GetAssertionParameters Class
Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dllThis collects and encodes the information needed to get a FIDO2 assertion.
public class GetAssertionParameters : Object, ICborEncode
Remarks
There are seven elements that are inputs to a FIDO2 assertion (see section 6.2 of the FIDO2 standard). Two of them are required and five are optional.
When you need to get an assertion, you will collect all the required
along with any optional parameters and build an instance of this class.
Then pass that object to the GetAssertion
method or command.
Constructors
Name | Description |
---|---|
GetAssertionParameters(RelyingParty, ReadOnlyMemory<Byte>) | Constructs a new instance of GetAssertionParameters. |
Properties
Name | Description |
---|---|
AllowList | The list of credentialIds for which the authenticator must generate a new assertion. This is an optional parameter, so it can be null. This is generally used to specify a non-discoverable credential. |
ClientDataHash | The original |
Extensions | The list of extensions. This is an optional parameter, so it can be null. |
Options | The list of authenticator options. Each standard-defined option is a key/value pair, where the key is a string and the value is a boolean. This is an optional parameter, so it can be null. |
PinUvAuthParam | The result of calling the PinProtocol's method AuthenticateUsingPinToken(Byte[], Byte[]) using the PIN token as the key and the client data hash as the message. This is an optional parameter, so it can be null. NoteIf you get assertions by calling the > Fido2Session method GetAssertions(GetAssertionParameters), > you do not need to set this property, the SDK will do so. If you get an assertion using the commands, you must set this property. |
Protocol | The protocol chosen by the platform. This is an optional parameter, so it can be null. |
RelyingParty | The relying party's ID, along with an optional descriptive string. This is a required element. |
Methods
Name | Description |
---|---|
AddExtension(String, Byte[]) | Add an entry to the extensions list. Once an entry is added to the list, it is not possible to remove it. |
AddOption(String, Boolean) | Add an entry to the list of options. Once an entry is added to the list, it is not possible to remove it. |
AllowCredential(CredentialId) | Add an entry to the allow list. Once a credential is added to the allow list, it is not possible to remove it. |
CborEncode() | |
EncodeHmacSecretExtension(PinUvAuthProtocolBase) | Encode the "hmac-secret" extension. This call will be valid only if the RequestHmacSecretExtension(ReadOnlyMemory<Byte>, Nullable<ReadOnlyMemory<Byte>>) has been called, and the Encapsulate(CoseKey) method has been successfully called. The hmac-secret extension must be encoded before calling the GetAssertionCommand. NoteIf you use GetAssertions(GetAssertionParameters) to get any assertion, you do not need to call this method. |
RequestCredBlobExtension() | Specify that the YubiKey should return the credBlob with the assertion. Once this extension is added to this object, it is not possible to remove it. |
RequestHmacSecretExtension(ReadOnlyMemory<Byte>, Nullable<ReadOnlyMemory<Byte>>) | Specify that the YubiKey should return the "hmac-secret" with the assertion. Provide the salt (or salts) to use, which must be exactly 32 bytes long. Once this extension is added to this object, it is not possible to remove it, although it is possible to "change" the salt by calling this method again with a different salt. |