fido2.ctap2
Submodules
Exceptions
Common base class for all non-exit exceptions. |
Classes
Implementation of the CTAP2 specification. |
|
Binary CBOR encoded response data returned by the CTAP2 GET_INFO command. |
|
Binary CBOR encoded attestation object. |
|
Binary CBOR encoded assertion response. |
|
Implementation of the CTAP2 Client PIN API. |
|
Implementation of the CTAP2 PIN/UV protocol v1. |
|
Implementation of the CTAP2 PIN/UV protocol v2. |
|
Implementation of a draft specification of the Credential Management API. |
|
Implementation of a draft specification of the bio enrollment API. |
|
Implementation of the CTAP2.1 Large Blobs API. |
|
Implementation of the CTAP2.1 Authenticator Config API. |
Package Contents
- class fido2.ctap2.Ctap2(device, strict_cbor=True)[source]
Implementation of the CTAP2 specification.
- Parameters:
device (fido2.ctap.CtapDevice) – A CtapHidDevice handle supporting CTAP2.
strict_cbor (bool) – Validate that CBOR returned from the Authenticator is canonical, defaults to True.
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- MAKE_CREDENTIAL = 1
- GET_ASSERTION = 2
- GET_INFO = 4
- CLIENT_PIN = 6
- RESET = 7
- GET_NEXT_ASSERTION = 8
- BIO_ENROLLMENT = 9
- CREDENTIAL_MGMT = 10
- SELECTION = 11
- LARGE_BLOBS = 12
- CONFIG = 13
- BIO_ENROLLMENT_PRE = 64
- CREDENTIAL_MGMT_PRE = 65
- device
- property info: Info
Get a cached Info object which can be used to determine capabilities.
- Return type:
- Returns:
The response of calling GetAuthenticatorInfo.
- send_cbor(cmd, data=None, *, event=None, on_keepalive=None)[source]
Sends a CBOR message to the device, and waits for a response.
- Parameters:
cmd (int) – The command byte of the request.
data (Optional[Mapping[int, Any]]) – The payload to send (to be CBOR encoded).
event (Optional[threading.Event]) – Optional threading.Event used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional function called when keep-alive is sent by the authenticator.
- Return type:
Mapping[int, Any]
- get_info()[source]
CTAP2 getInfo command.
- Returns:
Information about the authenticator.
- Return type:
- client_pin(pin_uv_protocol, sub_cmd, key_agreement=None, pin_uv_param=None, new_pin_enc=None, pin_hash_enc=None, permissions=None, permissions_rpid=None, *, event=None, on_keepalive=None)[source]
CTAP2 clientPin command, used for various PIN operations.
This method is not intended to be called directly. It is intended to be used by an instance of the PinProtocolV1 class.
- Parameters:
pin_uv_protocol (int) – The PIN/UV protocol version to use.
sub_cmd (int) – A clientPin sub command.
key_agreement (Optional[Mapping[int, Any]]) – The keyAgreement parameter.
pin_uv_param (Optional[bytes]) – The pinAuth parameter.
new_pin_enc (Optional[bytes]) – The newPinEnc parameter.
pin_hash_enc (Optional[bytes]) – The pinHashEnc parameter.
permissions (Optional[int]) – The permissions parameter.
permissions_rpid (Optional[str]) – The permissions RPID parameter.
event (Optional[threading.Event]) – Optional threading.Event used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional callback function to handle keep-alive messages from the authenticator.
- Returns:
The response of the command, decoded.
- Return type:
Mapping[int, Any]
- reset(*, event=None, on_keepalive=None)[source]
CTAP2 reset command, erases all credentials and PIN.
- Parameters:
event (Optional[threading.Event]) – Optional threading.Event object used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional callback function to handle keep-alive messages from the authenticator.
- Return type:
None
- make_credential(client_data_hash, rp, user, key_params, exclude_list=None, extensions=None, options=None, pin_uv_param=None, pin_uv_protocol=None, enterprise_attestation=None, *, event=None, on_keepalive=None)[source]
CTAP2 makeCredential operation.
