Package com.yubico.webauthn

Class StartAssertionOptions.StartAssertionOptionsBuilder

java.lang.Object

com.yubico.webauthn.StartAssertionOptions.StartAssertionOptionsBuilder

Enclosing class:

StartAssertionOptions

public static class StartAssertionOptions.StartAssertionOptionsBuilder
extends Object

Method Summary

Modifier and Type	Method	Description
StartAssertionOptions	build()
StartAssertionOptions.StartAssertionOptionsBuilder	extensions(@NonNull AssertionExtensionInputs extensions)	Extension inputs for this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	hints(@NonNull PublicKeyCredentialHint... hints)	Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	hints(@NonNull String... hints)	Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	hints(@NonNull List<String> hints)	Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	timeout(long timeout)	The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	timeout(@NonNull Optional<Long> timeout)	The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.
String	toString()
StartAssertionOptions.StartAssertionOptionsBuilder	userHandle(@NonNull Optional<ByteArray> userHandle)	The user handle of the user to authenticate, if the user has already been identified.
StartAssertionOptions.StartAssertionOptionsBuilder	userHandle(ByteArray userHandle)	The user handle of the user to authenticate, if the user has already been identified.
StartAssertionOptions.StartAssertionOptionsBuilder	username(@NonNull Optional<String> username)	The username of the user to authenticate, if the user has already been identified.
StartAssertionOptions.StartAssertionOptionsBuilder	username(String username)	The username of the user to authenticate, if the user has already been identified.
StartAssertionOptions.StartAssertionOptionsBuilder	userVerification(@NonNull Optional<UserVerificationRequirement> userVerification)	The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.
StartAssertionOptions.StartAssertionOptionsBuilder	userVerification(UserVerificationRequirement userVerification)	The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Details

username

public StartAssertionOptions.StartAssertionOptionsBuilder username(@NonNull
 @NonNull Optional<String> username)

The username of the user to authenticate, if the user has already been identified.

Mutually exclusive with userHandle(Optional). Setting this to a present value will set userHandle(Optional) to empty.

If this or userHandle(Optional) is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and StartAssertionOptions.getUserHandle() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• username(String)
• userHandle(Optional)
• userHandle(ByteArray)
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

username

public StartAssertionOptions.StartAssertionOptionsBuilder username(String username)

The username of the user to authenticate, if the user has already been identified.

Mutually exclusive with userHandle(Optional). Setting this to a non-null value will set userHandle(Optional) to empty.

If this or userHandle(Optional) is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and StartAssertionOptions.getUserHandle() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• username(Optional)
• userHandle(Optional)
• userHandle(ByteArray)
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

userHandle

public StartAssertionOptions.StartAssertionOptionsBuilder userHandle(@NonNull
 @NonNull Optional<ByteArray> userHandle)

The user handle of the user to authenticate, if the user has already been identified.

Mutually exclusive with username(Optional). Setting this to a present value will set username(Optional) to empty.

If this or username(Optional) is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and StartAssertionOptions.getUsername() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• username(String)
• username(Optional)
• userHandle(ByteArray)
• User Handle
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

userHandle

public StartAssertionOptions.StartAssertionOptionsBuilder userHandle(ByteArray userHandle)

The user handle of the user to authenticate, if the user has already been identified.

Mutually exclusive with username(Optional). Setting this to a non-null value will set username(Optional) to empty.

If this or username(Optional) is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and StartAssertionOptions.getUsername() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• username(String)
• username(Optional)
• userHandle(Optional)
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

userVerification

public StartAssertionOptions.StartAssertionOptionsBuilder userVerification(@NonNull
 @NonNull Optional<UserVerificationRequirement> userVerification)

The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.

If set to UserVerificationRequirement.REQUIRED, then RelyingParty.finishAssertion(FinishAssertionOptions) will enforce that user verificationwas performed in this authentication ceremony.

The default is UserVerificationRequirement.PREFERRED.

userVerification

public StartAssertionOptions.StartAssertionOptionsBuilder userVerification(UserVerificationRequirement userVerification)

The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.

If set to UserVerificationRequirement.REQUIRED, then RelyingParty.finishAssertion(FinishAssertionOptions) will enforce that user verificationwas performed in this authentication ceremony.

The default is UserVerificationRequirement.PREFERRED.

timeout

public StartAssertionOptions.StartAssertionOptionsBuilder timeout(@NonNull
 @NonNull Optional<Long> timeout)

The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.

