RelyingParty.RelyingPartyBuilder (webauthn-server-core 1.1.0 API)

java.lang.Object
- com.yubico.webauthn.RelyingParty.RelyingPartyBuilder

Enclosing class:: RelyingParty

public static class RelyingParty.RelyingPartyBuilder
extends java.lang.Object

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class RelyingParty.RelyingPartyBuilder.MandatoryStages

Nested Classes
Modifier and Type	Class and Description
`static class`	`RelyingParty.RelyingPartyBuilder.MandatoryStages`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`RelyingParty.RelyingPartyBuilder`	`allowUnrequestedExtensions(boolean allowUnrequestedExtensions)` If `true`, `finishRegistration` and `finishAssertion` will accept responses containing extension outputs for which there was no extension input.
`RelyingParty.RelyingPartyBuilder`	`allowUntrustedAttestation(boolean allowUntrustedAttestation)` If `true`, `finishRegistration` will only allow registrations where the attestation signature can be linked to a trusted attestation root.
`RelyingParty.RelyingPartyBuilder`	`appId(@NonNull AppId appId)` The extension input to set for the `appid` extension when initiating authentication operations.
`RelyingParty.RelyingPartyBuilder`	`appId(@NonNull java.util.Optional<AppId> appId)` The extension input to set for the `appid` extension when initiating authentication operations.
`RelyingParty.RelyingPartyBuilder`	`attestationConveyancePreference(@NonNull AttestationConveyancePreference attestationConveyancePreference)` The argument for the `attestation` parameter in registration operations.
`RelyingParty.RelyingPartyBuilder`	`attestationConveyancePreference(@NonNull java.util.Optional<AttestationConveyancePreference> attestationConveyancePreference)` The argument for the `attestation` parameter in registration operations.
`RelyingParty`	`build()`
`RelyingParty.RelyingPartyBuilder`	`credentialRepository(@NonNull CredentialRepository credentialRepository)` An abstract database which can look up credentials, usernames and user handles from usernames, user handles and credential IDs.
`RelyingParty.RelyingPartyBuilder`	`identity(@NonNull RelyingPartyIdentity identity)` The `RelyingPartyIdentity` that will be set as the `rp` parameter when initiating registration operations, and which `AuthenticatorData.getRpIdHash()` will be compared against.
`RelyingParty.RelyingPartyBuilder`	`metadataService(@NonNull MetadataService metadataService)` A `MetadataService` instance to use for looking up device attestation metadata.
`RelyingParty.RelyingPartyBuilder`	`metadataService(@NonNull java.util.Optional<MetadataService> metadataService)` A `MetadataService` instance to use for looking up device attestation metadata.
`RelyingParty.RelyingPartyBuilder`	`origins(@NonNull java.util.Set<java.lang.String> origins)` The allowed origins that returned authenticator responses will be compared against.
`RelyingParty.RelyingPartyBuilder`	`preferredPubkeyParams(@NonNull java.util.List<PublicKeyCredentialParameters> preferredPubkeyParams)` The argument for the `pubKeyCredParams` parameter in registration operations.
`java.lang.String`	`toString()`
`RelyingParty.RelyingPartyBuilder`	`validateSignatureCounter(boolean validateSignatureCounter)` If `true`, `finishAssertion` will fail if the `signature counter value` in the response is not strictly greater than the `stored signature counter value`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Method Detail
  - appId
```
public RelyingParty.RelyingPartyBuilder appId(@NonNull
                                              @NonNull java.util.Optional<AppId> appId)
```
    The extension input to set for the appid extension when initiating authentication operations.
    If this member is set, startAssertion will automatically set the appid extension input, and finishAssertion will adjust its verification logic to also accept this AppID as an alternative to the RP ID.
    
    By default, this is not set.
    
    See Also:
    
    AssertionExtensionInputs.getAppid(), §10.1. FIDO AppID Extension (appid)
  - appId
```
public RelyingParty.RelyingPartyBuilder appId(@NonNull
                                              @NonNull AppId appId)
```
    The extension input to set for the appid extension when initiating authentication operations.
    If this member is set, startAssertion will automatically set the appid extension input, and finishAssertion will adjust its verification logic to also accept this AppID as an alternative to the RP ID.
    
    By default, this is not set.
    
    See Also:
    
    AssertionExtensionInputs.getAppid(), §10.1. FIDO AppID Extension (appid)
  - attestationConveyancePreference
```
public RelyingParty.RelyingPartyBuilder attestationConveyancePreference(@NonNull
                                                                        @NonNull java.util.Optional<AttestationConveyancePreference> attestationConveyancePreference)
```
    The argument for the attestation parameter in registration operations.
    Unless your application has a concrete policy for authenticator attestation, it is recommended to leave this parameter undefined.
    
    By default, this is not set.
    
    See Also:
    
    PublicKeyCredentialCreationOptions.getAttestation(), §6.4. Attestation
  - attestationConveyancePreference
```
public RelyingParty.RelyingPartyBuilder attestationConveyancePreference(@NonNull
                                                                        @NonNull AttestationConveyancePreference attestationConveyancePreference)
```
    The argument for the attestation parameter in registration operations.
    Unless your application has a concrete policy for authenticator attestation, it is recommended to leave this parameter undefined.
    
