webauthn

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package webauthn provides WebAuthn/FIDO2 authentication support for SafeShare. It wraps the go-webauthn library to provide hardware key authentication as an MFA method.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CredentialToWebAuthn 

func CredentialToWebAuthn(cred *repository.WebAuthnCredential) (*gowebauthn.Credential, error)

CredentialToWebAuthn converts a repository WebAuthnCredential to the go-webauthn Credential type.

func ValidateSignCount 

func ValidateSignCount(storedCount, newCount uint32) bool

ValidateSignCount checks if the new sign count is greater than the stored count. This detects cloned authenticators - if signCount decreases, the authenticator may be cloned. Returns true if the sign count is valid (greater than stored), false if potential clone detected.

func WebAuthnToCredential 

func WebAuthnToCredential(userID int64, name string, cred *gowebauthn.Credential) *repository.WebAuthnCredential

WebAuthnToCredential converts a go-webauthn Credential to repository format.

Types

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides WebAuthn authentication functionality.

func NewService 

func NewService(cfg *config.Config) (*Service, error)

NewService creates a new WebAuthn service with the given configuration. The config must have MFA enabled and valid WebAuthn settings (RPID, origins).

func (*Service) BeginLogin 

func (s *Service) BeginLogin(user *WebAuthnUser) (*protocol.CredentialAssertion, *gowebauthn.SessionData, error)

BeginLogin starts the WebAuthn authentication ceremony. Returns the credential assertion options to send to the client and session data to store.

func (*Service) BeginRegistration 

func (s *Service) BeginRegistration(user *WebAuthnUser) (*protocol.CredentialCreation, *gowebauthn.SessionData, error)

BeginRegistration starts the WebAuthn credential registration ceremony. Returns the credential creation options to send to the client and session data to store.

func (*Service) FinishLogin 

func (s *Service) FinishLogin(user *WebAuthnUser, sessionData gowebauthn.SessionData, response *protocol.ParsedCredentialAssertionData) (*gowebauthn.Credential, error)

FinishLogin completes the WebAuthn authentication ceremony. Returns the validated credential (with updated sign count).

func (*Service) FinishRegistration 

func (s *Service) FinishRegistration(user *WebAuthnUser, sessionData gowebauthn.SessionData, response *protocol.ParsedCredentialCreationData) (*gowebauthn.Credential, error)

FinishRegistration completes the WebAuthn credential registration ceremony. Returns the new credential to store.

func (*Service) GetRPID 

func (s *Service) GetRPID() string

GetRPID returns the Relying Party ID for this WebAuthn instance.

func (*Service) GetRPOrigins 

func (s *Service) GetRPOrigins() []string

GetRPOrigins returns the allowed origins for this WebAuthn instance.

type WebAuthnUser 

type WebAuthnUser struct {
	ID          int64
	Name        string
	DisplayName string
	Credentials []gowebauthn.Credential
}

WebAuthnUser implements the webauthn.User interface for SafeShare users.

func (*WebAuthnUser) WebAuthnCredentials 

func (u *WebAuthnUser) WebAuthnCredentials() []gowebauthn.Credential

WebAuthnCredentials returns the user's credentials (required by webauthn.User interface).

func (*WebAuthnUser) WebAuthnDisplayName 

func (u *WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name (required by webauthn.User interface).

func (*WebAuthnUser) WebAuthnID 

func (u *WebAuthnUser) WebAuthnID() []byte

WebAuthnID returns the user's ID as bytes (required by webauthn.User interface).

func (*WebAuthnUser) WebAuthnIcon 

func (u *WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon is deprecated but required by the interface.

func (*WebAuthnUser) WebAuthnName 

func (u *WebAuthnUser) WebAuthnName() string

WebAuthnName returns the user's username (required by webauthn.User interface).

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.