WebAuthnApi

WebAuthn API wrapper for Supabase Auth. Provides methods for enrolling, challenging, verifying, authenticating, and registering WebAuthn credentials.

class WebAuthnApi {
constructor(client: GoTrueClient);
private client;
authenticate: WebAuthnApi.prototype._authenticate;
challenge: WebAuthnApi.prototype._challenge;
enroll: WebAuthnApi.prototype._enroll;
register: WebAuthnApi.prototype._register;
verify: WebAuthnApi.prototype._verify;
 
_authenticate({ factorId, webauthn: { rpId, rpOrigins, signal } }: {
factorId: string;
webauthn?: {
rpId?: string;
rpOrigins?: string[];
signal?: AbortSignal;
};
}, overrides?: PublicKeyCredentialRequestOptionsFuture): Promise<RequestResult<AuthMFAVerifyResponseData, WebAuthnError | AuthError>>;
_challenge({ factorId, webauthn, friendlyName, signal }: MFAChallengeWebauthnParams & {
friendlyName?: string;
signal?: AbortSignal;
}, overrides?: {
create?: Partial<PublicKeyCredentialCreationOptionsFuture>;
request?: never;
} | {
create?: never;
request?: Partial<PublicKeyCredentialRequestOptionsFuture>;
}): Promise<RequestResult<{
factorId: string;
challengeId: string;
} & {
webauthn: StrictOmit<MFAVerifyWebauthnParamFields<"create" | "request">["webauthn"], "rpId" | "rpOrigins">;
}, WebAuthnError | AuthError>>;
_enroll(params: Omit<MFAEnrollWebauthnParams, "factorType">): Promise<AuthMFAEnrollWebauthnResponse>;
_register({ friendlyName, webauthn: { rpId, rpOrigins, signal } }: {
friendlyName: string;
webauthn?: {
rpId?: string;
rpOrigins?: string[];
signal?: AbortSignal;
};
}, overrides?: Partial<PublicKeyCredentialCreationOptionsFuture>): Promise<RequestResult<AuthMFAVerifyResponseData, WebAuthnError | AuthError>>;
_verify<T extends "create" | "request">({ challengeId, factorId, webauthn }: {
challengeId: string;
factorId: string;
webauthn: MFAVerifyWebauthnParams<T>["webauthn"];
}): Promise<AuthMFAVerifyResponse>;
}

§Constructors

§
new WebAuthnApi(client: GoTrueClient)
[src]

§Properties

§
client
[src]
§
authenticate: WebAuthnApi.prototype._authenticate
[src]
§
challenge: WebAuthnApi.prototype._challenge
[src]
§
enroll: WebAuthnApi.prototype._enroll
[src]
§
register: WebAuthnApi.prototype._register
[src]
§
verify: WebAuthnApi.prototype._verify
[src]

§Methods

§
_authenticate({ factorId, webauthn: { rpId, rpOrigins, signal } }: {
factorId: string;
webauthn?: {
rpId?: string;
rpOrigins?: string[];
signal?: AbortSignal;
};
}, overrides?: PublicKeyCredentialRequestOptionsFuture): Promise<RequestResult<AuthMFAVerifyResponseData, WebAuthnError | AuthError>>
[src]

Complete WebAuthn authentication flow. Performs challenge and verification in a single operation for existing credentials.

@param params
  • Authentication parameters
@param params.factorId
  • ID of the WebAuthn factor to authenticate with
@param params.webauthn
  • WebAuthn configuration
@param params.webauthn.rpId
  • Relying Party ID (defaults to current hostname)
@param params.webauthn.rpOrigins
  • Allowed origins (defaults to current origin)
@param params.webauthn.signal
  • Optional abort signal
@param overrides
  • Override options for navigator.credentials.get
@return

Authentication result

§
_challenge({ factorId, webauthn, friendlyName, signal }: MFAChallengeWebauthnParams & {
friendlyName?: string;
signal?: AbortSignal;
}, overrides?: {
create?: Partial<PublicKeyCredentialCreationOptionsFuture>;
request?: never;
} | {
create?: never;
request?: Partial<PublicKeyCredentialRequestOptionsFuture>;
}): Promise<RequestResult<{
factorId: string;
challengeId: string;
} & {
webauthn: StrictOmit<MFAVerifyWebauthnParamFields<"create" | "request">["webauthn"], "rpId" | "rpOrigins">;
}, WebAuthnError | AuthError>>
[src]

Challenge for WebAuthn credential creation or authentication. Combines server challenge with browser credential operations. Handles both registration (create) and authentication (request) flows.

@param overrides
  • Allows you to override the parameters passed to navigator.credentials
@param overrides.create
  • Override options for credential creation
@param overrides.request
  • Override options for credential request
@return

Challenge response with credential or error

§
_enroll(params: Omit<MFAEnrollWebauthnParams, "factorType">): Promise<AuthMFAEnrollWebauthnResponse>
[src]

Enroll a new WebAuthn factor. Creates an unverified WebAuthn factor that must be verified with a credential.

@param params
  • Enrollment parameters (friendlyName required)
@return

Enrolled factor details or error

§
_register({ friendlyName, webauthn: { rpId, rpOrigins, signal } }: {
friendlyName: string;
webauthn?: {
rpId?: string;
rpOrigins?: string[];
signal?: AbortSignal;
};
}, overrides?: Partial<PublicKeyCredentialCreationOptionsFuture>): Promise<RequestResult<AuthMFAVerifyResponseData, WebAuthnError | AuthError>>
[src]

Complete WebAuthn registration flow. Performs enrollment, challenge, and verification in a single operation for new credentials.

@param params
  • Registration parameters
@param params.friendlyName
  • User-friendly name for the credential
@param params.rpId
  • Relying Party ID (defaults to current hostname)
@param params.rpOrigins
  • Allowed origins (defaults to current origin)
@param params.signal
  • Optional abort signal
@param overrides
  • Override options for navigator.credentials.create
@return

Registration result

§
_verify<T extends "create" | "request">({ challengeId, factorId, webauthn }: {
challengeId: string;
factorId: string;
webauthn: MFAVerifyWebauthnParams<T>["webauthn"];
}): Promise<AuthMFAVerifyResponse>
[src]

Verify a WebAuthn credential with the server. Completes the WebAuthn ceremony by sending the credential to the server for verification.

@param params
  • Verification parameters
@param params.challengeId
  • ID of the challenge being verified
@param params.factorId
  • ID of the WebAuthn factor
@param params.webauthn
  • WebAuthn credential response
@return

Verification result with session or error