Interface CredentialRepository


  • public interface CredentialRepository
    An abstraction of the database lookups needed by this library.

    This is used by RelyingParty to look up credentials, usernames and user handles from usernames, user handles and credential IDs.

    • Method Detail

      • getCredentialIdsForUsername

        java.util.Set<PublicKeyCredentialDescriptor> getCredentialIdsForUsername​(java.lang.String username)
        Get the credential IDs of all credentials registered to the user with the given username.

        After a successful registration ceremony, the RegistrationResult.getKeyId() method returns a value suitable for inclusion in this set.

      • getUserHandleForUsername

        java.util.Optional<ByteArray> getUserHandleForUsername​(java.lang.String username)
        Get the user handle corresponding to the given username - the inverse of getUsernameForUserHandle(ByteArray).

        Used to look up the user handle based on the username, for authentication ceremonies where the username is already given.

      • getUsernameForUserHandle

        java.util.Optional<java.lang.String> getUsernameForUserHandle​(ByteArray userHandle)
        Get the username corresponding to the given user handle - the inverse of getUserHandleForUsername(String).

        Used to look up the username based on the user handle, for username-less authentication ceremonies.

      • lookup

        java.util.Optional<RegisteredCredential> lookup​(ByteArray credentialId,
                                                        ByteArray userHandle)
        Look up the public key and stored signature count for the given credential registered to the given user.

        The returned RegisteredCredential is not expected to be long-lived. It may be read directly from a database or assembled from other components.

      • lookupAll

        java.util.Set<RegisteredCredential> lookupAll​(ByteArray credentialId)
        Look up all credentials with the given credential ID, regardless of what user they're registered to.

        This is used to refuse registration of duplicate credential IDs. Therefore, under normal circumstances this method should only return zero or one credential (this is an expected consequence, not an interface requirement).