Package com.yubico.webauthn

Class StartAssertionOptions

java.lang.Object

com.yubico.webauthn.StartAssertionOptions

public final class StartAssertionOptions
extends Object

Parameters for RelyingParty.startAssertion(StartAssertionOptions).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	StartAssertionOptions.StartAssertionOptionsBuilder

Method Summary

Modifier and Type	Method	Description
static StartAssertionOptions.StartAssertionOptionsBuilder	builder()
boolean	equals(Object o)
@NonNull AssertionExtensionInputs	getExtensions()	Extension inputs for this authentication operation.
Optional<Long>	getTimeout()	The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.
Optional<ByteArray>	getUserHandle()	The user handle of the user to authenticate, if the user has already been identified.
Optional<String>	getUsername()	The username of the user to authenticate, if the user has already been identified.
Optional<UserVerificationRequirement>	getUserVerification()	The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.
int	hashCode()
StartAssertionOptions.StartAssertionOptionsBuilder	toBuilder()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getUsername

public Optional<String> getUsername()

The username of the user to authenticate, if the user has already been identified.

Mutually exclusive with getUserHandle().

If this or getUserHandle() is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and getUserHandle() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• Client-side-discoverable credential
• Passkey in passkeys.dev reference

getUserHandle

public Optional<ByteArray> getUserHandle()

The user handle of the user to authenticate, if the user has already been identified.

Mutually exclusive with getUsername().

If this or getUsername() is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and getUsername() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• getUsername()
• User Handle
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

getUserVerification

public Optional<UserVerificationRequirement> getUserVerification()

The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.

If set to UserVerificationRequirement.REQUIRED, then RelyingParty.finishAssertion(FinishAssertionOptions) will enforce that user verificationwas performed in this authentication ceremony.

The default is UserVerificationRequirement.PREFERRED.

getTimeout

public Optional<Long> getTimeout()

The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.

This library does not take the timeout into account in any way, other than passing it through to the PublicKeyCredentialRequestOptions so it can be used as an argument to navigator.credentials.get() on the client side.

The default is empty.

builder

public static StartAssertionOptions.StartAssertionOptionsBuilder builder()

toBuilder

public StartAssertionOptions.StartAssertionOptionsBuilder toBuilder()

getExtensions

@NonNull
public @NonNull AssertionExtensionInputs getExtensions()

Extension inputs for this authentication operation.

If RelyingParty.getAppId() is set, RelyingParty.startAssertion(StartAssertionOptions) will overwrite any appId extension input set herein.

The default specifies no extension inputs.

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object