GetAssertions Method
GetAssertions(GetAssertionParameters)
Gets one or more assertions for a particular relying party.
Note
You must supply a GetAssertionParameters object to this method, however, you do not need to set the PinUvAuthParam property, the SDK will do so.
public IReadOnlyList<GetAssertionData> GetAssertions(GetAssertionParameters parameters)Parameters
| Type | Name | Description |
|---|---|---|
| GetAssertionParameters | parameters | An appropriately populated GetAssertionParameters structure that follows all of the rules set forth by that object. |
Returns
A collection of objects that contain the credential assertion and supporting data.
Exceptions
| Type | Condition |
|---|---|
| System.ArgumentNullException | The |
| Fido2Exception | The YubiKey could not complete the operation, likely because of a wrong PIN or fingerprint. |
| System.TimeoutException | The YubiKey either required touch for a user presence check or a biometric touch for user authentication. The YubiKey timed out waiting for this action to be performed. |
Remarks
Detailed information about the parameters structure and its expected values can be found on the GetAssertionParameters page.
To get an assertion requires "user presence", which for a YubiKey is
touch. This method will call the KeyCollector when touch is required
(KeyEntryRequest.TouchRequest).
The SDK will automatically perform PIN or user verification using the KeyCollector if needed. That is, if this method determines that authentication has been successfully completed, it will not need the PIN or fingerprint, so will not call the KeyCollector. However, if it needs to perform authentication, it will request user verification and/or a PIN using the KeyCollector.
Note that because the SDK will make the appropriate authentication
calls, it will build the PinUvAuthParam in the
GetAssertionParameters input arg, so you do not need to do so.
It is still possible to call this method with a KeyCollector that
does not collect a PIN (you will need to have one that supports at
least KeyEntryRequest.TouchRequest). You must simply make sure
the appropriate Verify method has been called. See the User's Manual
entries on AuthTokens and
the SDK AuthToken logic for
more information on when to verify. If you do not provide a
KeyCollector that can collect the PIN, and the method is not able to
perform because of an authentication failure, it will throw an
exception.
If there are no credentials associated with the relying party, this method will return a List with no entries (Count = 0).