/
authenticate_create.go
59 lines (51 loc) · 1.75 KB
/
authenticate_create.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package webauthn
import (
"context"
"github.com/spiretechnology/go-webauthn/internal/errutil"
"github.com/spiretechnology/go-webauthn/pkg/errs"
)
// AuthenticationChallenge is the challenge that is sent to the client to initiate an authentication ceremony.
type AuthenticationChallenge struct {
Token string `json:"token"`
Challenge string `json:"challenge"`
RPID string `json:"rpId"`
AllowCredentials []AllowedCredential `json:"allowCredentials"`
}
// AllowedCredential is a credential that is allowed to be used for authentication.
type AllowedCredential struct {
Type string `json:"type"`
ID string `json:"id"`
}
func (w *webauthn) CreateAuthentication(ctx context.Context, user User) (*AuthenticationChallenge, error) {
// Get all credentials for the user
credentials, err := w.options.Credentials.GetCredentials(ctx, user)
if err != nil {
return nil, errutil.Wrapf(err, "getting credentials")
}
if len(credentials) == 0 {
return nil, errutil.Wrap(errs.ErrNoCredentials)
}
// Generate the random challenge
challengeBytes, err := w.options.ChallengeFunc()
if err != nil {
return nil, errutil.Wrapf(err, "generating challenge")
}
// Create the token for the challenge
token, err := w.options.Tokener.CreateToken(challengeBytes, user)
if err != nil {
return nil, errutil.Wrapf(err, "creating token")
}
// Format the response
res := AuthenticationChallenge{
Token: token,
Challenge: w.options.Codec.EncodeToString(challengeBytes[:]),
RPID: w.options.RP.ID,
}
for _, cred := range credentials {
res.AllowCredentials = append(res.AllowCredentials, AllowedCredential{
Type: cred.Type,
ID: w.options.Codec.EncodeToString(cred.ID),
})
}
return &res, nil
}