GetAssertionParameters Class

Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dll

This collects and encodes the information needed to get a FIDO2 assertion.

C#
public class GetAssertionParameters : Object, ICborEncode
Inheritance System.Object GetAssertionParameters

Remarks

There are seven elements that are inputs to a FIDO2 assertion (see section 6.2 of the FIDO2 standard). Two of them are required and five are optional.

When you need to get an assertion, you will collect all the required along with any optional parameters and build an instance of this class. Then pass that object to the GetAssertion method or command.

Constructors

Name Description
GetAssertionParameters(RelyingParty, ReadOnlyMemory<Byte>)

Constructs a new instance of GetAssertionParameters.

Properties

Name Description
AllowList

The list of credentialIds for which the authenticator must generate a new assertion. This is an optional parameter, so it can be null. This is generally used to specify a non-discoverable credential.
ClientDataHash

The original clientDataHash that was provided by the client. It contains the challenge. This is a required element.
Extensions

The list of extensions. This is an optional parameter, so it can be null.
Options

The list of authenticator options. Each standard-defined option is a key/value pair, where the key is a string and the value is a boolean. This is an optional parameter, so it can be null.
PinUvAuthParam

The result of calling the PinProtocol's method AuthenticateUsingPinToken(Byte[], Byte[]) using the PIN token as the key and the client data hash as the message. This is an optional parameter, so it can be null.

Note

If you get assertions by calling the > Fido2Session method GetAssertions(GetAssertionParameters), > you do not need to set this property, the SDK will do so. If you get an assertion using the commands, you must set this property.
Protocol

The protocol chosen by the platform. This is an optional parameter, so it can be null.
RelyingParty

The relying party's ID, along with an optional descriptive string. This is a required element.

Methods

Name Description
AddExtension(String, Byte[])

Add an entry to the extensions list. Once an entry is added to the list, it is not possible to remove it.
AddOption(String, Boolean)

Add an entry to the list of options. Once an entry is added to the list, it is not possible to remove it.
AllowCredential(CredentialId)

Add an entry to the allow list. Once a credential is added to the allow list, it is not possible to remove it.
CborEncode()
EncodeHmacSecretExtension(PinUvAuthProtocolBase)

Encode the "hmac-secret" extension. This call will be valid only if the RequestHmacSecretExtension(ReadOnlyMemory<Byte>, Nullable<ReadOnlyMemory<Byte>>) has been called, and the Encapsulate(CoseKey) method has been successfully called. The hmac-secret extension must be encoded before calling the GetAssertionCommand.

Note

If you use GetAssertions(GetAssertionParameters) to get any assertion, you do not need to call this method.
RequestCredBlobExtension()

Specify that the YubiKey should return the credBlob with the assertion. Once this extension is added to this object, it is not possible to remove it.
RequestHmacSecretExtension(ReadOnlyMemory<Byte>, Nullable<ReadOnlyMemory<Byte>>)

Specify that the YubiKey should return the "hmac-secret" with the assertion. Provide the salt (or salts) to use, which must be exactly 32 bytes long. Once this extension is added to this object, it is not possible to remove it, although it is possible to "change" the salt by calling this method again with a different salt.