Documentation
¶
Index ¶
- func CreatePasskeyChallenge(challenge PasskeyChallenge) error
- func CreatePasskeyCredential(cred PasskeyCredential) error
- func CredentialsToWebAuthn(creds []PasskeyCredential) []webauthn.Credential
- func DeletePasskeyCredential(credentialID string) error
- func GeneratePasskeyName() string
- func HandleLoginBegin(w http.ResponseWriter, r *http.Request)
- func HandleLoginFinish(w http.ResponseWriter, r *http.Request)
- func HandleRegisterBegin(w http.ResponseWriter, r *http.Request)
- func HandleRegisterFinish(w http.ResponseWriter, r *http.Request)
- func MarkPasskeyChallengeUsed(id string) error
- func NewWebAuthn() (*webauthn.WebAuthn, error)
- func UpdatePasskeyCredential(credentialID string, cred webauthn.Credential) error
- func UpdatePasskeyName(id, name string) error
- type LoginState
- type PasskeyChallenge
- type PasskeyCredential
- type RegistrationState
- type WebAuthnUser
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreatePasskeyChallenge ¶
func CreatePasskeyChallenge(challenge PasskeyChallenge) error
func CreatePasskeyCredential ¶
func CreatePasskeyCredential(cred PasskeyCredential) error
func CredentialsToWebAuthn ¶
func CredentialsToWebAuthn(creds []PasskeyCredential) []webauthn.Credential
CredentialsToWebAuthn converts stored PasskeyCredentials to webauthn.Credential slice.
func DeletePasskeyCredential ¶
func GeneratePasskeyName ¶ added in v1.6.0
func GeneratePasskeyName() string
GeneratePasskeyName returns a default name like "Passkey a3f2".
func HandleLoginBegin ¶
func HandleLoginBegin(w http.ResponseWriter, r *http.Request)
HandleLoginBegin starts a passkey authentication ceremony. Internal JS-only endpoint protected by HMAC authorize signatures — not included in public API docs.
Method: GET Route: /oauth2/passkey/login/begin Accept: json Produce: json Param username query string true "User's username" Param redirect_uri query string false "Redirect URI" Param state query string false "OAuth2 state" Param client_id query string false "OAuth2 client ID" Success 200 "WebAuthn assertion options"
func HandleLoginFinish ¶
func HandleLoginFinish(w http.ResponseWriter, r *http.Request)
HandleLoginFinish completes a passkey authentication ceremony. Internal JS-only endpoint protected by HMAC authorize signatures — not included in public API docs.
Method: POST Route: /oauth2/passkey/login/finish Accept: json Produce: json Param challenge_id query string true "Challenge ID from BeginLogin" Param assertion body map[string]any true "WebAuthn assertion response" Success 200 "Redirect URL"
func HandleRegisterBegin ¶ added in v1.3.2
func HandleRegisterBegin(w http.ResponseWriter, r *http.Request)
HandleRegisterBegin starts a passkey registration ceremony. Internal JS-only endpoint protected by HMAC authorize signatures — not included in public API docs.
Method: GET Route: /oauth2/passkey/register/begin Produce: json Param username query string true "Desired username" Param email query string false "Email address" Param redirect_uri query string false "Redirect URI" Param state query string false "OAuth2 state" Param client_id query string false "OAuth2 client ID" Success 200 "WebAuthn registration options"
func HandleRegisterFinish ¶
func HandleRegisterFinish(w http.ResponseWriter, r *http.Request)
HandleRegisterFinish completes a passkey registration ceremony. Internal JS-only endpoint protected by HMAC authorize signatures — not included in public API docs.
Method: POST Route: /oauth2/passkey/register/finish Accept: json Produce: json Param challenge_id query string true "Challenge ID from BeginRegistration" Param attestation body map[string]any true "WebAuthn attestation response" Success 200 "Redirect URL"
func NewWebAuthn ¶
NewWebAuthn creates a WebAuthn instance from the current config.
func UpdatePasskeyCredential ¶
func UpdatePasskeyCredential(credentialID string, cred webauthn.Credential) error
UpdatePasskeyCredential stores the updated credential (e.g. new sign count) and sets last_used_at.
func UpdatePasskeyName ¶ added in v1.3.2
Types ¶
type LoginState ¶
type PasskeyChallenge ¶
type PasskeyChallenge struct {
ID string
UserID string
ChallengeData string // JSON-encoded webauthn.SessionData
Type string // "registration" or "authentication"
LoginState string // JSON-encoded LoginState
CreatedAt time.Time
ExpiresAt time.Time
Used bool
}
func PasskeyChallengeByID ¶
func PasskeyChallengeByID(id string) (*PasskeyChallenge, error)
type PasskeyCredential ¶
type PasskeyCredential struct {
ID string
UserID string
Name string
Credential string // JSON-encoded webauthn.Credential
CreatedAt time.Time
LastUsedAt *time.Time
}
func PasskeyByID ¶ added in v1.3.2
func PasskeyByID(id string) (*PasskeyCredential, error)
func PasskeyCredentialsByUserID ¶
func PasskeyCredentialsByUserID(userID string) ([]PasskeyCredential, error)
type RegistrationState ¶ added in v1.3.2
type RegistrationState struct {
Username string `json:"username"`
Email string `json:"email"`
RedirectURI string `json:"redirect_uri"`
State string `json:"state"`
ClientID string `json:"client_id"`
Scope string `json:"scope"`
Nonce string `json:"nonce"`
CodeChallenge string `json:"code_challenge"`
CodeChallengeMethod string `json:"code_challenge_method"`
}
RegistrationState is stored in passkey_challenges for registration ceremonies. It is a superset of LoginState so completeAuthFlow can deserialise it directly.
type WebAuthnUser ¶
type WebAuthnUser struct {
ID []byte
Name string
Credentials []webauthn.Credential
}
WebAuthnUser implements the webauthn.User interface.
func (WebAuthnUser) WebAuthnCredentials ¶
func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
func (WebAuthnUser) WebAuthnDisplayName ¶
func (u WebAuthnUser) WebAuthnDisplayName() string
func (WebAuthnUser) WebAuthnID ¶
func (u WebAuthnUser) WebAuthnID() []byte
func (WebAuthnUser) WebAuthnName ¶
func (u WebAuthnUser) WebAuthnName() string
Source Files