- Parameters:
client_data_hash (bytes) – SHA256 hash of the ClientData.
rp (Mapping[str, Any]) – PublicKeyCredentialRpEntity parameters.
user (Mapping[str, Any]) – PublicKeyCredentialUserEntity parameters.
key_params (List[Mapping[str, Any]]) – List of acceptable credential types.
exclude_list (Optional[List[Mapping[str, Any]]]) – Optional list of PublicKeyCredentialDescriptors.
extensions (Optional[Mapping[str, Any]]) – Optional dict of extensions.
options (Optional[Mapping[str, Any]]) – Optional dict of options.
pin_uv_param (Optional[bytes]) – Optional PIN/UV auth parameter.
pin_uv_protocol (Optional[int]) – The version of PIN/UV protocol used, if any.
enterprise_attestation (Optional[int]) – Whether or not to request Enterprise Attestation.
event (Optional[threading.Event]) – Optional threading.Event used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional callback function to handle keep-alive messages from the authenticator.
- Returns:
The new credential.
- Return type:
- get_assertion(rp_id, client_data_hash, allow_list=None, extensions=None, options=None, pin_uv_param=None, pin_uv_protocol=None, *, event=None, on_keepalive=None)[source]
CTAP2 getAssertion command.
- Parameters:
rp_id (str) – The RP ID of the credential.
client_data_hash (bytes) – SHA256 hash of the ClientData used.
allow_list (Optional[List[Mapping[str, Any]]]) – Optional list of PublicKeyCredentialDescriptors.
extensions (Optional[Mapping[str, Any]]) – Optional dict of extensions.
options (Optional[Mapping[str, Any]]) – Optional dict of options.
pin_uv_param (Optional[bytes]) – Optional PIN/UV auth parameter.
pin_uv_protocol (Optional[int]) – The version of PIN/UV protocol used, if any.
event (Optional[threading.Event]) – Optional threading.Event used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional callback function to handle keep-alive messages from the authenticator.
- Returns:
The new assertion.
- Return type:
- get_next_assertion()[source]
CTAP2 getNextAssertion command.
- Returns:
The next available assertion response.
- Return type:
- get_assertions(*args, **kwargs)[source]
Convenience method to get list of assertions.
See get_assertion and get_next_assertion for details.
- Return type:
List[AssertionResponse]
- credential_mgmt(sub_cmd, sub_cmd_params=None, pin_uv_protocol=None, pin_uv_param=None)[source]
CTAP2 credentialManagement command, used to manage resident credentials.
NOTE: This implements the current draft version of the CTAP2 specification and should be considered highly experimental.
This method is not intended to be called directly. It is intended to be used by an instance of the CredentialManagement class.
- bio_enrollment(modality=None, sub_cmd=None, sub_cmd_params=None, pin_uv_protocol=None, pin_uv_param=None, get_modality=None, *, event=None, on_keepalive=None)[source]
CTAP2 bio enrollment command. Used to provision/enumerate/delete bio enrollments in the authenticator.
NOTE: This implements the current draft version of the CTAP2 specification and should be considered highly experimental.
This method is not intended to be called directly. It is intended to be used by an instance of the BioEnrollment class.
- Parameters:
modality (Optional[int]) – The user verification modality being used.
sub_cmd (Optional[int]) – A BioEnrollment sub command.
sub_cmd_params (Optional[Mapping[int, Any]]) – Sub command specific parameters.
pin_uv_protocol (Optional[int]) – PIN/UV protocol version used.
pin_uv_param (Optional[bytes]) – PIN/UV auth param.
get_modality (Optional[bool]) – Get the user verification type modality.
event (Optional[threading.Event])
on_keepalive (Optional[Callable[[int], None]])
- Return type:
Mapping[int, Any]
- selection(*, event=None, on_keepalive=None)[source]
CTAP2 authenticator selection command.
This command allows the platform to let a user select a certain authenticator by asking for user presence.
- Parameters:
event (Optional[threading.Event]) – Optional threading.Event used to cancel the request.
on_keepalive (Optional[Callable[[int], None]]) – Optional callback function to handle keep-alive messages from the authenticator.
- Return type:
None
- large_blobs(offset, get=None, set=None, length=None, pin_uv_param=None, pin_uv_protocol=None)[source]
CTAP2 authenticator large blobs command.
This command is used to read and write the large blob array.
