[PM-5731] feat: scaffold fido2 client

2025-12-18 09:13:15 +00:00 · 2024-02-06 14:20:52 +01:00
parent 00cff182b4
commit 70db27b750
9 changed files with 280 additions and 0 deletions
--- a/src/Core/Utilities/Fido2/Fido2ClientAssertCredentialParams.cs
+++ b/src/Core/Utilities/Fido2/Fido2ClientAssertCredentialParams.cs
@@ -0,0 +1,51 @@
+namespace Bit.Core.Utilities.Fido2
+{
+    #nullable enable
+
+    /// <summary>
+    /// Parameters for asserting a credential.
+    /// 
+    /// This class is an extended version of the WebAuthn struct:
+    /// https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialrequestoptions
+    /// </summary>
+    public class Fido2ClientAssertCredentialParams
+    {
+        /// <summary>
+        /// S challenge that the selected authenticator signs, along with other data, when producing an authentication
+        /// assertion. 
+        /// </summary>
+        public required byte[] Challenge { get; set; }
+
+        /// <summary>
+        /// The relying party identifier claimed by the caller. If omitted, its value will be the CredentialsContainer 
+        /// object's relevant settings object's origin's effective domain.
+        /// </summary>
+        public string RpId { get; set; }
+
+        /// <summary>
+        /// The Relying Party's origin (e.g., "https://example.com").
+        /// </summary>
+        public string Origin { get; set; }
+        
+        /// <summary>
+        /// A list of PublicKeyCredentialDescriptor objects representing public key credentials acceptable to the caller,
+        /// in descending order of the caller’s preference (the first item in the list is the most preferred credential,
+        /// and so on down the list).
+        /// </summary>
+        public PublicKeyCredentialDescriptor[] AllowCredentials { get; set; } = [];
+
+        /// <summary>
+        /// The Relying Party's requirements regarding user verification for the get() operation.
+        /// </summary>
+        public string UserVerification { get; set; } = "preferred";
+
+        /// <summary>
+        /// This time, in milliseconds, that the caller is willing to wait for the call to complete.
+        /// This is treated as a hint, and MAY be overridden by the client.
+        /// </summary>
+        /// <remarks>
+        /// This is not currently supported.
+        /// </remarks>
+        public int? Timeout { get; set; }
+    }
+}