CreateChallenge creates a new challenge that should be signed and returned by the authenticator.

FullyQualifiedOrigin returns the origin per the HTML spec: (scheme)://(host)[:(port)].

ParseCredentialCreationResponse is a non-agnostic function for parsing a registration response from the http library from stdlib.

ParseCredentialCreationResponseBody is an agnostic version of ParseCredentialCreationResponse.

ParseCredentialRequestResponse parses the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete.

ParseCredentialRequestResponseBody parses the credential request response into a format that is either required by the specification or makes the assertion verification steps easier to complete.

RegisterAttestationFormat is a method to register attestation formats with the library.

ResidentKeyNotRequired - Do not require that the private key be resident to the client device.

ResidentKeyRequired - Require that the key be private key resident to the client device.

Deprecated: ResidentKeyUnrequired is an alias for ResidentKeyNotRequired and will be completely removed in the future.

BLE indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).

ChallengeLength - Length of bytes to generate for a challenge.

CrossPlatform represents a roaming authenticator is attached using cross-platform transports, called cross-platform attachment.

FlagAttestedCredentialData Bit 01000000 in the byte sequence.

Referred to as BE.

FlagBackupState Bit 00010000 in the byte sequence.

FlagHasExtensions Bit 10000000 in the byte sequence.

FlagRFU1 is a reserved for future use flag.

FlagRFU2 is a reserved for future use flag.

Referred to as UP.

FlagUserVerified Bit 00000100 in the byte sequence.

Hybrid indicates the respective authenticator can be contacted using a combination of (often separate) data-transport and proximity mechanisms.

Internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it is a platform authenticator.

Derived inside keymaster.

Generated in keymaster.

Imported into keymaster.

Keymaster did not record origin.

Usable with RSA, EC and AES keys.

Usable with EC keys.

Usable with RSA, EC and AES keys.

Usable with RSA, EC and HMAC keys.

Usable with RSA, EC and HMAC keys.

Usable with wrapped keys.

NFC indicates the respective authenticator can be contacted over Near Field Communication (NFC).

Indicates token binding not supported when communicating with the Relying Party.

Platform represents a platform authenticator is attached using a client device-specific transport, called platform attachment, and is usually not removable from the client device.

PreferDirectAttestation is a ConveyancePreference value.

PreferEnterpriseAttestation is a ConveyancePreference value.

PreferIndirectAttestation is a ConveyancePreference value.

PreferNoAttestation is a ConveyancePreference value.

Indicates token binding was used when communicating with the Relying Party.

PublicKeyCredentialType - Currently one credential type is defined, namely "public-key".

ResidentKeyRequirementDiscouraged indicates the Relying Party prefers creating a server-side credential, but will accept a client-side discoverable credential.

ResidentKeyRequirementPreferred indicates to the client we would prefer a discoverable credential.

ResidentKeyRequirementRequired indicates the Relying Party requires a client-side discoverable credential, and is prepared to receive an error if a client-side discoverable credential cannot be created.

Indicates token binding was used when communicating with the negotiated when communicating with the Relying Party.

USB indicates the respective authenticator can be contacted over removable USB.

VerificationDiscouraged The authenticator should not verify the user for the credential.

This is the default.

VerificationRequired User verification is required to create/release a credential.

Apple has not yet publish schema for the extension(as of JULY 2021.).

AttestationObject is the raw attestationObject.

The AuthenticatorAssertionResponse contains the raw authenticator assertion data and is parsed into ParsedAssertionResponse.

AuthenticatorAttestationResponse is the initial unpacked 'response' object received by the relying party.

AuthenticatorData represents the IDL with the same name.

AuthenticatorResponse represents the IDL with the same name.

AuthenticatorSelection represents the AuthenticatorSelectionCriteria IDL.

CollectedClientData represents the contextual bindings of both the WebAuthn Relying Party and the client.

Credential is the basic credential type from the Credential Management specification that is inherited by WebAuthn's PublicKeyCredential type.

The CredentialAssertionResponse is the raw response returned to the Relying Party from an authenticator when we request a credential for login/assertion.

CredentialDescriptor represents the PublicKeyCredentialDescriptor IDL.

CredentialEntity represents the PublicKeyCredentialEntity IDL and it describes a user account, or a WebAuthn Relying Party with which a public key credential is associated.

CredentialParameter is the credential type and algorithm that the relying party wants the authenticator to create.

ParsedAssertionResponse is the parsed form of AuthenticatorAssertionResponse.

ParsedAttestationResponse is the parsed version of AuthenticatorAttestationResponse.

ParsedCredential is the parsed PublicKeyCredential interface, inherits from Credential, and contains the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.

The ParsedCredentialAssertionData is the parsed CredentialAssertionResponse that has been marshalled into a format that allows us to verify the client and authenticator data inside the response.

PublicKeyCredentialCreationOptions represents the IDL of the same name.

The PublicKeyCredentialRequestOptions dictionary supplies get() with the data it needs to generate an assertion.

The RelyingPartyEntity represents the PublicKeyCredentialRpEntity IDL and is used to supply additional Relying Party attributes when creating a new credential.

The UserEntity represents the PublicKeyCredentialUserEntity IDL and is used to supply additional user account attributes when creating a new credential.

AuthenticationExtensions represents the AuthenticationExtensionsClientInputs IDL.

AuthenticatorAttachment represents the IDL enum of the same name, and is used as part of the Authenticator Selection Criteria.

AuthenticatorFlags A byte of information returned during during ceremonies in the authenticatorData that contains bits that give us information about the whether the user was present and/or verified during authentication, and whether there is attestation or extension data present.

AuthenticatorTransport represents the IDL enum with the same name.

ConveyancePreference is the type representing the AttestationConveyancePreference IDL.

CredentialType represents the PublicKeyCredentialType IDL and is used with the CredentialDescriptor IDL.

* * The origin of a key (or pair), i.e.

* * Possible purposes of a key (or pair).

ResidentKeyRequirement represents the IDL of the same name.

URLEncodedBase64 represents a byte slice holding URL-encoded base64 data.

UserVerificationRequirement is a representation of the UserVerificationRequirement IDL enum.