Package com.yubico.webauthn.data

Class UserIdentity

java.lang.Object
com.yubico.webauthn.data.UserIdentity
All Implemented Interfaces:
PublicKeyCredentialEntity
public final class UserIdentity extends Object implements PublicKeyCredentialEntity
Describes a user account, with which public key credentials can be associated.
See Also:

  • Method Details

    • builder

      public static UserIdentity.UserIdentityBuilder.MandatoryStages builder()

    • toBuilder

      public UserIdentity.UserIdentityBuilder toBuilder()

    • getDisplayName

      @NonNull public @NonNull String getDisplayName()
      A human-palatable name for the user account, intended only for display. For example, "Alex P. Müller" or "田中 倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.
      • Relying Parties SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for the Nickname Profile of the PRECIS FreeformClass [RFC8264], when setting displayName's value, or displaying the value to the user.
      • Clients SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for the Nickname Profile of the PRECIS FreeformClass [RFC8264], on displayName's value prior to displaying the value to the user or including the value as a parameter of the authenticatorMakeCredential operation.

      When clients, client platforms, or authenticators display a displayName's value, they should always use UI elements to provide a clear boundary around the displayed value, and not allow overflow into other elements.

      Authenticators MUST accept and store a 64-byte minimum length for a displayName member's value. Authenticators MAY truncate a displayName member's value to a length equal to or greater than 64 bytes.

      See Also:

    • getId

      @NonNull public @NonNull ByteArray getId()
      The user handle for the account, specified by the Relying Party.

      A user handle is an opaque byte sequence with a maximum size of 64 bytes. User handles are not meant to be displayed to users. The user handle SHOULD NOT contain personally identifying information about the user, such as a username or e-mail address; see §14.9 User Handle Contents for details.

      To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id member, not the displayName nor name members. See Section 6.1 of RFC 8266.

      An authenticator will never contain more than one credential for a given Relying Party under the same user handle.

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getName

      @NonNull public @NonNull String getName()
      A human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames.

      For example: "alexm", "alex.p.mueller@example.com" or "+14255551234".

      Specified by:
      getName in interface PublicKeyCredentialEntity
      See Also: