Package com.yubico.webauthn

Interface CredentialRepositoryV2<C extends CredentialRecord>

@Deprecated public interface CredentialRepositoryV2<C extends CredentialRecord>
Deprecated.
EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.
An abstraction of database lookups needed by this library.

This is used by RelyingPartyV2 to look up credentials and credential IDs.

Unlike CredentialRepository, this interface does not require support for usernames.

  • Method Details

    • getCredentialDescriptorsForUserHandle

      @Deprecated Set<? extends ToPublicKeyCredentialDescriptor> getCredentialDescriptorsForUserHandle(ByteArray userHandle)
      Deprecated.
      EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.
      Get the credential IDs of all credentials registered to the user with the given user handle.

      After a successful registration ceremony, the RegistrationResult.getKeyId() method returns a value suitable for inclusion in this set.

      Note that the CredentialRecord interface extends from the expected ToPublicKeyCredentialDescriptor return type, so this method MAY return a Set of the same item type as the value returned by the lookup(ByteArray, ByteArray) method.

      Implementations MUST NOT return null. The returned Set MUST NOT contain null.

      Returns:
      a Set containing one PublicKeyCredentialDescriptor (or value that implements ToPublicKeyCredentialDescriptor, for example CredentialRecord) for each credential registered to the given user. The set MUST NOT be null, but MAY be empty if the user does not exist or has no credentials.
      See Also:

    • lookup

      @Deprecated Optional<C> lookup(ByteArray credentialId, ByteArray userHandle)
      Deprecated.
      EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.
      Look up the public key, backup flags and current signature count for the given credential registered to the given user.

      The returned CredentialRecord is not expected to be long-lived. It may be read directly from a database or assembled from other components.

      Returns:
      a CredentialRecord describing the current state of the registered credential with credential ID credentialId, if any. If the credential does not exist or is registered to a different user handle than userHandle, return Optional.empty().

    • credentialIdExists

      @Deprecated boolean credentialIdExists(ByteArray credentialId)
      Deprecated.
      EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.
      Check whether any credential exists with the given credential ID, regardless of what user it is registered to.

      This is used to refuse registration of duplicate credential IDs.

      Returns:
      true if and only if the credential database contains at least one credential with the given credential ID.