Package com.yubico.webauthn

Class AssertionResult

java.lang.Object

com.yubico.webauthn.AssertionResult

public final class AssertionResult
extends Object

The result of a call to RelyingParty.finishAssertion(FinishAssertionOptions).

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
Optional<AuthenticatorAttachment>	getAuthenticatorAttachment()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
Optional<AuthenticatorAssertionExtensionOutputs>	getAuthenticatorExtensionOutputs()	The authenticator extension outputs, if any.
Optional<ClientAssertionExtensionOutputs>	getClientExtensionOutputs()	The client extension outputs, if any.
RegisteredCredential	getCredential()	The RegisteredCredential that was returned by CredentialRepository.lookup(ByteArray, ByteArray) and whose public key was used to successfully verify the assertion signature.
ByteArray	getCredentialId()	Deprecated. Use getCredential().getCredentialId() instead.
long	getSignatureCount()	The new signature count of the credential used for the assertion.
ByteArray	getUserHandle()	Deprecated. Use getCredential().getUserHandle() instead.
@NonNull String	getUsername()	The username of the authenticated user.
int	hashCode()
boolean	isBackedUp()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
boolean	isBackupEligible()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
boolean	isSignatureCounterValid()	true if and only if at least one of the following is true: The signature counter value in the assertion was strictly greater than the stored one.
boolean	isSuccess()	true if the assertion was verified successfully.
boolean	isUserVerified()	Check whether the user verification as performed during the authentication ceremony.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getCredentialId

@Deprecated
public ByteArray getCredentialId()

Deprecated.

Use getCredential().getCredentialId() instead.

The credential ID of the credential used for the assertion.

See Also:

• Credential ID
• PublicKeyCredentialRequestOptions.getAllowCredentials()

getUserHandle

@Deprecated
public ByteArray getUserHandle()

Deprecated.

Use getCredential().getUserHandle() instead.

The user handle of the authenticated user.

See Also:

• User Handle
• UserIdentity.getId()
• getUsername()

isUserVerified

public boolean isUserVerified()

Check whether the user verification as performed during the authentication ceremony.

This flag is also available via PublicKeyCredential.getResponse().getParsedAuthenticatorData().getFlags().UV .

Returns:

true if and only if the authenticator claims to have performed user verification during the authentication ceremony.

See Also:

• User Verification
• UV flag in §6.1. Authenticator Data

isBackupEligible

@Deprecated
public boolean isBackupEligible()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

Check whether the asserted credential is backup eligible, using the BE flag in the authenticator data.

You SHOULD store this value in your representation of the corresponding RegisteredCredential if no value is stored yet. CredentialRepository implementations SHOULD set this value as the backupEligible(Boolean) value when reconstructing that RegisteredCredential.

Returns:

true if and only if the created credential is backup eligible. NOTE that this is only a hint and not a guarantee, unless backed by a trusted authenticator attestation.

See Also:

• Backup Eligible in §4. Terminology
• BE flag in §6.1. Authenticator Data

isBackedUp

@Deprecated
public boolean isBackedUp()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

Get the current backup state of the asserted credential, using the BS flag in the authenticator data.

You SHOULD update this value in your representation of a RegisteredCredential. CredentialRepository implementations SHOULD set this value as the backupState(Boolean) value when reconstructing that RegisteredCredential.

Returns:

true if and only if the created credential is believed to currently be backed up. NOTE that this is only a hint and not a guarantee, unless backed by a trusted authenticator attestation.

See Also:

• Backup State in §4. Terminology
• BS flag in §6.1. Authenticator Data

getAuthenticatorAttachment

@Deprecated
public Optional<AuthenticatorAttachment> getAuthenticatorAttachment()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The authenticator attachment modality in effect at the time the asserted credential was used.

See Also:

• PublicKeyCredential.getAuthenticatorAttachment()

getSignatureCount

public long getSignatureCount()

The new signature count of the credential used for the assertion.

You should update this value in your database.

See Also:

• AuthenticatorData.getSignatureCounter()

getClientExtensionOutputs

public Optional<ClientAssertionExtensionOutputs> getClientExtensionOutputs()

The client extension outputs, if any.

This is present if and only if at least one extension output is present in the return value.

See Also:

• §9.4. Client Extension Processing
• ClientAssertionExtensionOutputs
• ()

getAuthenticatorExtensionOutputs

public Optional<AuthenticatorAssertionExtensionOutputs> getAuthenticatorExtensionOutputs()

The authenticator extension outputs, if any.

This is present if and only if at least one extension output is present in the return value.

See Also:

• §9.5. Authenticator Extension Processing
• AuthenticatorAssertionExtensionOutputs
• getClientExtensionOutputs()

isSuccess

public boolean isSuccess()

true if the assertion was verified successfully.

getCredential

public RegisteredCredential getCredential()

The RegisteredCredential that was returned by CredentialRepository.lookup(ByteArray, ByteArray) and whose public key was used to successfully verify the assertion signature.

NOTE: The signature count, backup eligibility and backup state properties in this object will reflect the state before the assertion operation, not the new state. When updating your database state, use the signature counter and backup state from getSignatureCount(), isBackupEligible() and isBackedUp() instead.

getUsername

@NonNull
public @NonNull String getUsername()

The username of the authenticated user.

See Also:

• getUserHandle()

isSignatureCounterValid

public boolean isSignatureCounterValid()

true if and only if at least one of the following is true:

• The signature counter value in the assertion was strictly greater than the stored one.
• The signature counter value in the assertion and the stored one were both zero.

See Also:

• §6.1. Authenticator Data
• AuthenticatorData.getSignatureCounter()
• RegisteredCredential.getSignatureCount()
• RelyingParty.RelyingPartyBuilder.validateSignatureCounter(boolean)

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object