This method is not intended to be called directly. It is intended to be used by an instance of the LargeBlobs class.
- Parameters:
offset (int) – The offset of where to start reading/writing data.
get (Optional[int]) – Optional (max) length of data to read.
set (Optional[bytes]) – Optional data to write.
length (Optional[int]) – Length of the payload in set.
pin_uv_protocol (Optional[int]) – PIN/UV protocol version used.
pin_uv_param (Optional[bytes]) – PIN/UV auth param.
- Return type:
Mapping[int, Any]
- config(sub_cmd, sub_cmd_params=None, pin_uv_protocol=None, pin_uv_param=None)[source]
CTAP2 authenticator config command.
This command is used to configure various authenticator features through the use of its subcommands.
This method is not intended to be called directly. It is intended to be used by an instance of the Config class.
- class fido2.ctap2.Info[source]
Bases:
_CborDataObjectBinary CBOR encoded response data returned by the CTAP2 GET_INFO command.
- Parameters:
_ – The binary content of the Info data.
- Variables:
versions – The versions supported by the authenticator.
extensions – The extensions supported by the authenticator.
aaguid – The AAGUID of the authenticator.
options – The options supported by the authenticator.
max_msg_size – The max message size supported by the authenticator.
pin_uv_protocols – The PIN/UV protocol versions supported by the authenticator.
max_creds_in_list – Max number of credentials supported in list at a time.
max_cred_id_length – Max length of Credential ID supported.
transports – List of supported transports.
algorithms – List of supported algorithms for credential creation.
data – The Info members, in the form of a dict.
- aaguid: fido2.webauthn.Aaguid
- class fido2.ctap2.AttestationResponse[source]
Bases:
_CborDataObjectBinary CBOR encoded attestation object.
- Parameters:
_ (bytes) – The binary representation of the attestation object.
- Variables:
fmt – The type of attestation used.
auth_data – The attested authenticator data.
att_stmt – The attestation statement.
- auth_data: fido2.webauthn.AuthenticatorData
- class fido2.ctap2.AssertionResponse[source]
Bases:
_CborDataObjectBinary CBOR encoded assertion response.
- Parameters:
_ – The binary representation of the assertion response.
- Variables:
credential – The credential used for the assertion.
auth_data – The authenticator data part of the response.
signature – The digital signature of the assertion.
user – The user data of the credential.
number_of_credentials – The total number of responses available (only set for the first response, if > 1).
- auth_data: fido2.webauthn.AuthenticatorData
- verify(client_param, public_key)[source]
Verify the digital signature of the response with regard to the client_param, using the given public key.
- Parameters:
client_param (bytes) – SHA256 hash of the ClientData used for the request.
public_key (fido2.cose.CoseKey) – The public key of the credential, to verify.
- class fido2.ctap2.ClientPin(ctap, protocol=None)[source]
Implementation of the CTAP2 Client PIN API.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
protocol (Optional[PinProtocol]) – An optional instance of a PinUvAuthProtocol object. If None is provided then the latest protocol supported by both library and Authenticator will be used.
- PROTOCOLS
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- GET_PIN_RETRIES = 1
- GET_KEY_AGREEMENT = 2
- SET_PIN = 3
- CHANGE_PIN = 4
- GET_TOKEN_USING_PIN_LEGACY = 5
- GET_TOKEN_USING_UV = 6
- GET_UV_RETRIES = 7
- GET_TOKEN_USING_PIN = 9
- class RESULT[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- KEY_AGREEMENT = 1
- PIN_UV_TOKEN = 2
- PIN_RETRIES = 3
- POWER_CYCLE_STATE = 4
- UV_RETRIES = 5
- class PERMISSION[source]
Bases:
enum.IntFlagSupport for integer-based Flags
- MAKE_CREDENTIAL = 1
- GET_ASSERTION = 2
- CREDENTIAL_MGMT = 4
- BIO_ENROLL = 8
- LARGE_BLOB_WRITE = 16
- AUTHENTICATOR_CFG = 32
- static is_supported(info)[source]
Checks if ClientPin functionality is supported.
Note that the ClientPin function is still usable without support for client PIN functionality, as UV token may still be supported.
- ctap
- get_pin_token(pin, permissions=None, permissions_rpid=None)[source]
Get a PIN/UV token from the authenticator using PIN.
