pub struct Response {
pub credential: Option<PublicKeyCredentialDescriptor>,
pub auth_data: AuthenticatorData,
pub signature: Bytes,
pub user: Option<PublicKeyCredentialUserEntity>,
pub number_of_credentials: Option<u8>,
pub user_selected: Option<bool>,
pub large_blob_key: Option<Bytes>,
pub unsigned_extension_outputs: Option<UnsignedExtensionOutputs>,
}Expand description
Type returned from Authenticator::get_assertion on success.
Fields§
§credential: Option<PublicKeyCredentialDescriptor>PublicKeyCredentialDescriptor structure containing the credential identifier whose private key was used to generate the assertion. May be omitted if the allowList has exactly one Credential.
auth_data: AuthenticatorDataThe signed-over contextual bindings made by the authenticator
signature: BytesThe assertion signature produced by the authenticator
user: Option<PublicKeyCredentialUserEntity>PublicKeyCredentialUserEntity structure containing the user account information.
User identifiable information (name, DisplayName, icon) MUST not be returned if user
verification is not done by the authenticator.
§U2F Devices:
For U2F devices, this parameter is not returned as this user information is not present for U2F credentials.
§FIDO Devices - server resident credentials:
For server resident credentials on FIDO devices, this parameter is optional as server resident credentials behave same as U2F credentials where they are discovered given the user information on the RP. Authenticators optionally MAY store user information inside the credential ID.
§FIDO devices - device resident credentials:
For device resident keys on FIDO devices, at least user “id” is mandatory.
For single account per RP case, authenticator returns “id” field to the platform which will be returned to the WebAuthn layer.
For multiple accounts per RP case, where the authenticator does not have a display, authenticator returns “id” as well as other fields to the platform. Platform will use this information to show the account selection UX to the user and for the user selected account, it will ONLY return “id” back to the WebAuthn layer and discard other user details.
number_of_credentials: Option<u8>Total number of account credentials for the RP. This member is required when more than one account for the RP and the authenticator does not have a display. Omitted when returned for the authenticatorGetNextAssertion method.
It seems unlikely that more than 256 credentials would be needed for any given RP. Please file an enhancement request if this limit impacts your application.
user_selected: Option<bool>Indicates that a credential was selected by the user via interaction directly with the authenticator,
and thus the platform does not need to confirm the credential.
Optional; defaults to false.
MUST NOT be present in response to a request where an Request::allow_list was given,
where Self::number_of_credentials is greater than one,
nor in response to an authenticatorGetNextAssertion request.
large_blob_key: Option<Bytes>The contents of the associated largeBlobKey if present for the asserted credential,
and if [largeBlobKey[] was true in the extensions input.
This extension is currently un-supported by this library.
unsigned_extension_outputs: Option<UnsignedExtensionOutputs>A map, keyed by extension identifiers, to unsigned outputs of extensions, if any. Authenticators SHOULD omit this field if no processed extensions define unsigned outputs. Clients MUST treat an empty map the same as an omitted field.