Struct webauthn_rs::prelude::Credential

source · 
pub struct Credential {
    pub cred_id: Base64UrlSafeData,
    pub cred: COSEKey,
    pub counter: u32,
    pub transports: Option<Vec<AuthenticatorTransport>>,
    pub user_verified: bool,
    pub backup_eligible: bool,
    pub backup_state: bool,
    pub registration_policy: UserVerificationPolicy,
    pub extensions: RegisteredExtensions,
    pub attestation: ParsedAttestation,
    pub attestation_format: AttestationFormat,
}
Available on crate feature danger-credential-internals only.
Expand description

A user’s authenticator credential. It contains an id, the public key and a counter of how many times the authenticator has been used.

Fields§

§cred_id: Base64UrlSafeData

The ID of this credential.

§cred: COSEKey

The public key of this credential

§counter: u32

The counter for this credential

§transports: Option<Vec<AuthenticatorTransport>>

The set of transports this credential indicated it could use. This is NOT a security property, but a hint for the browser and the user experience to how to communicate to this specific device.

§user_verified: bool

During registration, if this credential was verified then this is true. If not it is false. This is based on the policy at the time of registration of the credential.

This is a deviation from the Webauthn specification, because it clarifies the user experience of the credentials to UV being a per-credential attribute, rather than a per-authentication ceremony attribute. For example it can be surprising to register a credential as un-verified but then to use verification with it in the future.

§backup_eligible: bool

During registration, this credential indicated that it may be possible for it to exist between multiple hardware authenticators, or be backed up.

This means the private key is NOT sealed within a hardware cryptograhic processor, and may have impacts on your risk assessments and modeling.

§backup_state: bool

This credential has indicated that it is currently backed up OR that it is shared between mulitple devices.

§registration_policy: UserVerificationPolicy

During registration, the policy that was requested from this credential. This is used to understand if the how the verified component interacts with the device, i.e. an always verified authenticator vs one that can dynamically request it.

§extensions: RegisteredExtensions

The set of extensions that were verified at registration, that can be used in future authentication attempts

§attestation: ParsedAttestation

The attestation certificate of this credential, including parsed metadata from the credential.

§attestation_format: AttestationFormat

the format of the attestation

Implementations§

source§

impl Credential

source

pub fn verify_attestation<'a>( &self, ca_list: &'a AttestationCaList ) -> Result<Option<&'a AttestationCa>, WebauthnError>

Re-verify this Credential’s attestation chain. This re-applies the same process for certificate authority verification that occured at registration. This can be useful if you want to re-assert your credentials match an updated or changed ca_list from the time that registration occured. This can also be useful to re-determine certain properties of your device that may exist.

Safety

Due to the design of CA infrastructure by certain providers, it is NOT possible to verify the CA expiry time. Certain vendors use CA intermediates that have expiries that are only valid for approximately 10 minutes, meaning that if we enforced time validity, these would false negative for their validity.

Trait Implementations§

source§

impl Clone for Credential

source§

fn clone(&self) -> Credential

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Credential

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
source§

impl<'de> Deserialize<'de> for Credential

source§

fn deserialize<__D>( __deserializer: __D ) -> Result<Credential, <__D as Deserializer<'de>>::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
source§

impl From<Credential> for Passkey

source§

fn from(cred: Credential) -> Self

Convert a generic webauthn credential into a Passkey

source§

impl From<Credential> for SecurityKey

source§

fn from(cred: Credential) -> Self

Convert a generic webauthn credential into a security key

source§

impl From<CredentialV3> for Credential

source§

fn from(other: CredentialV3) -> Credential

Converts to this type from the input type.
source§

impl From<Passkey> for Credential

source§

fn from(pk: Passkey) -> Self

Converts to this type from the input type.
source§

impl From<SecurityKey> for Credential

source§

fn from(sk: SecurityKey) -> Self

Converts to this type from the input type.
source§

impl PartialEq for Credential

source§

fn eq(&self, c: &Credential) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl Serialize for Credential

source§

fn serialize<__S>( &self, __serializer: __S ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32 ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,