feat/backup-state #195

MasterKale · 2022-04-13T16:28:45Z

This PR adds support for the new "Backup Eligibility" and "Backup State" flags being introduced in w3c/webauthn#1695. These new authenticator data flags will help RP's understand when a user registers an authenticator that is capable of backing up its credentials, and whether or not a particular eligible credential has been backed up.

Now, both verifyRegistrationResponse() and verifyAuthenticationResponse() will return the following new values in registrationInfo and authenticationInfo respectively:

credentialDeviceType: "singleDevice" | "multiDevice" indicating whether the credential might be usable from other authenticators
credentialBackedUp: bool indicating whether or not the credential has been backed up

These methods will also now fail when an authenticator returns the invalid combination credentialDeviceType: "singleDevice", credentialBackedUp: true because they indicate a misbehaving authenticator.

RPs should start persisting these values to the database for later reference to take action accordingly. Best practices of what to do when changes to credentialBackedUp are detected are still TBD pending formal adoption of the new flags and community discussion. See the PR linked above for a preview of such discussion. At this moment in time, though, RP's can likely start enforcing that an authenticator never returns a different value for credentialDeviceType after registration.

MasterKale added enhancement New feature or request package:server @simplewebauthn/server labels Apr 13, 2022

MasterKale changed the title ~~Feat/backup-state~~ feat/backup-state Apr 13, 2022

MasterKale force-pushed the feat/backup-state branch from 341e94f to 81e1909 Compare April 28, 2022 05:39

MasterKale added 14 commits May 15, 2022 21:49

Improve readability of flag parsing

f26bb73

Parse bits 3 and 4 for backup info

6021105

Rearrange return values from registration

d8b3d5b

Update auth data flags test

f82fbd2

Define new CredentialDeviceType type

fc63513

Create a helper to contain backup state nuances

5993fd4

Return credential device type and backup state

2088c74

Return custom error from parseBackupFlags

94680cc

Add docstrings for new return values

ee460f1

Test return of new values from verification

13e77c2

Add tests for parseBackupFlags

e0309e6

Tweak wording to reflect related spec diff

ecbc0fa

Sync docstring advice across verification methods

8c22b01

Tweak docstring for CredentialDeviceType

eab6ae4

MasterKale force-pushed the feat/backup-state branch from 81e1909 to eab6ae4 Compare May 16, 2022 04:50

MasterKale added 2 commits May 16, 2022 19:44

Update @peculiar libraries to fix CI build issue

6c8dc07

Fix typings in test

190a746

MasterKale merged commit 39a41ae into master May 17, 2022

MasterKale deleted the feat/backup-state branch May 17, 2022 05:52

MasterKale added this to the v5.2.0 milestone May 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat/backup-state #195

feat/backup-state #195

MasterKale commented Apr 13, 2022 •

edited

Loading

feat/backup-state #195

feat/backup-state #195

Conversation

MasterKale commented Apr 13, 2022 • edited Loading

MasterKale commented Apr 13, 2022 •

edited

Loading