GetCredentialMetadata Method
GetCredentialMetadata()
This performs the getCredsMetadata subcommand of the
authenticatorCredentialManagement command. It gets
metadata for all the credentials on the YubiKey.
public (int, int) GetCredentialMetadata()Returns
Two integers, the number of discoverable credentials in the YubiKey's FIDO2 application and the number of discoverable credentials for which it has space.
Exceptions
| Type | Condition |
|---|---|
| System.InvalidOperationException | The connected YubiKey does not support CredentialManagement, or the PIN was invalid, or there was no KeyCollector. |
| System.OperationCanceledException | The user canceled the operation while collecting the PIN. |
| System.Security.SecurityException | The PIN retry count was exhausted. |
Remarks
See the User's Manual entry on credential management.
This method returns a Tuple of two integers, the number of discoverable credentials and the number of "slots" remaining. The number of slots is the number of discoverable credentials the YubiKey can still hold.
In order to execute, this method will need a PIN/UV auth param, which is built using an AuthToken, which itself is built from the PIN and the permissions, or UV and permissions. This method will need an AuthToken with the permission CredentialManagement.
If there is no Fido2Session property AuthToken,
or it does not work (i.e. it is expired or does not have the
appropriate permission), this method will use the KeyCollector
to obtain a new one.
If you do not want to use a KeyCollector, you must verify the PIN
before calling, making sure the CredentialManagement
permission is set. See
TryVerifyPin(ReadOnlyMemory<Byte>, Nullable<PinUvAuthTokenPermissions>, String, out Nullable<Int32>, out Nullable<Boolean>)
bool isVerified = fido2Session.TryVerifyPin(
currentPin, PinUvAuthTokenPermissions.CredentialManagement,
null, out int _, out bool _);