License	BSD3
Maintainer	Fumiaki Kinoshita <fumiexcel@gmail.com>
Safe Haskell	None
Language	Haskell2010

WebAuthn

Contents

Basic
verfication

Description

Web Authentication API Verification library

Synopsis

data TokenBinding
data Origin = Origin {
- originScheme :: Text
- originHost :: Text
- originPort :: Maybe Int
}
data RelyingParty = RelyingParty {
- rpOrigin :: Origin
- rpId :: ByteString
- rpAllowSelfAttestation :: Bool
- rpAllowNoAttestation :: Bool
}
defaultRelyingParty :: Origin -> RelyingParty
data User = User {
- userId :: ByteString
- userDisplayName :: Text
}
newtype Challenge = Challenge {
- rawChallenge :: ByteString
}
generateChallenge :: Int -> IO Challenge
data WebAuthnType
- = Create
- | Get
data CollectedClientData = CollectedClientData {
- clientType :: WebAuthnType
- clientChallenge :: Challenge
- clientOrigin :: Origin
- clientTokenBinding :: TokenBinding
}
data AuthenticatorData = AuthenticatorData {
- rpIdHash :: Digest SHA256
- userPresent :: Bool
- userVerified :: Bool
- attestedCredentialData :: Maybe AttestedCredentialData
- authenticatorDataExtension :: ByteString
}
data AttestedCredentialData = AttestedCredentialData {
- aaguid :: AAGUID
- credentialId :: CredentialId
- credentialPublicKey :: CredentialPublicKey
}
newtype AAGUID = AAGUID {
- unAAGUID :: ByteString
}
newtype CredentialPublicKey = CredentialPublicKey {
- unCredentialPublicKey :: ByteString
}
newtype CredentialId = CredentialId {
- unCredentialId :: ByteString
}
data VerificationFailure
registerCredential :: Challenge -> RelyingParty -> Maybe Text -> Bool -> ByteString -> ByteString -> Either VerificationFailure AttestedCredentialData
verify :: Challenge -> RelyingParty -> Maybe Text -> Bool -> ByteString -> ByteString -> ByteString -> CredentialPublicKey -> Either VerificationFailure ()

Basic

data TokenBinding Source #

state of the Token Binding protocol (unsupported)

Constructors

TokenBindingUnsupported
TokenBindingSupported
TokenBindingPresent !Text

Instances

FromJSON TokenBinding Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser TokenBinding # parseJSONList :: Value -> Parser [TokenBinding] #

data Origin Source #

Constructors

Origin
Fields originScheme :: Text originHost :: Text originPort :: Maybe Int

Instances

Eq Origin Source #
Instance details Defined in WebAuthn.Types Methods (==) :: Origin -> Origin -> Bool # (/=) :: Origin -> Origin -> Bool #
Ord Origin Source #
Instance details Defined in WebAuthn.Types Methods compare :: Origin -> Origin -> Ordering # (<) :: Origin -> Origin -> Bool # (<=) :: Origin -> Origin -> Bool # (>) :: Origin -> Origin -> Bool # (>=) :: Origin -> Origin -> Bool # max :: Origin -> Origin -> Origin # min :: Origin -> Origin -> Origin #
Show Origin Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> Origin -> ShowS # show :: Origin -> String # showList :: [Origin] -> ShowS #
FromJSON Origin Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser Origin # parseJSONList :: Value -> Parser [Origin] #

data RelyingParty Source #

WebAuthn Relying Party

Constructors

RelyingParty
Fields rpOrigin :: Origin rpId :: ByteString rpAllowSelfAttestation :: Bool rpAllowNoAttestation :: Bool