- get_uv_token(permissions=None, permissions_rpid=None, event=None, on_keepalive=None)[source]
Get a PIN/UV token from the authenticator using built-in UV.
- Parameters:
permissions (Optional[ClientPin]) – The permissions to associate with the token.
permissions_rpid (Optional[str]) – The permissions RPID to associate with the token.
event (Optional[threading.Event]) – An optional threading.Event which can be used to cancel the invocation.
on_keepalive (Optional[Callable[[int], None]]) – An optional callback to handle keep-alive messages from the authenticator. The function is only called once for consecutive keep-alive messages with the same status.
- Returns:
A PIN/UV token.
- Return type:
- get_pin_retries()[source]
Get the number of PIN retries remaining.
- Returns:
A tuple of the number of PIN attempts remaining until the
- Return type:
authenticator is locked, and the power cycle state, if available.
- get_uv_retries()[source]
Get the number of UV retries remaining.
- Returns:
A tuple of the number of UV attempts remaining until the
- Return type:
authenticator is locked, and the power cycle state, if available.
- class fido2.ctap2.PinProtocolV1[source]
Bases:
PinProtocolImplementation of the CTAP2 PIN/UV protocol v1.
- Parameters:
ctap – An instance of a CTAP2 object.
- Variables:
VERSION – The version number of the PIV/UV protocol.
IV – An all-zero IV used for some cryptographic operations.
- VERSION = 1
- IV
- class fido2.ctap2.PinProtocolV2[source]
Bases:
PinProtocolV1Implementation of the CTAP2 PIN/UV protocol v2.
- Parameters:
ctap – An instance of a CTAP2 object.
- Variables:
VERSION – The version number of the PIV/UV protocol.
IV – An all-zero IV used for some cryptographic operations.
- VERSION = 2
- HKDF_SALT
- HKDF_INFO_HMAC = b'CTAP2 HMAC key'
- HKDF_INFO_AES = b'CTAP2 AES key'
- class fido2.ctap2.CredentialManagement(ctap, pin_uv_protocol, pin_uv_token)[source]
Implementation of a draft specification of the Credential Management API. WARNING: This specification is not final and this class is likely to change.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
pin_uv_protocol (fido2.ctap2.pin.PinProtocol) – An instance of a PinUvAuthProtocol.
pin_uv_token (bytes) – A valid PIN/UV Auth Token for the current CTAP session.
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- GET_CREDS_METADATA = 1
- ENUMERATE_RPS_BEGIN = 2
- ENUMERATE_RPS_NEXT = 3
- ENUMERATE_CREDS_BEGIN = 4
- ENUMERATE_CREDS_NEXT = 5
- DELETE_CREDENTIAL = 6
- UPDATE_USER_INFO = 7
- class PARAM[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- RP_ID_HASH = 1
- CREDENTIAL_ID = 2
- USER = 3
- class RESULT[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- EXISTING_CRED_COUNT = 1
- MAX_REMAINING_COUNT = 2
- RP = 3
- RP_ID_HASH = 4
- TOTAL_RPS = 5
- USER = 6
- CREDENTIAL_ID = 7
- PUBLIC_KEY = 8
- TOTAL_CREDENTIALS = 9
- CRED_PROTECT = 10
- LARGE_BLOB_KEY = 11
- static is_supported(info)[source]
- Parameters:
info (fido2.ctap2.base.Info)
- Return type:
- static is_update_supported(info)[source]
- Parameters:
info (fido2.ctap2.base.Info)
- Return type:
- ctap
- pin_uv
- get_metadata()[source]
Get credentials metadata.
This returns the existing resident credentials count, and the max possible number of remaining resident credentials (the actual number of remaining credentials may depend on algorithm choice, etc).
- Returns:
A dict containing EXISTING_CRED_COUNT, and MAX_REMAINING_COUNT.
- Return type:
Mapping[int, Any]
- enumerate_rps_begin()[source]
Start enumeration of RP entities of resident credentials.
This will begin enumeration of stored RP entities, returning the first entity, as well as a count of the total number of entities stored.
- Returns:
A dict containing RP, RP_ID_HASH, and TOTAL_RPS.
