TryAuthenticate Method

TryAuthenticate(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, TimeSpan, out AuthenticationData, bool)

Try to authenticate a credential. If this method can't authenticate the input data or compute the signature, return false. Any other error will throw an exception.

C#
public bool TryAuthenticate(ReadOnlyMemory<byte> applicationId, ReadOnlyMemory<byte> clientDataHash, ReadOnlyMemory<byte> keyHandle, TimeSpan timeout, out AuthenticationData authenticationData, bool requireProofOfPresence = true)

Parameters

Type Name Description
ReadOnlyMemory<byte> applicationId

Also known as the origin data. A SHA-256 hash of the UTF-8 encoding of the application or service requesting the authentication. See the user's manual article on How Fido U2F works for more information.
ReadOnlyMemory<byte> clientDataHash

A SHA-256 hash of the client data, a stringified JSON data structure that the caller prepares. Among other things, the client data contains the challenge from the relying party (the application or service that this registration is for). See the user's manual article on How Fido U2F works for more information.
ReadOnlyMemory<byte> keyHandle

The key handle the YubiKey returned during registration. That value was sent to the relying party and now is being returned to the YubiKey (via the client).
TimeSpan timeout

The amount of time this method will wait for user touch. The recommended timeout is 5 seconds. The minimum is 1 second and the maximum is 30 seconds. If the input is greater than 30 seconds, this method will set the timeout to 30. If the timeout is greater than 0 but less than one second, the method will set the timeout to 1 second. If the timeout is zero, this method will set no timeout and wait for touch indefinitely (zero timeout means no timeout).
AuthenticationData authenticationData

A structure containing the results of the credential authentication, including the signature.
bool requireProofOfPresence

If true, then the user must provide proof of presence in order to complete the authentication. If false, proof of presence is not necessary. The default is true so if no value is given for this argument, it will be true. With the YubiKey proof of user presence is touch.

Returns

bool

true when the credential was successfully authenticated, false when the input data could not be used, such as a key handle that did not match the appId.

Exceptions

Type Condition
TimeoutException

The user presence check timed out.

Remarks

See the comments for Authenticate(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, TimeSpan, bool) as they apply to this method as well.