[−][src]Struct webauthn_rs::Webauthn
This is the core of the Webauthn operations. It provides 4 interfaces that you will likely use the most:
- generate_challenge_response
- register_credential
- generate_challenge_authenticate
- authenticate_credential
Each of these is described in turn, but they will all map to routes in your application. The generate functions return Json challenges that are intended to be processed by the client browser, and the register and authenticate will recieve Json that is processed and verified.
These functions return state that you must store and handle correctly for the authentication or registration to proceed correctly.
As a result, it's very important you read the function descriptions to understand the process as much as possible.
Implementations
impl<T> Webauthn<T>
[src]
pub fn new(config: T) -> Self where
T: WebauthnConfig,
[src]
T: WebauthnConfig,
Create a new Webauthn instance with the supplied configuration. The config type will recieve and interact with various callbacks to allow the lifecycle and application handling of Credentials to be customised for your application.
You should see the Documentation for WebauthnConfig, which is the main part of the code you will interact with for site-specific customisation.
pub fn generate_challenge_register(
&mut self,
user_name: &String,
policy: Option<UserVerificationPolicy>
) -> Result<(CreationChallengeResponse, RegistrationState), WebauthnError> where
T: WebauthnConfig,
[src]
&mut self,
user_name: &String,
policy: Option<UserVerificationPolicy>
) -> Result<(CreationChallengeResponse, RegistrationState), WebauthnError> where
T: WebauthnConfig,
Generate a new challenge for client registration.
Same as generate_challenge_register_options
but default options
pub fn generate_challenge_register_options(
&mut self,
user_id: UserId,
user_name: String,
user_display_name: String,
exclude_credentials: Option<Vec<CredentialID>>,
policy: Option<UserVerificationPolicy>
) -> Result<(CreationChallengeResponse, RegistrationState), WebauthnError> where
T: WebauthnConfig,
[src]
&mut self,
user_id: UserId,
user_name: String,
user_display_name: String,
exclude_credentials: Option<Vec<CredentialID>>,
policy: Option<UserVerificationPolicy>
) -> Result<(CreationChallengeResponse, RegistrationState), WebauthnError> where
T: WebauthnConfig,
Generate a new challenge for client registration. This is the first step in
the lifecycle of a credential. This function will return the
CreationChallengeResponse which is suitable for Serde JSON serialisation
to be sent to the client.
The client (generally a webbrowser) will pass this JSON
structure to the navigator.credentials.create()
javascript function for registration.
It also returns a RegistratationState, that you must persist. It is strongly advised you associate this RegistrationState with the UserId of the requestor.
At this time we deviate from the standard and base64 some fields, but we are investigating how to avoid this (https://github.com/Firstyear/webauthn-rs/issues/5)
pub fn register_credential(
&self,
reg: RegisterPublicKeyCredential,
state: RegistrationState,
does_exist_fn: impl Fn(&CredentialID) -> Result<bool, ()>
) -> Result<Credential, WebauthnError> where
T: WebauthnConfig,
[src]
&self,
reg: RegisterPublicKeyCredential,
state: RegistrationState,
does_exist_fn: impl Fn(&CredentialID) -> Result<bool, ()>
) -> Result<Credential, WebauthnError> where
T: WebauthnConfig,
Process a credential registration response. This is the output of
navigator.credentials.create()
which is sent to the webserver from the client.
Given the username you also must provide the associated RegistrationState for this operation to proceed.
On success this returns a new Credential that you must persist and associate with the user.
Optionally, you may provide a closure that is able to check if any credential of the same id has already been persisted by your server.
At this time we deviate from the standard and base64 some fields, but we are investigating how to avoid this (https://github.com/Firstyear/webauthn-rs/issues/5)
pub fn generate_challenge_authenticate(
&mut self,
creds: Vec<Credential>,
policy: Option<UserVerificationPolicy>
) -> Result<(RequestChallengeResponse, AuthenticationState), WebauthnError> where
T: WebauthnConfig,
[src]
&mut self,
creds: Vec<Credential>,
policy: Option<UserVerificationPolicy>
) -> Result<(RequestChallengeResponse, AuthenticationState), WebauthnError> where
T: WebauthnConfig,
Generate a challenge for an authenticate request for a user. You must supply the set of credentials that exist for the user that may be used in this authentication request. If an empty credential set is supplied, the authentication will fail.
This challenge is supplied to
to the client javascript function navigator.credentials.get()
.
You must persist the AuthenticationState that is returned. You should associate this by UserId. The AuthenticationState is required for the authenticate_credential function to operate correctly.
At this time we deviate from the standard and base64 some fields, but we are investigating how to avoid this (https://github.com/Firstyear/webauthn-rs/issues/5)
pub fn authenticate_credential(
&mut self,
rsp: PublicKeyCredential,
state: AuthenticationState
) -> Result<Option<(CredentialID, Counter)>, WebauthnError> where
T: WebauthnConfig,
[src]
&mut self,
rsp: PublicKeyCredential,
state: AuthenticationState
) -> Result<Option<(CredentialID, Counter)>, WebauthnError> where
T: WebauthnConfig,
Process an authenticate response from the authenticator and browser. This
is the output of navigator.credentials.get()
, which is processed by this
function. If the authentication fails, appropriate errors will be returned.
This requireds the associated AuthenticationState that was created by generate_challenge_authenticate
On successful authentication, an Ok result is returned. The Ok may contain the credentialid
and associated counter, which you should update for security purposes. If the Ok returns
None
then the credential does not have a counter.
At this time we deviate from the standard and base64 some fields, but we are investigating how to avoid this (https://github.com/Firstyear/webauthn-rs/issues/5)
Trait Implementations
Auto Trait Implementations
impl<T> RefUnwindSafe for Webauthn<T> where
T: RefUnwindSafe,
T: RefUnwindSafe,
impl<T> !Send for Webauthn<T>
impl<T> !Sync for Webauthn<T>
impl<T> Unpin for Webauthn<T> where
T: Unpin,
T: Unpin,
impl<T> UnwindSafe for Webauthn<T> where
T: UnwindSafe,
T: UnwindSafe,
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<V, T> VZip<V> for T where
V: MultiLane<T>,
V: MultiLane<T>,