Documentation for WebAuthn Feature¶ ↑
The webauthn feature implements multifactor authentication via WebAuthn. It supports registering WebAuthn authenticators, using them for multifactor authentication, and removing WebAuthn authenticators. This feature supports multiple WebAuthn authenticators per user, and users are encouraged to have multiple WebAuthn authenticators so that they have a backup if one is not available.
WebAuthn authentication requires javascript to work in browsers, for the browser to communicate with the authenticator. This feature offers routes that return the appropriate javascript. However, the javascript works by setting a hidden form field and using normal form submission. This allows testing the feature without using javascript. See Rodauth’s tests for how testing without javascript works.
The webauthn feature requires the webauthn gem.
Auth Value Methods¶ ↑
authenticated_webauthn_id_session_key |
The session key used for storing which WebAuthn ID was used during authentication. |
webauthn_attestation |
The value of the WebAuthn attestation option when registering a new WebAuthn authenticator. |
webauthn_auth_additional_form_tags |
HTML fragment containing additional form tags when authenticating via WebAuthn. |
webauthn_auth_button |
Text to use for button on the form to authenticate via WebAuthn. |
webauthn_auth_challenge_hmac_param |
The parameter name for the HMAC of the WebAuthn challenge during authentication. |
webauthn_auth_challenge_param |
The parameter name for the WebAuthn challenge during authentication. |
webauthn_auth_error_flash |
The flash error to show if unable to authenticate via WebAuthn. |
webauthn_auth_js |
The javascript code to execute on the page to authenticate via WebAuthn. |
webauthn_auth_js_route |
The route to the webauthn auth javascript file. |
webauthn_auth_link_text |
The text to use for the link from the multifactor auth page. |
webauthn_auth_page_title |
The page title to use on the page for authenticating via WebAuthn. |
webauthn_auth_param |
The parameter name for the WebAuthn authentication data. |
webauthn_auth_route |
The route to the webauthn auth action. |
webauthn_auth_timeout |
The number of milliseconds to wait when authenticating using a WebAuthn authenticator. |
webauthn_authenticator_selection |
The value of the WebAuthn authenticatorSelection option when registering a new WebAuthn authenticator. |
webauthn_duplicate_webauthn_id_message |
The error message to when there is an attempt to insert a duplicate WebAuthn authenticator. |
webauthn_extensions |
The value of the WebAuthn extensions option when registering a new WebAuthn authenticator or authenticating via WebAuthn. |
webauthn_invalid_auth_param_message |
The error message to show when invalid or missing WebAuthn authentication data is provided. |
webauthn_invalid_remove_param_message |
The error message to show when invalid WebAuthn ID is provided when removing a WebAuthn authenticator. |
webauthn_invalid_setup_param_message |
The error message to show when invalid or missing WebAuthn registration data is provided. |
webauthn_invalid_sign_count_message |
The error message to when there is an attempt to authenticate with WebAuthn authenticator with an invalid sign count. |
webauthn_js_host |
The protocol and domain if using a separate host for the WebAuthn setup and auth javascript files. |
webauthn_keys_account_id_column |
The column in the |
webauthn_keys_last_use_column |
The column in the |
webauthn_keys_public_key_column |
The column in the |
webauthn_keys_sign_count_column |
The column in the |
webauthn_keys_table |
The table name containing the WebAuthn public keys. |
webauthn_keys_webauthn_id_column |
The column in the |
webauthn_not_setup_error_flash |
The flash error to show if going to the WebAuthn authentication page without having registered a WebAuthn authenticator. |
webauthn_not_setup_error_status |
The status code to use if going to the WebAuthn authentication page without having registered a WebAuthn authenticator. |
webauthn_origin |
The origin to use when verifying a WebAuthn authenticator. |
webauthn_remove_additional_form_tags |
HTML fragment containing additional form tags when removing an existing WebAuthn authenticator. |
webauthn_remove_button |
Text to use for button on the form to remove an existing WebAuthn authenticator. |
webauthn_remove_error_flash |
The flash error to show if unable to remove an existing WebAuthn authenticator. |
webauthn_remove_link_text |
The text to use for the remove link from the multifactor manage page. |
webauthn_remove_notice_flash |
The flash notice to show after removing an existing WebAuthn authenticator. |
webauthn_remove_page_title |
The page title to use on the page for removing an existing WebAuthn authenticator. |
webauthn_remove_param |
The parameter name for the WebAuthn ID to remove. |
webauthn_remove_redirect |
Where to redirect after successfully removing an existing WebAuthn authenticator. |
webauthn_remove_route |
The route to the webauthn remove action. |
webauthn_rp_id |
The relying party ID to use when registering a WebAuthn authenticator or authenticating via WebAuthn. |
webauthn_rp_name |
The relying party name to use when registering a WebAuthn authenticator. |
webauthn_setup_additional_form_tags |
HTML fragment containing additional form tags when registering a new WebAuthn authenticator. |
webauthn_setup_button |
Text to use for button on the form to register a new WebAuthn authenticator. |
webauthn_setup_challenge_hmac_param |
The parameter name for the HMAC of the WebAuthn challenge during registration. |
webauthn_setup_challenge_param |
The parameter name for the WebAuthn challenge during registration. |
webauthn_setup_error_flash |
The flash error to show if unable to register a new WebAuthn authenticator. |
webauthn_setup_js |
The javascript code to execute on the page to register a new WebAuthn credential. |
webauthn_setup_js_route |
The route to the webauthn setup javascript file. |
webauthn_setup_link_text |
The text to use for the setup link from the multifactor manage page. |
webauthn_setup_notice_flash |
The flash notice to show after registering a new WebAuthn authenticator. |
webauthn_setup_page_title |
The page title to use on the page for registering a new WebAuthn authenticator. |
webauthn_setup_param |
The parameter name for the WebAuthn registration data. |
webauthn_setup_redirect |
Where to redirect after successfully registering a new WebAuthn authenticator. |
webauthn_setup_timeout |
The number of milliseconds to wait when registering a new WebAuthn authenticator. |
webauthn_setup_route |
The route to the webauthn setup action. |
webauthn_user_ids_account_id_column |
The column in the |
webauthn_user_ids_table |
The table name containing the WebAuthn user IDs. |
webauthn_user_ids_webauthn_id_column |
The column in the |
webauthn_user_verification |
The value of the WebAuthn userVerification option when registering a new WebAuthn authenticator. |
Auth Methods¶ ↑
account_webauthn_ids |
An array of WebAuthn IDs for registered WebAuthn credentials for the current account. |
account_webauthn_usage |
A hash mapping WebAuthn IDs to the time of their last use for registered WebAuthn credentials for the current account. |
account_webauthn_user_id |
The WebAuthn User ID for the current account. |
add_webauthn_credential(webauthn_credential) |
Register the given WebAuthn credential to current account. |
after_webauthn_auth_failure |
Any actions to take after a WebAuthn authentication failure. |
after_webauthn_remove |
Any actions to take after removing an existing WebAuthn authenticator. |
after_webauthn_setup |
Any actions to take after registering a new WebAuthn authenticator. |
authenticated_webauthn_id |
The WebAuthn ID for the credential used to authenticate via WebAuthn for the current session. |
before_webauthn_auth |
Any actions to take before authenticating via WebAuthn. |
before_webauthn_auth_js_route |
Run arbitrary code before handling a webauthn auth javascript route. |
before_webauthn_auth_route |
Run arbitrary code before handling a webauthn auth route. |
before_webauthn_remove |
Any actions to take before removing an existing WebAuthn authenticator. |
before_webauthn_remove_route |
Run arbitrary code before handling a webauthn remove route. |
before_webauthn_setup |
Any actions to take before registering a new WebAuthn authenticator. |
before_webauthn_setup_js_route |
Run arbitrary code before handling a webauthn setup javascript route. |
before_webauthn_setup_route |
Run arbitrary code before handling a webauthn setup route. |
handle_webauthn_sign_count_verification_error |
What actions to take if there is an invalid sign count when authenticating. The default results in an error, but overriding without calling super will result in successful WebAuthn authentication. |
new_webauthn_credential |
WebAuthn credential options to provide to the client during WebAuthn registration. |
remove_all_webauthn_keys_and_user_ids |
Remove all WebAuthn credentials and the WebAuthn user ID from the current account. |
remove_webauthn_key(webauthn_id) |
Remove the WebAuthn credential with the given WebAuthn ID from the current account. |
valid_new_webauthn_credential?(webauthn_credential) |
Check wheck the WebAuthn credential provided by the client during registration is valid. |
valid_webauthn_credential_auth?(webauthn_credential) |
Check wheck the WebAuthn credential provided by the client during authentication is valid. |
webauthn_auth_js_path |
The path to the WebAuthn authentication javascript. |
webauthn_auth_view |
The HTML to use for the page for authenticating via WebAuthn. |
webauthn_credential_options_for_get |
WebAuthn credential options to provide to the client during WebAuthn authentication. |
webauthn_key_insert_hash(webauthn_credential) |
The hash to insert into the |
webauthn_remove_authenticated_session |
Remove the authenticated WebAuthn ID, used when removing the WebAuthn credential with the ID after authenticating with it. |
webauthn_remove_response |
Return a response after successfully removing a WebAuthn authenticator. By default, redirects to |
webauthn_remove_view |
The HTML to use for the page for removing an existing WebAuthn authenticator. |
webauthn_setup_js_path |
The path to the WebAuthn registration javascript. |
webauthn_setup_response |
Return a response after successfully setting up a WebAuthn authenticator. By default, redirects to |
webauthn_setup_view |
The HTML to use for the page for registering a new WebAuthn authenticator. |
webauthn_update_session(webauthn_id) |
Set the authenticated WebAuthn ID after authenticating via WebAuthn. |
webauthn_user_name |
The user name to use when registering a new WebAuthn credential, the user’s email by default. |