Package com.yubico.webauthn

Interface CredentialRepository

public interface CredentialRepository

An abstraction of the database lookups needed by this library.

This is used by RelyingParty to look up credentials, usernames and user handles from usernames, user handles and credential IDs.

Method Summary

Modifier and Type	Method	Description
Set<PublicKeyCredentialDescriptor>	getCredentialIdsForUsername(String username)	Get the credential IDs of all credentials registered to the user with the given username.
Optional<ByteArray>	getUserHandleForUsername(String username)	Get the user handle corresponding to the given username - the inverse of getUsernameForUserHandle(ByteArray).
Optional<String>	getUsernameForUserHandle(ByteArray userHandle)	Get the username corresponding to the given user handle - the inverse of getUserHandleForUsername(String).
Optional<RegisteredCredential>	lookup(ByteArray credentialId, ByteArray userHandle)	Look up the public key and stored signature count for the given credential registered to the given user.
Set<RegisteredCredential>	lookupAll(ByteArray credentialId)	Look up all credentials with the given credential ID, regardless of what user they're registered to.

Method Details

getCredentialIdsForUsername

Set<PublicKeyCredentialDescriptor> getCredentialIdsForUsername(String username)

Get the credential IDs of all credentials registered to the user with the given username.

After a successful registration ceremony, the RegistrationResult.getKeyId() method returns a value suitable for inclusion in this set.

getUserHandleForUsername

Optional<ByteArray> getUserHandleForUsername(String username)

Get the user handle corresponding to the given username - the inverse of getUsernameForUserHandle(ByteArray).

Used to look up the user handle based on the username, for authentication ceremonies where the username is already given.

getUsernameForUserHandle

Optional<String> getUsernameForUserHandle(ByteArray userHandle)

Get the username corresponding to the given user handle - the inverse of getUserHandleForUsername(String).

Used to look up the username based on the user handle, for username-less authentication ceremonies.

lookup

Optional<RegisteredCredential> lookup(ByteArray credentialId,
 ByteArray userHandle)

Look up the public key and stored signature count for the given credential registered to the given user.

The returned RegisteredCredential is not expected to be long-lived. It may be read directly from a database or assembled from other components.

lookupAll

Set<RegisteredCredential> lookupAll(ByteArray credentialId)

Look up all credentials with the given credential ID, regardless of what user they're registered to.

This is used to refuse registration of duplicate credential IDs. Therefore, under normal circumstances this method should only return zero or one credential (this is an expected consequence, not an interface requirement).