Files
fizzy/lib/action_pack/web_authn.rb
T
Stanko K.R. 017bcc9ce1 Polish up Passkey interface
- Fix indentation
- Split awkward initializer into separate methods
- Rename credentials to passkeys
- Simplify authenticator registry loading
- Flatten nested errors under ActionPack::WebAuthn
- Set passkey current params only requests that use it
- Inline anemic methods
- Replace custom validation with ActiveModel::Validation
- Rename identity to holder in Passkey
- Rename credentials to passkeys in JS
- Extract framework library out of controllers
- Pass params hashes down to ActionPack
- Attempt to simplify public interface
- Push data decoding down to the classes representing the data
- Introduce has_passkeys
- Add CBOR bigint support
- Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey
- Add create_passkey_button helper
- Rename public-key to creation-options
- Add sign_in_with_passkey_button helper
- Dispatch events for the whole Passkey lifecycle
- Add ED25519 support
- Prevent crash on missing meta tag
- Validate resident key options
- Don't clobber existing ActionPack config options
- Validate cryptographic params
- Move CurrentWebAuthnRequest into ActionPack::Passkey
- Use ActiveModel::Attributes for Options objects
- Implement expiring challanges
- Add lifecycle events
- Extract param helpers into Request
- Add passkey_creation_options and passkey_request_options helpers
- Add create_passkey_challenge to make it easier to override the create method if needed
- Prefix all view helpers with passkey_
- Auto-include ActionPack::Passkey::Holder
- Make the passkey challange url configurable
- Add a reminder about Passkeys to the magic link email
2026-03-18 11:51:10 +01:00

65 lines
2.1 KiB
Ruby

# = Action Pack WebAuthn
#
# Provides a pure-Ruby implementation of the WebAuthn (Web Authentication)
# specification for passkey registration and authentication. This module
# is the top-level namespace for all WebAuthn components and provides
# shared utilities used across ceremonies.
#
# == Components
#
# [ActionPack::WebAuthn::RelyingParty]
# Identifies your application to authenticators.
#
# [ActionPack::WebAuthn::PublicKeyCredential]
# Orchestrates registration and authentication ceremonies.
#
# [ActionPack::WebAuthn::Authenticator]
# Parses and validates authenticator responses.
#
# [ActionPack::WebAuthn::CborDecoder]
# Decodes CBOR-encoded data from authenticators.
#
# [ActionPack::WebAuthn::CoseKey]
# Parses COSE public keys into OpenSSL key objects.
#
# == Extending Attestation Formats
#
# By default only the "none" attestation format is supported. Register
# additional verifiers with:
#
# ActionPack::WebAuthn.register_attestation_verifier("packed", MyPackedVerifier.new)
#
module ActionPack::WebAuthn
class InvalidResponseError < StandardError; end
class InvalidCborError < StandardError; end
class InvalidKeyError < StandardError; end
class UnsupportedKeyTypeError < StandardError; end
class InvalidOptionsError < StandardError; end
class << self
# Returns a new RelyingParty configured from the current request context.
def relying_party
RelyingParty.new
end
# Returns the MessageVerifier used to sign and verify WebAuthn challenges.
def challenge_verifier
Rails.application.message_verifier("action_pack.webauthn.challenge")
end
# Returns the registry of attestation format verifiers, keyed by format
# string (e.g., "none", "packed"). Only "none" is registered by default.
def attestation_verifiers
@attestation_verifiers ||= {
"none" => Authenticator::AttestationVerifiers::None.new
}
end
# Registers a custom attestation verifier for the given +format+.
# The +verifier+ must respond to +verify!(attestation, client_data_json:)+.
def register_attestation_verifier(format, verifier)
attestation_verifiers[format.to_s] = verifier
end
end
end