Struct passkey_types::Passkey

source · 
pub struct Passkey {
    pub key: CoseKey,
    pub credential_id: Bytes,
    pub rp_id: String,
    pub user_handle: Option<Bytes>,
    pub counter: Option<u32>,
}
Expand description

The private WebAuthn credential containing all relevant required and optional information for an authentication ceremony.

The WebAuthn term for this is a Public Key Credential Source.

Personally Identifying Information (PII) considerations

While this struct implements Debug, it only prints the following fields:

The rest of this struct should be considered secret, either for cryptographic security, or because its value could be used as PII.

Fields§

§key: CoseKey

The private key in COSE key format.

PII considerations

This value should be considered secret and never printed out as it is a secret cryptographic key. The only thing that get printed in the Debug implementation is the key type, e.g: EC2, RSA, etc.

§credential_id: Bytes

A probabilistically-unique byte sequence identifying this Passkey. It must be at most 1023 bytes long.

Credential IDs are generated by authenticators in two forms:

  1. At least 16 bytes that include at least 100 bits of entropy, or
  2. The Passkey item, without its credential_id, encrypted so only its managing authenticator can decrypt it. This form allows the authenticator to be nearly stateless, by having the Relying Party store any necessary state.

Relying Parties do not need to distinguish these two credential id forms.

PII considerations

This value should be considered secret as it is the user’s credential ID for the associated Relying Party. See Privacy leak via credential IDs for more information.

§rp_id: String

The Relying Party ID for which the Passkey is associated. This value mirrors the webauthn::PublicKeyCredentialRpEntity::id value passed during the creation of this credential.

PII considerations

This should be handled similarly to a URL. Since this is a user credential for a Relying Party, this would leak the fact that a user has an account for this particular Relying Party.

§user_handle: Option<Bytes>

This is the webauthn::PublicKeyCredentialUserEntity::id passed in during the creation of this credential. An Authenticator can choose to store this or not. If it stores this value, this Passkey will become a Discoverable Credential and will be returned during authentication Ceremonies.

PII Considerations

This is the identifier a Relying party uses on their side to personally identify a user. This value is analogous to a username.

§counter: Option<u32>

Value tracks the number of times an authentication ceremony has been successfully completed. If the value is None then it will be sent as the constant 0. See Signature counter considerations for more information.

PII considerations

This value, if populated, is used by the Relying Party as an indicator of a cloned authenticator. If this Passkey is to be synced, consider leaving this value empty unless you can guarantee the value to always be increased for every use of this passkey across its distribution.

Implementations§

source§

impl Passkey

source

pub fn from_u2f_register_response( request: &RegisterRequest, response: &RegisterResponse, private_key: &CoseKey ) -> Self

Standardised way to “upgrade” a U2F register request into a passkey

source

pub fn from_u2f_auth_request( request: &AuthenticationRequest, counter: u32, private_key: &CoseKey ) -> Self

Updgrade a U2F Authentication Request into a Passkey

source

pub fn wrap_u2f_registration_request( request: &RegisterRequest, response: &RegisterResponse, key_handle: &[u8], private_key: &CoseKey ) -> (Passkey, PublicKeyCredentialUserEntity, PublicKeyCredentialRpEntity)

This function wraps up a U2F registration request as a Passkey for storing in a CredentialStore.

Trait Implementations§

source§

impl Clone for Passkey

source§

fn clone(&self) -> Passkey

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Passkey

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl From<&Passkey> for PublicKeyCredentialDescriptor

source§

fn from(value: &Passkey) -> Self

Converts to this type from the input type.
source§

impl From<Passkey> for PublicKeyCredentialDescriptor

source§

fn from(value: Passkey) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V