WebAuthnP256.getSignPayload
Constructs the final digest that was signed and computed by the authenticator. This payload includes the cryptographic challenge
, as well as authenticator metadata (authenticatorData
+ clientDataJSON
). This value can be also used with raw P256 verification (such as P256.verify
or WebCryptoP256.verify
).
Imports
import { WebAuthnP256 } from 'ox'
Examples
import { WebAuthnP256, WebCryptoP256 } from 'ox'
const { metadata, payload } = WebAuthnP256.getSignPayload({
challenge: '0xdeadbeef',
})
{ metadata: { authenticatorData: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000", challengeIndex: 23, clientDataJSON: "{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}", typeIndex: 1, userVerificationRequired: true, }, payload: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000045086dcb06a5f234db625bcdc94e657f86b76b6fd3eb9c30543eabc1e577a4b0", } const { publicKey, privateKey } = await WebCryptoP256.createKeyPair()
const signature = await WebCryptoP256.sign({
payload,
privateKey,
})
Definition
function getSignPayload(
options: getSignPayload.Options,
): getSignPayload.ReturnType
Source: src/core/WebAuthnP256.ts
Parameters
options
- Type:
getSignPayload.Options
Options to construct the signing payload.
options.challenge
- Type:
0x${string}
The challenge to sign.
options.crossOrigin
- Type:
boolean
- Optional
If set to true
, it means that the calling context is an <iframe>
that is not same origin with its ancestor frames.
options.extraClientData
- Type:
Record
- Optional
Additional client data to include in the client data JSON.
options.flag
- Type:
number
- Optional
A bitfield that indicates various attributes that were asserted by the authenticator. Read more
options.hash
- Type:
boolean
- Optional
If set to true
, the payload will be hashed before being returned.
options.origin
- Type:
string
- Optional
The fully qualified origin of the relying party which has been given by the client/browser to the authenticator.
options.rpId
- Type:
string
- Optional
The Relying Party ID that the credential is scoped to.
options.signCount
- Type:
number
- Optional
A signature counter, if supported by the authenticator (set to 0 otherwise).
options.userVerification
- Type:
UserVerificationRequirement
- Optional
The user verification requirement that the authenticator will enforce.
Return Type
The signing payload.
getSignPayload.ReturnType