- Return type:
Mapping[int, Any]
- enumerate_rps_next()[source]
Get the next RP entity stored.
This continues enumeration of stored RP entities, returning the next entity.
- Returns:
A dict containing RP, and RP_ID_HASH.
- Return type:
Mapping[int, Any]
- enumerate_rps()[source]
Convenience method to enumerate all RPs.
See enumerate_rps_begin and enumerate_rps_next for details.
- Return type:
Sequence[Mapping[int, Any]]
- enumerate_creds_begin(rp_id_hash)[source]
Start enumeration of resident credentials.
This will begin enumeration of resident credentials for a given RP, returning the first credential, as well as a count of the total number of resident credentials stored for the given RP.
- enumerate_creds_next()[source]
Get the next resident credential stored.
This continues enumeration of resident credentials, returning the next credential.
- Returns:
A dict containing USER, CREDENTIAL_ID, and PUBLIC_KEY.
- Return type:
Mapping[int, Any]
- enumerate_creds(*args, **kwargs)[source]
Convenience method to enumerate all resident credentials for an RP.
See enumerate_creds_begin and enumerate_creds_next for details.
- Return type:
Sequence[Mapping[int, Any]]
- delete_cred(cred_id)[source]
Delete a resident credential.
- Parameters:
cred_id (fido2.webauthn.PublicKeyCredentialDescriptor) – The PublicKeyCredentialDescriptor of the credential to delete.
- Return type:
None
- update_user_info(cred_id, user_info)[source]
Update the user entity of a resident key.
- Parameters:
cred_id (fido2.webauthn.PublicKeyCredentialDescriptor) – The PublicKeyCredentialDescriptor of the credential to update.
user_info (fido2.webauthn.PublicKeyCredentialUserEntity) – The user info update.
- Return type:
None
- class fido2.ctap2.FPBioEnrollment(ctap, pin_uv_protocol, pin_uv_token)[source]
Bases:
BioEnrollmentImplementation of a draft specification of the bio enrollment API. WARNING: This specification is not final and this class is likely to change.
NOTE: The get_fingerprint_sensor_info method does not require authentication, and can be used by setting pin_uv_protocol and pin_uv_token to None.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
pin_uv_protocol (fido2.ctap2.pin.PinProtocol) – The PIN/UV protocol version used.
pin_uv_token (bytes) – A valid PIN/UV Auth Token for the current CTAP session.
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- ENROLL_BEGIN = 1
- ENROLL_CAPTURE_NEXT = 2
- ENROLL_CANCEL = 3
- ENUMERATE_ENROLLMENTS = 4
- SET_NAME = 5
- REMOVE_ENROLLMENT = 6
- GET_SENSOR_INFO = 7
- class PARAM[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- TEMPLATE_ID = 1
- TEMPLATE_NAME = 2
- TIMEOUT_MS = 3
- class FEEDBACK[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- FP_GOOD = 0
- FP_TOO_HIGH = 1
- FP_TOO_LOW = 2
- FP_TOO_LEFT = 3
- FP_TOO_RIGHT = 4
- FP_TOO_FAST = 5
- FP_TOO_SLOW = 6
- FP_POOR_QUALITY = 7
- FP_TOO_SKEWED = 8
- FP_TOO_SHORT = 9
- FP_MERGE_FAILURE = 10
- FP_EXISTS = 11
- FP_DATABASE_FULL = 12
- NO_USER_ACTIVITY = 13
- NO_UP_TRANSITION = 14
- pin_uv_protocol
- pin_uv_token
- get_fingerprint_sensor_info()[source]
Get fingerprint sensor info.
- Returns:
A dict containing FINGERPRINT_KIND and MAX_SAMPLES_REQUIRES.
- Return type:
Mapping[int, Any]
- enroll_begin(timeout=None, event=None, on_keepalive=None)[source]
Start fingerprint enrollment.
Starts the process of enrolling a new fingerprint, and will wait for the user to scan their fingerprint once to provide an initial sample.
- Parameters:
timeout (Optional[int]) – Optional timeout in milliseconds.
event (Optional[threading.Event])
on_keepalive (Optional[Callable[[int], None]])
- Returns:
A tuple containing the new template ID, the sample status, and the number of samples remaining to complete the enrollment.
