Package com.yubico.webauthn

Class FinishAssertionOptions

java.lang.Object

com.yubico.webauthn.FinishAssertionOptions

public final class FinishAssertionOptions
extends Object

Parameters for RelyingParty.finishAssertion(FinishAssertionOptions).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	FinishAssertionOptions.FinishAssertionOptionsBuilder

Method Summary

Modifier and Type	Method	Description
static FinishAssertionOptions.FinishAssertionOptionsBuilder.MandatoryStages	builder()
boolean	equals(Object o)
Optional<ByteArray>	getCallerTokenBindingId()	The token binding ID of the connection to the client, if any.
@NonNull AssertionRequest	getRequest()	The request that the response is a response to.
@NonNull PublicKeyCredential<AuthenticatorAssertionResponse,ClientAssertionExtensionOutputs>	getResponse()	The client's response to the request.
int	hashCode()
boolean	isSecurePaymentConfirmation()	Deprecated. EXPERIMENTAL: This is an experimental feature.
FinishAssertionOptions.FinishAssertionOptionsBuilder	toBuilder()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getCallerTokenBindingId

public Optional<ByteArray> getCallerTokenBindingId()

The token binding ID of the connection to the client, if any.

See Also:

• The Token Binding Protocol Version 1.0

builder

public static FinishAssertionOptions.FinishAssertionOptionsBuilder.MandatoryStages builder()

toBuilder

public FinishAssertionOptions.FinishAssertionOptionsBuilder toBuilder()

getRequest

@NonNull
public @NonNull AssertionRequest getRequest()

The request that the response is a response to.

getResponse

@NonNull
public @NonNull PublicKeyCredential<AuthenticatorAssertionResponse,ClientAssertionExtensionOutputs> getResponse()

The client's response to the request.

See Also:

• navigator.credentials.get()

isSecurePaymentConfirmation

@Deprecated
public boolean isSecurePaymentConfirmation()

Deprecated.

EXPERIMENTAL: This is an experimental feature. It is likely to change or be deleted before reaching a mature release.

EXPERIMENTAL FEATURE:

If set to false (the default), the "type" property in the collected client data of the assertion will be verified to equal "webauthn.get".

If set to true, it will instead be verified to equal "payment.get" .

NOTE: If you're using Secure Payment Confirmation (SPC), you likely also need to relax the origin validation logic. Right now this library only supports matching against a finite Set of acceptable origins. If necessary, your application may validate the origin externally (see PublicKeyCredential.getResponse(), AuthenticatorAssertionResponse.getClientData() and CollectedClientData.getOrigin()) and construct a new RelyingParty instance for each SPC response, setting the origins setting on that instance to contain the pre-validated origin value.

Better support for relaxing origin validation may be added as the feature matures.

See Also:

• Secure Payment Confirmation
• 5.8.1. Client Data Used in WebAuthn Signatures (dictionary CollectedClientData)
• RelyingParty.RelyingPartyBuilder.origins(Set)
• CollectedClientData
• CollectedClientData.getOrigin()

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object