Fido2Session Class
Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dllRepresents an active session with the FIDO2 application on the YubiKey.
public sealed class Fido2Session : Object, IDisposable
Implements
Remarks
When you need to perform FIDO2 operations, instantiate this class to create a session, then call on methods within the class.
Generally, you will choose the YubiKey to use by building an instance of IYubiKeyDevice. This object will represent the actual YubiKey hardware.
IYubiKeyDevice SelectYubiKey()
{
IEnumerable<IYubiKeyDevice> yubiKeyList = YubiKey.FindAll();
foreach (IYubiKeyDevice current in yubiKeyList)
{
/* Determine which YubiKey to use */
if (selected)
{
return current;
}
}
}
Once you have the YubiKey to use, you will build an instance of this Fido2Session class to represent the FIDO2
application on the hardware. Because this class implements IDisposable
, use the using
keyword.
For example,
IYubiKeyDevice yubiKeyToUse = SelectYubiKey();
using (var fido2 = new Fido2Session(yubiKeyToUse))
{
/* Perform FIDO2 operations. */
}
If this class is used as part of a using
expression or statement, when the session goes out of scope, the
Dispose
method will be called to dispose of the active FIDO2 session. This will clear any application state,
and ultimately release the connection to the YubiKey.
Constructors
Name | Description |
---|---|
Fido2Session(IYubiKeyDevice) | Creates an instance of Fido2Session, the object that represents the FIDO2 application on the YubiKey. |
Properties
Name | Description |
---|---|
AuthenticatorInfo | The FIDO2 |
AuthProtocol | The PIN protocol to use for all operations on this session instance. |
AuthToken | The current PIN / UV Auth token, if present. |
AuthTokenPermissions | The set of permissions associated with the AuthToken. |
AuthTokenRelyingPartyId | The relying party ID associated with the permissions. |
Connection | The object that represents the connection to the YubiKey. Most applications can ignore this, but it can be used to call command classes and send APDUs directly to the YubiKey during advanced scenarios. |
KeyCollector | A callback that this class will call when it needs the YubiKey touched or a PIN verified. |
Methods
Name | Description |
---|---|
AddPermissions(PinUvAuthTokenPermissions, String) | Obtain a PinUvAuthToken that possesses the given permissions along with the current permissions. This is generally called early in a session to specify which set of permissions you expect to need for the operations you will be calling. |
ChangePin() | Changes the PIN using the |
ClearAuthToken() | Reset the AuthToken, AuthTokenPermissions, and AuthTokenRelyingPartyId to null, so that any future operation that retrieves an AuthToken will not use the current values. |
DeleteCredential(CredentialId) | This performs the |
Dispose() | |
EnrollFingerprint(String, Nullable<Int32>) | Try to enroll a fingerprint. This will require several samples. See also the User's Manual entry on Bio Enrollment. |
EnumerateBioEnrollments() | Get a list of all the bio enrollments on a YubiKey. |
EnumerateCredentialsForRelyingParty(RelyingParty) | This performs the |
EnumerateRelyingParties() | This performs the |
GetAssertions(GetAssertionParameters) | Gets one or more assertions for a particular relying party. NoteYou must supply a GetAssertionParameters object to this method, however, you do not need to set the PinUvAuthParam property, the SDK will do so. |
GetAuthenticatorInfo() | Returns information about the authenticator (the YubiKey), including defaults and bounds for various fields and parameters used by FIDO2. |
GetBioModality() | Get the biometric method the YubiKey uses. If the YubiKey is not a Bio series device, this will return "None". |
GetCredentialMetadata() | This performs the |
GetFingerprintSensorInfo() | Get the fingerprint sensor info, which is the "fingerprint kind" (touch or swipe), maximum capture count, and the maximum length, in bytes, of a template friendly name. |
GetSerializedLargeBlobArray() | Get the current |
MakeCredential(MakeCredentialParameters) | Creates a FIDO2 credential on the YubiKey given a parameters object. |
SetAuthProtocol(PinUvAuthProtocolBase) | Overrides the default PIN/UV Auth protocol (which is determined by the YubiKey and SDK). |
SetBioTemplateFriendlyName(ReadOnlyMemory<Byte>, String) | Set the friendly name of a template. If the template already has a friendly name, this will replace it. |
SetPin() | Sets the initial FIDO2 PIN using the |
SetSerializedLargeBlobArray(SerializedLargeBlobArray) | Set the |
TryChangePin() | Tries to change the PIN using the |
TryChangePin(ReadOnlyMemory<Byte>, ReadOnlyMemory<Byte>) | Tries to change the PIN. |
TryEnableEnterpriseAttestation() | Try to set the YubiKey to enable enterprise attestation. If the
YubiKey selected does not support enterprise attestation, this method
will return |
TryRemoveBioTemplate(ReadOnlyMemory<Byte>) | Try to remove a template from a YubiKey. If there is no enrollment on
the YubiKey for the given template ID, this method will do nothing
and return |
TrySetPin() | Tries to set the initial FIDO2 PIN using the |
TrySetPin(ReadOnlyMemory<Byte>) | Tries to set the initial FIDO2 PIN. To change an existing PIN, use the TryChangePin() function. |
TrySetPinConfig(Nullable<Int32>, IReadOnlyList<String>, Nullable<Boolean>) | Perform the |
TryToggleAlwaysUv() | Try to toggle the YubiKey's "alwaysUv" option (set to |
TryVerifyPin(Nullable<PinUvAuthTokenPermissions>, String) | Tries to verify the PIN against the YubiKey using the |
TryVerifyPin(ReadOnlyMemory<Byte>, Nullable<PinUvAuthTokenPermissions>, String, out Nullable<Int32>, out Nullable<Boolean>) | Tries to verify the PIN against the YubiKey. |
TryVerifyUv(PinUvAuthTokenPermissions, String) | Tries to Perform a User Verification (UV) check on the YubiKey using
the onboard biometric sensor. This method is only supported on
YubiKey Bio Series devices. The permissions argument must be
something other than |
UpdateUserInfoForCredential(CredentialId, UserEntity) | This performs the |
VerifyPin(Nullable<PinUvAuthTokenPermissions>, String) | Verifies the PIN against the YubiKey using the |
VerifyUv(PinUvAuthTokenPermissions, String) | Performs a User Verification (UV) check on the YubiKey using the onboard biometric sensor. This method is only supported on YubiKey Bio Series devices. Uses the KeyCollector for touch prompting. |