AuthenticatorAssertionResponse.authenticatorData - Web APIs 编辑

Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The authenticatorData property of the AuthenticatorAssertionResponse interface returns an ArrayBuffer containing information from the authenticator such as the Relying Party ID Hash (rpIdHash), a signature counter, test of user presence, user verification flags, and any extensions processed by the authenticator.

Syntax

var authnrData = authenticatorAssertionResponse.authenticatorData;

Value

An ArrayBuffer that has a ArrayBuffer.byteLength of at least 37 bytes, containing the following fields:

  • rpIdHash (32 bytes) - A SHA256 hash of the relying party ID that was seen by the browser. The server will ensure that this hash matches a hash of its own origin in order to prevent phishing or other man-in-the-middle attacks.
  • flags (1 bytes) - A bitfield that indicates various attributes that were asserted by the authenticator. The bits are as follows, where "bit 0" is the least significant bit and all bits not specifically mentioned below are "reserved for future use":
    • Bit 0, User Presence (UP) - If set, authenticator validated that the user was present through some Test of User Presence (TUP), such as touching a button on the authenticator.
    • Bit 2, User Verification (UV) - If set, authenticator verified the actual user, through a biometric, PIN, or other authentication method.
    • Bit 6, Attested Credential Data (AT) - If set, attestedCredentialData will immediately follow the first 37 bytes of this authenticatorData.
    • Bit 7, Extension data (ED) - If set, extension data is present. Extension data will follow attestedCredentialData if it is present, or will immediatelly follow the first 37 bytes of the authenticatorData if no attestedCredentialData is present.
  • signCount (4 bytes) - A signature count from the authenticator. The server will use this counter to detect authenticator cloning.
  • attestedCredentialData (variable length) - The credential that was created. This is only present during a navigator.credentials.create() call. This is a sequence of bytes with the following format:
    • AAGUID (16 bytes) - Authenticator Attestation Globally Unique Identifier, a unique number that identifies the model of the authenticator (not the specific instance of the authenticator) so that a relying party can understand the characteristics of the authenticator by looking up its metadata statement.
    • credentialIdLength (2 bytes) - The length of the credential ID that immediately follows these bytes.
    • credentialId (variable length) - A unique identifier for this credential so that it can be requested for future authentications. The credential is "credentialIdLength" bytes long.
    • credentialPublicKey (variable length) -A COSE encoded public key. This public key will be stored on the server associated with a user's account and be used for future authentications.
  • extensions (variable length) - An optional CBOR map of extensions.

Examples

var options = {
  challenge: new Uint8Array(26), // will be another value, provided by the relying party server
  timeout: 60000
};

navigator.credentials.get({  publickey: options })
  .then(function (assertionPKCred) {
    var authenticatorData = assertionPKCred.response.authenticatorData;
    // Maybe try to convert the authenticatorData to see what's inside

    // Send response and client extensions to the server so that it can
    // go on with the authentication

}).catch(function (err) {
   console.error(err);
});

Specifications

SpecificationStatusComment
Web Authentication: An API for accessing Public Key Credentials Level 1
The definition of 'authenticatorData' in that specification.
RecommendationInitial definition.

Browser compatibility

BCD tables only load in the browser

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:77 次

字数:5760

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文