AuthTokenPermissions Property
AuthTokenPermissions
The set of permissions associated with the AuthToken.
public Nullable<PinUvAuthTokenPermissions> AuthTokenPermissions { get; }Property Value
| Type | Description |
|---|---|
| System.Nullable<PinUvAuthTokenPermissions> |
Remarks
See the User's Manual entry for a deeper discussion of FIDO2 authentication and how AuthTokens, permissions, PIN/UV, and AuthParams fit together.
See also the User's Manual entry
on the SDK's AuthToken logic. That article goes into greater detail
how the SDK performs "automatic" AuthToken retrieval based on the
version of the connected YubiKey, the state of the Fido2 application
on the YubiKey, the input, and the state of the Fido2Session.
The permissions for an auth token are set when PIN or UV verification
occur. This property shows the permission set of the most recent
AuthToken.
There are exceptions. It is possible this property does not represent the current AuthToken's permissions. See the User's Manual entry on the SDK's AuthToken logic for a description of the "corner cases" where this property is not accurate.
Note that because an AuthToken can be expired, this property is not necessarily the permissions of a valid AuthToken that can be used to build an AuthParam that will authenticate a command. This property represents a set of permissions originally specified in the calls to AddPermissions(PinUvAuthTokenPermissions, String), and those added by the SDK needed to perform all the operations called.
Not all YubiKeys support permissions with the auth tokens. To
determine if if this feature is available, check if the
pinUvAuthToken option is present and true in
Options. If permissions are not
supported, do not specify any permissions when verifying the PIN.
Because an AuthToken can be expired, it is possible an operation will
not be able to execute with the current AuthToken. The SDK
might need to retrieve a new AuthToken with the same permissions
represented here during an operation.