Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat protocol implement device eligible and backup flags + added authentication transportation hybrid #75

Closed
wants to merge 3 commits into from
Closed

feat protocol implement device eligible and backup flags + added authentication transportation hybrid #75

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2fdf463
feat protocol: added authentication transportation hybrid
naetraga Nov 30, 2022
4a46f8d
feat protocol implement device eligible and backup flags
naetraga Nov 30, 2022
5229d7f
Merge pull request #1 from corbado/feat-authentication-transport-hybrid
naetraga Nov 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 17 additions & 3 deletions protocol/authenticator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ const (
BLE AuthenticatorTransport = "ble"
// Internal the client should use an internal source like a TPM or SE
Internal AuthenticatorTransport = "internal"
// HYBRID indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using a smartphone.
HYBRID AuthenticatorTransport = "hybrid"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
HYBRID AuthenticatorTransport = "hybrid"
Hybrid AuthenticatorTransport = "hybrid"

)

// A WebAuthn Relying Party may require user verification for some of its operations but not for others,
Expand Down Expand Up @@ -129,9 +131,11 @@ const (
// FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified
// by the authenticator using a biometric or PIN
FlagUserVerified // Referred to as UV
_ // Reserved
_ // Reserved
_ // Reserved
// FlagBackupEligible Bit 00001000 in the byte sequence. Tells us if a backup is eligible for device
FlagBackupEligible // Referred to as BE
// FlagBackupState Bit 00010000 in the byte sequence. Tells us if a backup state for device
FlagBackupState // Referred to as BS
_ // Reserved
// FlagAttestedCredentialData Bit 01000000 in the byte sequence. Indicates whether
// the authenticator added attested credential data.
FlagAttestedCredentialData // Referred to as AT
Expand Down Expand Up @@ -159,6 +163,16 @@ func (flag AuthenticatorFlags) HasExtensions() bool {
return (flag & FlagHasExtensions) == FlagHasExtensions
}

// HasBackupEligible returns if the BE flag was set
func (flag AuthenticatorFlags) HasBackupEligible() bool {
return (flag & FlagBackupEligible) == FlagBackupEligible
}

// HasBackupState returns if the BS flag was set
func (flag AuthenticatorFlags) HasBackupState() bool {
return (flag & FlagBackupState) == FlagBackupState
}

// Unmarshal will take the raw Authenticator Data and marshalls it into AuthenticatorData for further validation.
// The authenticator data has a compact but extensible encoding. This is desired since authenticators can be
// devices with limited capabilities and low power requirements, with much simpler software stacks than the client platform.
Expand Down