- Return type:
Tuple[bytes, FPBioEnrollment, int]
- enroll_capture_next(template_id, timeout=None, event=None, on_keepalive=None)[source]
Continue fingerprint enrollment.
Continues enrolling a new fingerprint and will wait for the user to scan their fingerpring once to provide a new sample. Once the number of samples remaining is 0, the enrollment is completed.
- Parameters:
template_id (bytes) – The template ID returned by a call to enroll_begin.
timeout (Optional[int]) – Optional timeout in milliseconds.
event (Optional[threading.Event])
on_keepalive (Optional[Callable[[int], None]])
- Returns:
A tuple containing the sample status, and the number of samples remaining to complete the enrollment.
- Return type:
Tuple[FPBioEnrollment, int]
- enroll(timeout=None)[source]
Convenience wrapper for doing fingerprint enrollment.
See FPEnrollmentContext for details. :return: An initialized FPEnrollmentContext.
- Parameters:
timeout (Optional[int])
- Return type:
- enumerate_enrollments()[source]
Get a dict of enrolled fingerprint templates which maps template ID’s to their friendly names.
- exception fido2.ctap2.CaptureError(code)[source]
Bases:
ExceptionCommon base class for all non-exit exceptions.
- Parameters:
code (int)
- code
- class fido2.ctap2.LargeBlobs(ctap, pin_uv_protocol=None, pin_uv_token=None)[source]
Implementation of the CTAP2.1 Large Blobs API.
Getting a largeBlobKey for a credential is done via the LargeBlobKey extension.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
pin_uv_protocol (Optional[fido2.ctap2.pin.PinProtocol]) – An instance of a PinUvAuthProtocol.
pin_uv_token (Optional[bytes]) – A valid PIN/UV Auth Token for the current CTAP session.
- static is_supported(info)[source]
- Parameters:
info (fido2.ctap2.base.Info)
- Return type:
- ctap
- max_fragment_length
- pin_uv
- read_blob_array()[source]
Gets the entire contents of the Large Blobs array.
- Returns:
The CBOR decoded list of Large Blobs.
- Return type:
Sequence[Mapping[int, Any]]
- write_blob_array(blob_array)[source]
Writes the entire Large Blobs array.
- Parameters:
blob_array (Sequence[Mapping[int, Any]]) – A list to write to the Authenticator.
- Return type:
None
- class fido2.ctap2.Config(ctap, pin_uv_protocol=None, pin_uv_token=None)[source]
Implementation of the CTAP2.1 Authenticator Config API.
- Parameters:
ctap (fido2.ctap2.base.Ctap2) – An instance of a CTAP2 object.
pin_uv_protocol (Optional[fido2.ctap2.pin.PinProtocol]) – An instance of a PinUvAuthProtocol.
pin_uv_token (Optional[bytes]) – A valid PIN/UV Auth Token for the current CTAP session.
- class CMD[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- ENABLE_ENTERPRISE_ATT = 1
- TOGGLE_ALWAYS_UV = 2
- SET_MIN_PIN_LENGTH = 3
- VENDOR_PROTOTYPE = 255
- class PARAM[source]
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- NEW_MIN_PIN_LENGTH = 1
- MIN_PIN_LENGTH_RPIDS = 2
- FORCE_CHANGE_PIN = 3
- static is_supported(info)[source]
- Parameters:
info (fido2.ctap2.base.Info)
- Return type:
- ctap
- pin_uv
- enable_enterprise_attestation()[source]
Enables Enterprise Attestation.
If already enabled, this command is ignored.
- Return type:
None
- toggle_always_uv()[source]
Toggle the alwaysUV setting.
When true, the Authenticator always requires UV for credential assertion.
- Return type:
None
- set_min_pin_length(min_pin_length=None, rp_ids=None, force_change_pin=False)[source]
Set the minimum PIN length allowed when setting/changing the PIN.
- Parameters:
min_pin_length (Optional[int]) – The minimum PIN length the Authenticator should allow.
rp_ids (Optional[List[str]]) – A list of RP IDs which should be allowed to get the current minimum PIN length.
force_change_pin (bool) – True if the Authenticator should enforce changing the PIN before the next use.
- Return type:
None