MakeCredentialParameters Class
Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dllThis collects and encodes the information needed to make a FIDO2 credential.
public class MakeCredentialParameters : Object, ICborEncode
Remarks
There are ten elements that are inputs to a FIDO2 credential (see section 6.1 of the FIDO2 standard). Four of them are required and six are optional.
When you need to make a new credential, you will collect all the required
along with any optional parameters and build an instance of this class.
Then pass that object to the MakeCredential
method or command.
Constructors
Name | Description |
---|---|
MakeCredentialParameters(RelyingParty, UserEntity) | Constructs a new instance of MakeCredentialParameters using the default preferred algorithm |
MakeCredentialParameters(RelyingParty, UserEntity, String, CoseAlgorithmIdentifier) | Constructs a new instance of MakeCredentialParameters setting the preferred algorithm to something other than the default. |
Properties
Name | Description |
---|---|
Algorithms | The list of supported algorithms for credential generation. This is the "pubKeyCredParams" in the standard (FIDO2 section 6.1). |
ClientDataHash | The original |
EnterpriseAttestation | Specifies whether an enterprise attestation is to be returned along with the credential, and if so, which kind. This is an optional parameter, so it is can be null. |
ExcludeList | The list of credentialIds for which the authenticator should not create a new credential. This is an optional parameter, so it can be null. |
Extensions | The list of extensions. This is an optional parameter, so it can be null. |
Options | The list of authenticator options. Each standard-defined option is a key/value pair, where the key is a string and the value is a boolean. This is an optional parameter, so it can be null. |
PinUvAuthParam | The result of calling the PinProtocol's method AuthenticateUsingPinToken(Byte[], Byte[]) using the PIN token as the key and the client data hash as the message. This is an optional parameter, so it can be null. |
Protocol | The protocol chosen by the platform. This is an optional parameter, so it can be null. |
RelyingParty | The relying party's ID, along with an optional descriptive string. This is a required element. |
UserEntity | The user's ID, along with optional descriptive strings. This is a required element. |
Methods
Name | Description |
---|---|
AddAlgorithm(String, CoseAlgorithmIdentifier) | Add an entry to Algorithms. |
AddCredBlobExtension(Byte[], AuthenticatorInfo) | Add the "credBlob" extension. Note that the credBlob extension is valid only for discoverable credentials. |
AddCredProtectExtension(CredProtectPolicy, Boolean, AuthenticatorInfo) | Add the "credProtect" extension, specifying the protection policy the YubiKey is to use when getting assertions. |
AddCredProtectExtension(CredProtectPolicy, AuthenticatorInfo) | Add the "credProtect" extension, specifying the protection policy the YubiKey is to use when getting assertions. |
AddExtension(String, Byte[]) | Add an entry to the extensions list. |
AddHmacSecretExtension(AuthenticatorInfo) | Add the "hmac-secret" extension, meaning the YubiKey will generate a secret value to be associated with the credential made. When getting an assertion, it will be possible to get the secret value. Note that the hmac-secret extension is valid for both discoverable and non-discoverable credentials. |
AddMinPinLengthExtension(AuthenticatorInfo) | Specify that the YubiKey should return the minimum PIN length with the credential. |
AddOption(String, Boolean) | Add an entry to the list of options. |
CborEncode() | |
ExcludeCredential(CredentialId) | Add an entry to the exclude list. |