Package com.yubico.webauthn

Class RegistrationResult

java.lang.Object

com.yubico.webauthn.RegistrationResult

public final class RegistrationResult
extends Object

The result of a call to RelyingParty.finishRegistration(FinishRegistrationOptions).

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object o)
ByteArray	getAaguid()	The aaguid reported in the of the created credential.
Optional<List<X509Certificate>>	getAttestationTrustPath()	The attestation trust path for the created credential, if any.
@NonNull AttestationType	getAttestationType()	The attestation type that was used for the created credential.
Optional<AuthenticatorAttachment>	getAuthenticatorAttachment()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
Optional<AuthenticatorRegistrationExtensionOutputs>	getAuthenticatorExtensionOutputs()	The authenticator extension outputs, if any.
Optional<ClientRegistrationExtensionOutputs>	getClientExtensionOutputs()	The client extension outputs, if any.
PublicKeyCredentialDescriptor	getKeyId()	The credential ID and transports of the created credential.
ByteArray	getPublicKeyCose()	The public key of the created credential.
long	getSignatureCount()	The signature count returned with the created credential.
int	hashCode()
boolean	isAttestationTrusted()	true if and only if the attestation signature was successfully linked to a trusted attestation root.
boolean	isBackedUp()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
boolean	isBackupEligible()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
Optional<Boolean>	isDiscoverable()	Try to determine whether the created credential is a discoverable credential, also called a passkey, using the output from the credProps extension.
boolean	isUserVerified()	Check whether the user verification as performed during the registration ceremony.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

isUserVerified

public boolean isUserVerified()

Check whether the user verification as performed during the registration ceremony.

This flag is also available via PublicKeyCredential.getResponse().getParsedAuthenticatorData().getFlags().UV .

Returns:

true if and only if the authenticator claims to have performed user verification during the registration ceremony.

See Also:

• User Verification
• UV flag in §6.1. Authenticator Data

isBackupEligible

@Deprecated
public boolean isBackupEligible()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

Check whether the created credential is backup eligible, using the BE flag in the authenticator data.

You SHOULD store this value in your representation of a RegisteredCredential. CredentialRepository implementations SHOULD set this value as the backupEligible(Boolean) value when reconstructing that RegisteredCredential.

Returns:

true if and only if the created credential is backup eligible. NOTE that this is only a hint and not a guarantee, unless backed by a trusted authenticator attestation.

See Also:

• Backup Eligible in §4. Terminology
• BE flag in §6.1. Authenticator Data

isBackedUp

@Deprecated
public boolean isBackedUp()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

Get the current backup state of the created credential, using the BS flag in the authenticator data.

You SHOULD store this value in your representation of a RegisteredCredential. CredentialRepository implementations SHOULD set this value as the backupState(Boolean) value when reconstructing that RegisteredCredential.

Returns:

true if and only if the created credential is believed to currently be backed up. NOTE that this is only a hint and not a guarantee, unless backed by a trusted authenticator attestation.

See Also:

• Backup State in §4. Terminology
• BS flag in §6.1. Authenticator Data

getAuthenticatorAttachment

@Deprecated
public Optional<AuthenticatorAttachment> getAuthenticatorAttachment()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The authenticator attachment modality in effect at the time the credential was created.

See Also:

• PublicKeyCredential.getAuthenticatorAttachment()

getSignatureCount

public long getSignatureCount()

The signature count returned with the created credential.

This is used in RelyingParty.finishAssertion(FinishAssertionOptions) to verify the validity of future signature counter values.

See Also:

• RegisteredCredential.getSignatureCount()

getKeyId

public PublicKeyCredentialDescriptor getKeyId()

The credential ID and transports of the created credential.

See Also:

• Credential ID
• 5.8.3. Credential Descriptor (dictionary PublicKeyCredentialDescriptor)
• PublicKeyCredential.getId()

getAaguid

public ByteArray getAaguid()

The aaguid reported in the of the created credential.

This MAY be an AAGUID consisting of only zeroes.

getPublicKeyCose

public ByteArray getPublicKeyCose()

The public key of the created credential.

This is used in RelyingParty.finishAssertion(FinishAssertionOptions) to verify the authentication signatures.

See Also:

• RegisteredCredential.getPublicKeyCose()

getClientExtensionOutputs

public Optional<ClientRegistrationExtensionOutputs> getClientExtensionOutputs()

The client extension outputs, if any.

This is present if and only if at least one extension output is present in the return value.

See Also:

• §9.4. Client Extension Processing
• ClientRegistrationExtensionOutputs
• ()

getAuthenticatorExtensionOutputs

public Optional<AuthenticatorRegistrationExtensionOutputs> getAuthenticatorExtensionOutputs()

The authenticator extension outputs, if any.

This is present if and only if at least one extension output is present in the return value.

See Also:

• §9.5. Authenticator Extension Processing
• AuthenticatorRegistrationExtensionOutputs
• getClientExtensionOutputs()

isDiscoverable

public Optional<Boolean> isDiscoverable()

Try to determine whether the created credential is a discoverable credential, also called a passkey, using the output from the credProps extension.

Returns:

A present true if the created credential is a passkey (discoverable). A present false if the created credential is not a passkey. An empty value if it is not known whether the created credential is a passkey.

See Also:

• §10.4. Credential Properties Extension (credProps), "rk" output
• Discoverable Credential
• Passkey in passkeys.dev reference

getAttestationTrustPath

public Optional<List<X509Certificate>> getAttestationTrustPath()

The attestation trust path for the created credential, if any.

If present, this may be useful for looking up attestation metadata from external sources. The attestation trust path has been successfully verified as trusted if and only if isAttestationTrusted() is true.

You can ignore this if authenticator attestation is not relevant to your application.

See Also:

• Attestation trust path

isAttestationTrusted

public boolean isAttestationTrusted()

true if and only if the attestation signature was successfully linked to a trusted attestation root.

This will always be false unless the attestationTrustSource setting was configured on the RelyingParty instance.

You can ignore this if authenticator attestation is not relevant to your application.

getAttestationType

@NonNull
public @NonNull AttestationType getAttestationType()

The attestation type that was used for the created credential.

You can ignore this if authenticator attestation is not relevant to your application.

See Also:

• §6.4.3. Attestation Types

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object