Skip to content

WebAuthnP256.getSignPayload

Constructs the final digest that was signed and computed by the authenticator. This payload includes the cryptographic challenge, as well as authenticator metadata (authenticatorData + clientDataJSON). This value can be also used with raw P256 verification (such as P256.verify or WebCryptoP256.verify).

Imports

Named
import { WebAuthnP256 } from 'ox'

Examples

import { WebAuthnP256, WebCryptoP256 } from 'ox'
 
const { metadata, payload } = WebAuthnP256.getSignPayload({ 
  challenge: '0xdeadbeef', 
})

{
 
  metadata: {
 
    authenticatorData: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000",
 
    challengeIndex: 23,
 
    clientDataJSON: "{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}",
 
    typeIndex: 1,
 
    userVerificationRequired: true,
 
  },
 
  payload: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000045086dcb06a5f234db625bcdc94e657f86b76b6fd3eb9c30543eabc1e577a4b0",
 
}
 const { publicKey, privateKey } = await WebCryptoP256.createKeyPair()
 
const signature = await WebCryptoP256.sign({
  payload,
  privateKey,
})

Definition

function getSignPayload(
  options: getSignPayload.Options,
): getSignPayload.ReturnType

Source: src/core/WebAuthnP256.ts

Parameters

options

  • Type: getSignPayload.Options

Options to construct the signing payload.

options.challenge

  • Type: 0x${string}

The challenge to sign.

options.crossOrigin

  • Type: boolean
  • Optional

If set to true, it means that the calling context is an <iframe> that is not same origin with its ancestor frames.

options.extraClientData

  • Type: Record
  • Optional

Additional client data to include in the client data JSON.

options.flag

  • Type: number
  • Optional

A bitfield that indicates various attributes that were asserted by the authenticator. Read more

options.hash

  • Type: boolean
  • Optional

If set to true, the payload will be hashed before being returned.

options.origin

  • Type: string
  • Optional

The fully qualified origin of the relying party which has been given by the client/browser to the authenticator.

options.rpId

  • Type: string
  • Optional

The Relying Party ID that the credential is scoped to.

options.signCount

  • Type: number
  • Optional

A signature counter, if supported by the authenticator (set to 0 otherwise).

options.userVerification

  • Type: UserVerificationRequirement
  • Optional

The user verification requirement that the authenticator will enforce.

Return Type

The signing payload.

getSignPayload.ReturnType