Instances

Eq RelyingParty Source #
Instance details Defined in WebAuthn.Types Methods (==) :: RelyingParty -> RelyingParty -> Bool # (/=) :: RelyingParty -> RelyingParty -> Bool #
Ord RelyingParty Source #
Instance details Defined in WebAuthn.Types Methods compare :: RelyingParty -> RelyingParty -> Ordering # (<) :: RelyingParty -> RelyingParty -> Bool # (<=) :: RelyingParty -> RelyingParty -> Bool # (>) :: RelyingParty -> RelyingParty -> Bool # (>=) :: RelyingParty -> RelyingParty -> Bool # max :: RelyingParty -> RelyingParty -> RelyingParty # min :: RelyingParty -> RelyingParty -> RelyingParty #
Show RelyingParty Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> RelyingParty -> ShowS # show :: RelyingParty -> String # showList :: [RelyingParty] -> ShowS #

defaultRelyingParty :: Origin -> RelyingParty Source #

data User Source #

4.3. User Account Parameters for Credential Generation

Constructors

User
Fields userId :: ByteString userDisplayName :: Text

Instances

Eq User Source #
Instance details Defined in WebAuthn.Types Methods (==) :: User -> User -> Bool # (/=) :: User -> User -> Bool #
Show User Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> User -> ShowS # show :: User -> String # showList :: [User] -> ShowS #
Generic User Source #
Instance details Defined in WebAuthn.Types Associated Types type Rep User :: Type -> Type # Methods from :: User -> Rep User x # to :: Rep User x -> User #
Serialise User Source #
Instance details Defined in WebAuthn.Types Methods encode :: User -> Encoding # decode :: Decoder s User # encodeList :: [User] -> Encoding # decodeList :: Decoder s [User] #
type Rep User Source #
Instance details Defined in WebAuthn.Types type Rep User = D1 (MetaData "User" "WebAuthn.Types" "webauthn-0-D7kkv1m3eu7AMrO2q5jdsU" False) (C1 (MetaCons "User" PrefixI True) (S1 (MetaSel (Just "userId") NoSourceUnpackedness NoSourceStrictness DecidedStrict) (Rec0 ByteString) :*: S1 (MetaSel (Just "userDisplayName") NoSourceUnpackedness NoSourceStrictness DecidedStrict) (Rec0 Text)))

newtype Challenge Source #

1. Cryptographic Challenges

Constructors

Challenge
Fields rawChallenge :: ByteString

Instances

Eq Challenge Source #
Instance details Defined in WebAuthn.Types Methods (==) :: Challenge -> Challenge -> Bool # (/=) :: Challenge -> Challenge -> Bool #
Ord Challenge Source #
Instance details Defined in WebAuthn.Types Methods compare :: Challenge -> Challenge -> Ordering # (<) :: Challenge -> Challenge -> Bool # (<=) :: Challenge -> Challenge -> Bool # (>) :: Challenge -> Challenge -> Bool # (>=) :: Challenge -> Challenge -> Bool # max :: Challenge -> Challenge -> Challenge # min :: Challenge -> Challenge -> Challenge #
Show Challenge Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> Challenge -> ShowS # show :: Challenge -> String # showList :: [Challenge] -> ShowS #
Hashable Challenge Source #
Instance details Defined in WebAuthn.Types Methods hashWithSalt :: Int -> Challenge -> Int # hash :: Challenge -> Int #
ToJSON Challenge Source #
Instance details Defined in WebAuthn.Types Methods toJSON :: Challenge -> Value # toEncoding :: Challenge -> Encoding # toJSONList :: [Challenge] -> Value # toEncodingList :: [Challenge] -> Encoding #
FromJSON Challenge Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser Challenge # parseJSONList :: Value -> Parser [Challenge] #
Serialise Challenge Source #
Instance details Defined in WebAuthn.Types Methods encode :: Challenge -> Encoding # decode :: Decoder s Challenge # encodeList :: [Challenge] -> Encoding # decodeList :: Decoder s [Challenge] #

generateChallenge :: Int -> IO Challenge Source #

Generate a cryptographic challenge (13.1).

