID ¶

func (u WebAuthnUser) WebAuthnID() []byte

func (WebAuthnUser) WebAuthnName ¶

func (u WebAuthnUser) WebAuthnName() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL