Package com.yubico.webauthn

Class RegisteredCredential

java.lang.Object

com.yubico.webauthn.RegisteredCredential

public final class RegisteredCredential
extends Object

An abstraction of a credential registered to a particular user.

Instances of this class are not expected to be long-lived, and the library only needs to read them, never write them. You may at your discretion store them directly in your database, or assemble them from other components.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	RegisteredCredential.RegisteredCredentialBuilder

Method Summary

Modifier and Type	Method	Description
static RegisteredCredential.RegisteredCredentialBuilder.MandatoryStages	builder()
boolean	equals(Object o)
@NonNull ByteArray	getCredentialId()	The credential ID of the credential.
@NonNull ByteArray	getPublicKeyCose()	The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152.
long	getSignatureCount()	The stored signature count of the credential.
@NonNull ByteArray	getUserHandle()	The user handle of the user the credential is registered to.
int	hashCode()
Optional<Boolean>	isBackedUp()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
Optional<Boolean>	isBackupEligible()	Deprecated. EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.
RegisteredCredential.RegisteredCredentialBuilder	toBuilder()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

isBackupEligible

@Deprecated
public Optional<Boolean> isBackupEligible()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The state of the BE flag when this credential was registered, if known.

If absent, it is not known whether or not this credential is backup eligible.

If present and true, the credential is backup eligible: it can be backed up in some way, most commonly by syncing the private key to a cloud account.

If present and false, the credential is not backup eligible: it cannot be backed up in any way.

CredentialRepository implementations SHOULD set this to the first known value returned by RegistrationResult.isBackupEligible() or AssertionResult.isBackupEligible(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

isBackedUp

@Deprecated
public Optional<Boolean> isBackedUp()

Deprecated.

EXPERIMENTAL: This feature is from a not yet mature standard; it could change as the standard matures.

The last known state of the BS flag for this credential, if known.

If absent, the backup state of the credential is not known.

If present and true, the credential is believed to be currently backed up.

If present and false, the credential is believed to not be currently backed up.

CredentialRepository implementations SHOULD set this to the most recent value returned by AssertionResult.isBackedUp() or RegistrationResult.isBackedUp(), if known. If unknown, CredentialRepository implementations SHOULD set this to null or not set this value.

builder

public static RegisteredCredential.RegisteredCredentialBuilder.MandatoryStages builder()

toBuilder

public RegisteredCredential.RegisteredCredentialBuilder toBuilder()

getCredentialId

@NonNull
public @NonNull ByteArray getCredentialId()

The credential ID of the credential.

See Also:

• Credential ID
• RegistrationResult.getKeyId()
• PublicKeyCredentialDescriptor.getId()

getUserHandle

@NonNull
public @NonNull ByteArray getUserHandle()

The user handle of the user the credential is registered to.

See Also:

• User Handle
• UserIdentity.getId()

getPublicKeyCose

@NonNull
public @NonNull ByteArray getPublicKeyCose()

The credential public key encoded in COSE_Key format, as defined in Section 7 of RFC 8152.

This is used to verify the signature in authentication assertions.

See Also:

• AttestedCredentialData.getCredentialPublicKey()
• RegistrationResult.getPublicKeyCose()

getSignatureCount

public long getSignatureCount()

The stored signature count of the credential.

This is used to validate the signature counter in authentication assertions.

See Also:

• §6.1. Authenticator Data
• AuthenticatorData.getSignatureCounter()
• AssertionResult.getSignatureCount()

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object