Package com.yubico.webauthn

Class FinishAssertionOptions.FinishAssertionOptionsBuilder

java.lang.Object

com.yubico.webauthn.FinishAssertionOptions.FinishAssertionOptionsBuilder

Enclosing class:

FinishAssertionOptions

public static class FinishAssertionOptions.FinishAssertionOptionsBuilder
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	FinishAssertionOptions.FinishAssertionOptionsBuilder.MandatoryStages

Method Summary

Modifier and Type	Method	Description
FinishAssertionOptions	build()
FinishAssertionOptions.FinishAssertionOptionsBuilder	callerTokenBindingId(@NonNull ByteArray callerTokenBindingId)	The token binding ID of the connection to the client, if any.
FinishAssertionOptions.FinishAssertionOptionsBuilder	callerTokenBindingId(@NonNull Optional<ByteArray> callerTokenBindingId)	The token binding ID of the connection to the client, if any.
FinishAssertionOptions.FinishAssertionOptionsBuilder	isSecurePaymentConfirmation(boolean isSecurePaymentConfirmation)	Deprecated. EXPERIMENTAL: This is an experimental feature.
FinishAssertionOptions.FinishAssertionOptionsBuilder	request(@NonNull AssertionRequest request)	The request that the response is a response to.
FinishAssertionOptions.FinishAssertionOptionsBuilder	response(@NonNull PublicKeyCredential<AuthenticatorAssertionResponse,ClientAssertionExtensionOutputs> response)	The client's response to the request.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

callerTokenBindingId

public FinishAssertionOptions.FinishAssertionOptionsBuilder callerTokenBindingId(@NonNull
 @NonNull Optional<ByteArray> callerTokenBindingId)

The token binding ID of the connection to the client, if any.

See Also:

• The Token Binding Protocol Version 1.0

callerTokenBindingId

public FinishAssertionOptions.FinishAssertionOptionsBuilder callerTokenBindingId(@NonNull
 @NonNull ByteArray callerTokenBindingId)

The token binding ID of the connection to the client, if any.

See Also:

• The Token Binding Protocol Version 1.0

request

public FinishAssertionOptions.FinishAssertionOptionsBuilder request(@NonNull
 @NonNull AssertionRequest request)

The request that the response is a response to.

Returns:

this.

response

public FinishAssertionOptions.FinishAssertionOptionsBuilder response(@NonNull
 @NonNull PublicKeyCredential<AuthenticatorAssertionResponse,ClientAssertionExtensionOutputs> response)

The client's response to the request.

Returns:

this.

See Also:

• navigator.credentials.get()

isSecurePaymentConfirmation

@Deprecated
public FinishAssertionOptions.FinishAssertionOptionsBuilder isSecurePaymentConfirmation(boolean isSecurePaymentConfirmation)

Deprecated.

EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.

EXPERIMENTAL FEATURE:

If set to false (the default), the "type" property in the collected client data of the assertion will be verified to equal "webauthn.get".

If set to true, it will instead be verified to equal "payment.get" .

NOTE: If you're using Secure Payment Confirmation (SPC), you likely also need to relax the origin validation logic. Right now this library only supports matching against a finite Set of acceptable origins. If necessary, your application may validate the origin externally (see PublicKeyCredential.getResponse(), AuthenticatorAssertionResponse.getClientData() and CollectedClientData.getOrigin()) and construct a new RelyingParty instance for each SPC response, setting the origins setting on that instance to contain the pre-validated origin value.

Better support for relaxing origin validation may be added as the feature matures.

Returns:

this.

See Also:

• Secure Payment Confirmation
• 5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)
• RelyingParty.RelyingPartyBuilder.origins(Set)
• CollectedClientData
• CollectedClientData.getOrigin()

build

public FinishAssertionOptions build()

toString

public String toString()

Overrides:

toString in class Object