Package com.yubico.webauthn

Class StartAssertionOptions

java.lang.Object

com.yubico.webauthn.StartAssertionOptions

public final class StartAssertionOptions
extends Object

Parameters for RelyingParty.startAssertion(StartAssertionOptions).

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	StartAssertionOptions.StartAssertionOptionsBuilder

Method Summary

Modifier and Type	Method	Description
static StartAssertionOptions.StartAssertionOptionsBuilder	builder()
boolean	equals(Object o)
@NonNull AssertionExtensionInputs	getExtensions()	Extension inputs for this authentication operation.
List<String>	getHints()	Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.
Optional<Long>	getTimeout()	The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.
Optional<ByteArray>	getUserHandle()	The user handle of the user to authenticate, if the user has already been identified.
Optional<String>	getUsername()	The username of the user to authenticate, if the user has already been identified.
Optional<UserVerificationRequirement>	getUserVerification()	The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.
int	hashCode()
StartAssertionOptions.StartAssertionOptionsBuilder	toBuilder()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Details

getUsername

public Optional<String> getUsername()

The username of the user to authenticate, if the user has already been identified.

Mutually exclusive with getUserHandle().

If this or getUserHandle() is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and getUserHandle() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• Client-side-discoverable credential
• Passkey in passkeys.dev reference

getUserHandle

public Optional<ByteArray> getUserHandle()

The user handle of the user to authenticate, if the user has already been identified.

Mutually exclusive with getUsername().

If this or getUsername() is present, then RelyingParty.startAssertion(StartAssertionOptions) will set PublicKeyCredentialRequestOptions.getAllowCredentials() to the list of that user's credentials.

If this and getUsername() are both absent, that implies authentication with a discoverable credential (passkey) - meaning identification of the user is deferred until after receiving the response from the client.

The default is empty (absent).

See Also:

• getUsername()
• User Handle
• Client-side-discoverable credential
• Passkey in passkeys.dev reference

getUserVerification

public Optional<UserVerificationRequirement> getUserVerification()

The value for PublicKeyCredentialRequestOptions.getUserVerification() for this authentication operation.

If set to UserVerificationRequirement.REQUIRED, then RelyingParty.finishAssertion(FinishAssertionOptions) will enforce that user verificationwas performed in this authentication ceremony.

The default is UserVerificationRequirement.PREFERRED.

getTimeout

public Optional<Long> getTimeout()

The value for PublicKeyCredentialRequestOptions.getTimeout() for this authentication operation.

This library does not take the timeout into account in any way, other than passing it through to the PublicKeyCredentialRequestOptions so it can be used as an argument to navigator.credentials.get() on the client side.

The default is empty.

builder

public static StartAssertionOptions.StartAssertionOptionsBuilder builder()

toBuilder

public StartAssertionOptions.StartAssertionOptionsBuilder toBuilder()

getExtensions

@NonNull
public @NonNull AssertionExtensionInputs getExtensions()

Extension inputs for this authentication operation.

If RelyingParty.getAppId() is set, RelyingParty.startAssertion(StartAssertionOptions) will overwrite any appId extension input set herein.

The default specifies no extension inputs.

getHints

public List<String> getHints()

Zero or more hints, in descending order of preference, to guide the user agent in interacting with the user during this authentication operation.

For example, the PublicKeyCredentialHint.SECURITY_KEY hint may be used to ask the client to emphasize the option of authenticating with an external security key, or the PublicKeyCredentialHint.CLIENT_DEVICE hint may be used to ask the client to emphasize the option of authenticating a built-in passkey provider.

These hints are not requirements, and do not bind the user-agent, but may guide it in providing the best experience by using contextual information about the request.

Hints MAY contradict information contained in PublicKeyCredentialDescriptor.getTransports(). When this occurs, the hints take precedence.

This library does not take these hints into account in any way, other than passing them through to the PublicKeyCredentialRequestOptions so they can be used in the argument to navigator.credentials.get() on the client side.

The default is empty.

See Also:

• PublicKeyCredentialHint
• PublicKeyCredentialRequestOptions.getHints()
• StartAssertionOptions.StartAssertionOptionsBuilder.hints(List)
• StartAssertionOptions.StartAssertionOptionsBuilder.hints(String...)
• StartAssertionOptions.StartAssertionOptionsBuilder.hints(PublicKeyCredentialHint...)
• PublicKeyCredentialRequestOptions.hints
• §5.8.7. User-agent Hints Enumeration (enum PublicKeyCredentialHints)

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object