This library does not take the timeout into account in any way, other than passing it through to the PublicKeyCredentialRequestOptions so it can be used as an argument to navigator.credentials.get() on the client side.

The default is empty.

timeout

public StartAssertionOptions.StartAssertionOptionsBuilder timeout(long timeout)

The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.

This library does not take the timeout into account in any way, other than passing it through to the PublicKeyCredentialRequestOptions so it can be used as an argument to navigator.credentials.get() on the client side.

The default is empty.

hints

public StartAssertionOptions.StartAssertionOptionsBuilder hints(@NonNull
 @NonNull String... hints)

Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.

Setting this property multiple times overwrites any value set previously.

For example, the PublicKeyCredentialHint.SECURITY_KEY hint may be used to ask the client to emphasize the option of authenticating with an external security key, or the PublicKeyCredentialHint.CLIENT_DEVICE hint may be used to ask the client to emphasize the option of authenticating a built-in passkey provider.

These hints are not requirements, and do not bind the user-agent, but may guide it in providing the best experience by using contextual information about the request.

Hints MAY contradict information contained in PublicKeyCredentialDescriptor.getTransports(). When this occurs, the hints take precedence.

This library does not take these hints into account in any way, other than passing them through to the PublicKeyCredentialRequestOptions so they can be used in the argument to navigator.credentials.get() on the client side.

The default is empty.

See Also:

• PublicKeyCredentialHint
• PublicKeyCredentialRequestOptions.getHints()
• StartAssertionOptions.getHints()
• hints(List)
• hints(PublicKeyCredentialHint...)
• PublicKeyCredentialRequestOptions.hints
• §5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)

hints

public StartAssertionOptions.StartAssertionOptionsBuilder hints(@NonNull
 @NonNull PublicKeyCredentialHint... hints)

Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.

Setting this property multiple times overwrites any value set previously.

For example, the PublicKeyCredentialHint.SECURITY_KEY hint may be used to ask the client to emphasize the option of authenticating with an external security key, or the PublicKeyCredentialHint.CLIENT_DEVICE hint may be used to ask the client to emphasize the option of authenticating a built-in passkey provider.

These hints are not requirements, and do not bind the user-agent, but may guide it in providing the best experience by using contextual information about the request.

Hints MAY contradict information contained in PublicKeyCredentialDescriptor.getTransports(). When this occurs, the hints take precedence.

This library does not take these hints into account in any way, other than passing them through to the PublicKeyCredentialRequestOptions so they can be used in the argument to navigator.credentials.get() on the client side.

The default is empty.

See Also:

• PublicKeyCredentialHint
• PublicKeyCredentialRequestOptions.getHints()
• StartAssertionOptions.getHints()
• hints(List)
• hints(String...)
• PublicKeyCredentialRequestOptions.hints
• §5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)

hints

public StartAssertionOptions.StartAssertionOptionsBuilder hints(@NonNull
 @NonNull List<String> hints)

Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.

Setting this property multiple times overwrites any value set previously.

For example, the PublicKeyCredentialHint.SECURITY_KEY hint may be used to ask the client to emphasize the option of authenticating with an external security key, or the PublicKeyCredentialHint.CLIENT_DEVICE hint may be used to ask the client to emphasize the option of authenticating a built-in passkey provider.

These hints are not requirements, and do not bind the user-agent, but may guide it in providing the best experience by using contextual information about the request.

Hints MAY contradict information contained in PublicKeyCredentialDescriptor.getTransports(). When this occurs, the hints take precedence.

This library does not take these hints into account in any way, other than passing them through to the PublicKeyCredentialRequestOptions so they can be used in the argument to navigator.credentials.get() on the client side.

The default is empty.

See Also:

• PublicKeyCredentialHint
• PublicKeyCredentialRequestOptions.getHints()
• StartAssertionOptions.getHints()
• hints(String...)
• hints(PublicKeyCredentialHint...)
• PublicKeyCredentialRequestOptions.hints
• §5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)

extensions

public StartAssertionOptions.StartAssertionOptionsBuilder extensions(@NonNull
 @NonNull AssertionExtensionInputs extensions)

Extension inputs for this authentication operation.

If RelyingParty.getAppId() is set, RelyingParty.startAssertion(StartAssertionOptions) will overwrite any appId extension input set herein.

The default specifies no extension inputs.

Returns:

this.

build

public StartAssertionOptions build()

toString

public String toString()

Overrides:

toString in class Object