data WebAuthnType Source #

Constructors

Create
Get

Instances

Eq WebAuthnType Source #
Instance details Defined in WebAuthn.Types Methods (==) :: WebAuthnType -> WebAuthnType -> Bool # (/=) :: WebAuthnType -> WebAuthnType -> Bool #
Ord WebAuthnType Source #
Instance details Defined in WebAuthn.Types Methods compare :: WebAuthnType -> WebAuthnType -> Ordering # (<) :: WebAuthnType -> WebAuthnType -> Bool # (<=) :: WebAuthnType -> WebAuthnType -> Bool # (>) :: WebAuthnType -> WebAuthnType -> Bool # (>=) :: WebAuthnType -> WebAuthnType -> Bool # max :: WebAuthnType -> WebAuthnType -> WebAuthnType # min :: WebAuthnType -> WebAuthnType -> WebAuthnType #
Show WebAuthnType Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> WebAuthnType -> ShowS # show :: WebAuthnType -> String # showList :: [WebAuthnType] -> ShowS #
FromJSON WebAuthnType Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser WebAuthnType # parseJSONList :: Value -> Parser [WebAuthnType] #

data CollectedClientData Source #

10.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)

Constructors

CollectedClientData
Fields clientType :: WebAuthnType clientChallenge :: Challenge clientOrigin :: Origin clientTokenBinding :: TokenBinding

Instances

FromJSON CollectedClientData Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser CollectedClientData # parseJSONList :: Value -> Parser [CollectedClientData] #

data AuthenticatorData Source #

1. Authenticator Data

Constructors

AuthenticatorData
Fields rpIdHash :: Digest SHA256 userPresent :: Bool userVerified :: Bool attestedCredentialData :: Maybe AttestedCredentialData authenticatorDataExtension :: ByteString

data AttestedCredentialData Source #

4.1. Attested Credential Data

Constructors

AttestedCredentialData
Fields aaguid :: AAGUID credentialId :: CredentialId credentialPublicKey :: CredentialPublicKey

Instances

Eq AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types Methods (==) :: AttestedCredentialData -> AttestedCredentialData -> Bool # (/=) :: AttestedCredentialData -> AttestedCredentialData -> Bool #
Show AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> AttestedCredentialData -> ShowS # show :: AttestedCredentialData -> String # showList :: [AttestedCredentialData] -> ShowS #
Generic AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types Associated Types type Rep AttestedCredentialData :: Type -> Type # Methods from :: AttestedCredentialData -> Rep AttestedCredentialData x # to :: Rep AttestedCredentialData x -> AttestedCredentialData #
ToJSON AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types Methods toJSON :: AttestedCredentialData -> Value # toEncoding :: AttestedCredentialData -> Encoding # toJSONList :: [AttestedCredentialData] -> Value # toEncodingList :: [AttestedCredentialData] -> Encoding #
FromJSON AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser AttestedCredentialData # parseJSONList :: Value -> Parser [AttestedCredentialData] #
type Rep AttestedCredentialData Source #
Instance details Defined in WebAuthn.Types type Rep AttestedCredentialData = D1 (MetaData "AttestedCredentialData" "WebAuthn.Types" "webauthn-0-D7kkv1m3eu7AMrO2q5jdsU" False) (C1 (MetaCons "AttestedCredentialData" PrefixI True) (S1 (MetaSel (Just "aaguid") NoSourceUnpackedness NoSourceStrictness DecidedStrict) (Rec0 AAGUID) :: (S1 (MetaSel (Just "credentialId") NoSourceUnpackedness NoSourceStrictness DecidedStrict) (Rec0 CredentialId) :: S1 (MetaSel (Just "credentialPublicKey") NoSourceUnpackedness NoSourceStrictness DecidedStrict) (Rec0 CredentialPublicKey))))

newtype AAGUID Source #

AAGUID of the authenticator

Constructors

AAGUID
Fields unAAGUID :: ByteString

Instances

Eq AAGUID Source #
Instance details Defined in WebAuthn.Types Methods (==) :: AAGUID -> AAGUID -> Bool # (/=) :: AAGUID -> AAGUID -> Bool #
Show AAGUID Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> AAGUID -> ShowS # show :: AAGUID -> String # showList :: [AAGUID] -> ShowS #
ToJSON AAGUID Source #
Instance details Defined in WebAuthn.Types Methods toJSON :: AAGUID -> Value # toEncoding :: AAGUID -> Encoding # toJSONList :: [AAGUID] -> Value # toEncodingList :: [AAGUID] -> Encoding #
FromJSON AAGUID Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser AAGUID # parseJSONList :: Value -> Parser [AAGUID] #

