Stability | experimental |
---|---|
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
A function for decoding a FIDO Alliance Metadata Service BLOB in order to be able to enforce a set of requirements on the authenticator used, e.g. to only allow authenticators that have been FIDO certified.
Synopsis
Documentation
metadataBlobToRegistry Source #
:: ByteString | A Metadata BLOB fetched from https://mds.fidoalliance.org |
-> DateTime | The time at which it was fetched |
-> Either Text MetadataServiceRegistry | Either an error on a registry of metadata entries |
Verifies, decodes and extracts a MetadataServiceRegistry
from a
FIDO Alliance Metadata Service BLOB.
The result can be passed to verifyRegistrationResponse
.
data MetadataServiceRegistry Source #
A registry of MetadataEntry
s, allowing fast lookup using AAGUID
s or
SubjectKeyIdentifier
s. This is used by verifyRegistrationResponse
as a way to look up root certificates of authenticators and return meta information.
Using createMetadataRegistry
it's also possible to create additional custom entries, which can be merged
with <>
. Meanwhile mempty
can be used if no metadata is needed.