    By default, this is not set.
    
    See Also:
    
    PublicKeyCredentialCreationOptions.getAttestation(), §6.4. Attestation
  - metadataService
```
public RelyingParty.RelyingPartyBuilder metadataService(@NonNull
                                                        @NonNull java.util.Optional<MetadataService> metadataService)
```
    A MetadataService instance to use for looking up device attestation metadata. This matters only if RelyingParty.getAttestationConveyancePreference() is non-empty and not set to AttestationConveyancePreference.NONE.
    By default, this is not set.
    
    See Also:
    
    PublicKeyCredentialCreationOptions.getAttestation(), §6.4. Attestation
  - metadataService
```
public RelyingParty.RelyingPartyBuilder metadataService(@NonNull
                                                        @NonNull MetadataService metadataService)
```
    A MetadataService instance to use for looking up device attestation metadata. This matters only if RelyingParty.getAttestationConveyancePreference() is non-empty and not set to AttestationConveyancePreference.NONE.
    By default, this is not set.
    
    See Also:
    
    PublicKeyCredentialCreationOptions.getAttestation(), §6.4. Attestation
  - identity
```
public RelyingParty.RelyingPartyBuilder identity(@NonNull
                                                 @NonNull RelyingPartyIdentity identity)
```
    The RelyingPartyIdentity that will be set as the rp parameter when initiating registration operations, and which AuthenticatorData.getRpIdHash() will be compared against. This is a required parameter.
    A successful registration or authentication operation requires AuthenticatorData.getRpIdHash() to exactly equal the SHA-256 hash of this member's id member. Alternatively, it may instead equal the SHA-256 hash of appId if the latter is present.
    
    See Also:
    
    RelyingParty.startRegistration(StartRegistrationOptions), PublicKeyCredentialCreationOptions
  - origins
```
public RelyingParty.RelyingPartyBuilder origins(@NonNull
                                                @NonNull java.util.Set<java.lang.String> origins)
```
    The allowed origins that returned authenticator responses will be compared against.
    The default is the set containing only the string "https://" + RelyingParty.getIdentity().getId().
    
    A successful registration or authentication operation requires CollectedClientData.getOrigin() to exactly equal one of these values.
    
    See Also:
    
    RelyingParty.getIdentity()
  - credentialRepository
```
public RelyingParty.RelyingPartyBuilder credentialRepository(@NonNull
                                                             @NonNull CredentialRepository credentialRepository)
```
    An abstract database which can look up credentials, usernames and user handles from usernames, user handles and credential IDs. This is a required parameter.
    This is used to look up:
    - the user handle for a user logging in via user name
    - the user name for a user logging in via user handle
    - the credential IDs to include in PublicKeyCredentialCreationOptions.getExcludeCredentials()
    - the credential IDs to include in PublicKeyCredentialRequestOptions.getAllowCredentials()
    - that the correct user owns the credential when verifying an assertion
    - the public key to use to verify an assertion
    - the stored signature counter when verifying an assertion
  - preferredPubkeyParams
```
public RelyingParty.RelyingPartyBuilder preferredPubkeyParams(@NonNull
                                                              @NonNull java.util.List<PublicKeyCredentialParameters> preferredPubkeyParams)
```
    The argument for the pubKeyCredParams parameter in registration operations.
    This is a list of acceptable public key algorithms and their parameters, ordered from most to least preferred.
    
    The default is the following list:
    1. ES256
    2. RS256
    See Also:
    
    PublicKeyCredentialCreationOptions.getAttestation(), §6.4. Attestation
  - allowUnrequestedExtensions
```
public RelyingParty.RelyingPartyBuilder allowUnrequestedExtensions(boolean allowUnrequestedExtensions)
```
    If true, finishRegistration and finishAssertion will accept responses containing extension outputs for which there was no extension input.
    The default is false.
    
    See Also:
    
    §9. WebAuthn Extensions
  - allowUntrustedAttestation
```
public RelyingParty.RelyingPartyBuilder allowUntrustedAttestation(boolean allowUntrustedAttestation)
```
    If true, finishRegistration will only allow registrations where the attestation signature can be linked to a trusted attestation root. This excludes self attestation and none attestation.
    Regardless of the value of this option, invalid attestation statements of supported formats will always be rejected. For example, a "packed" attestation statement with an invalid signature will be rejected even if this option is set to true.
    
    The default is true.
  - validateSignatureCounter
```
public RelyingParty.RelyingPartyBuilder validateSignatureCounter(boolean validateSignatureCounter)
```
    If true, finishAssertion will fail if the signature counter value in the response is not strictly greater than the stored signature counter value.
    The default is true.
  - build
```
public RelyingParty build()
```
  - toString
```
public java.lang.String toString()
```
    Overrides:
    
    toString in class java.lang.Object

Class RelyingParty.RelyingPartyBuilder

Nested Class Summary

Method Summary

Methods inherited from class java.lang.Object

Method Detail

appId

appId

attestationConveyancePreference

attestationConveyancePreference

metadataService

metadataService

identity

origins

credentialRepository

preferredPubkeyParams

allowUnrequestedExtensions

allowUntrustedAttestation

validateSignatureCounter

build

toString