newtype CredentialPublicKey Source #

credential public key encoded in COSE_Key format

Constructors

CredentialPublicKey
Fields unCredentialPublicKey :: ByteString

Instances

Eq CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods (==) :: CredentialPublicKey -> CredentialPublicKey -> Bool # (/=) :: CredentialPublicKey -> CredentialPublicKey -> Bool #
Show CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> CredentialPublicKey -> ShowS # show :: CredentialPublicKey -> String # showList :: [CredentialPublicKey] -> ShowS #
Hashable CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods hashWithSalt :: Int -> CredentialPublicKey -> Int # hash :: CredentialPublicKey -> Int #
ToJSON CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods toJSON :: CredentialPublicKey -> Value # toEncoding :: CredentialPublicKey -> Encoding # toJSONList :: [CredentialPublicKey] -> Value # toEncodingList :: [CredentialPublicKey] -> Encoding #
FromJSON CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser CredentialPublicKey # parseJSONList :: Value -> Parser [CredentialPublicKey] #
Serialise CredentialPublicKey Source #
Instance details Defined in WebAuthn.Types Methods encode :: CredentialPublicKey -> Encoding # decode :: Decoder s CredentialPublicKey # encodeList :: [CredentialPublicKey] -> Encoding # decodeList :: Decoder s [CredentialPublicKey] #

newtype CredentialId Source #

A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions.

Constructors

CredentialId
Fields unCredentialId :: ByteString

Instances

Eq CredentialId Source #
Instance details Defined in WebAuthn.Types Methods (==) :: CredentialId -> CredentialId -> Bool # (/=) :: CredentialId -> CredentialId -> Bool #
Show CredentialId Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> CredentialId -> ShowS # show :: CredentialId -> String # showList :: [CredentialId] -> ShowS #
Hashable CredentialId Source #
Instance details Defined in WebAuthn.Types Methods hashWithSalt :: Int -> CredentialId -> Int # hash :: CredentialId -> Int #
ToJSON CredentialId Source #
Instance details Defined in WebAuthn.Types Methods toJSON :: CredentialId -> Value # toEncoding :: CredentialId -> Encoding # toJSONList :: [CredentialId] -> Value # toEncodingList :: [CredentialId] -> Encoding #
FromJSON CredentialId Source #
Instance details Defined in WebAuthn.Types Methods parseJSON :: Value -> Parser CredentialId # parseJSONList :: Value -> Parser [CredentialId] #
Serialise CredentialId Source #
Instance details Defined in WebAuthn.Types Methods encode :: CredentialId -> Encoding # decode :: Decoder s CredentialId # encodeList :: [CredentialId] -> Encoding # decodeList :: Decoder s [CredentialId] #

verfication

registerCredential Source #

Arguments

:: Challenge
-> RelyingParty
-> Maybe Text	Token Binding ID in base64
-> Bool	require user verification?
-> ByteString	clientDataJSON
-> ByteString	attestationObject
-> Either VerificationFailure AttestedCredentialData

1. Registering a New Credential

verify Source #

Arguments

:: Challenge
-> RelyingParty
-> Maybe Text	Token Binding ID in base64
-> Bool	require user verification?
-> ByteString	clientDataJSON
-> ByteString	authenticatorData
-> ByteString	signature
-> CredentialPublicKey	public key
-> Either VerificationFailure ()

2. Verifying an Authentication Assertion

InvalidType
MismatchedChallenge
MismatchedOrigin
UnexpectedPresenceOfTokenBinding
MismatchedTokenBinding
JSONDecodeError String
CBORDecodeError String DeserialiseFailure
MismatchedRPID
UserNotPresent
UserUnverified
UnsupportedAttestationFormat
UnsupportedAlgorithm Int
MalformedPublicKey
MalformedAuthenticatorData
MalformedX509Certificate
MalformedSignature
SignatureFailure String

Show VerificationFailure Source #
Instance details Defined in WebAuthn.Types Methods showsPrec :: Int -> VerificationFailure -> ShowS # show :: VerificationFailure -> String # showList :: [VerificationFailure] -> ShowS #