hotchocolate-types-fido2

Simple integration of fido2-net-lib types into HotChocolate 👌

---

Table of Contents

1. About The Project
2. Getting Started
   • Prerequisites
   • Installation
3. Usage
4. Examples
   • Create Attestation Options
   • Register Credentials
   • Create Assertion Options
   • Verify The Assertion Response
5. Type Mapping Table
6. License
7. Credits

About The Project

Make available the fido2-net-lib (WebAuthn) types within the HotChocolate (GraphQL) library.

Getting Started

Prerequisites

Since version 3 of fido2-net-lib library is implemented only for the .net6 target, this library also works only with this one.

Installation

dotnet add package HotChocolate.Extensions.Types.Fido2

(back to top)

Usage

Configure services to integrate all types defined by the fido2-net-lib library.

builder.Services.AddFido2(options =>
{
    // See the configuration example at https://github.com/passwordless-lib/fido2-net-lib/blob/v3.0.0/Demo/Startup.cs#L47
});

builder.Services
    .AddGraphQLServer()
    .AddFido2();

You can then use all types defined in fido2-net-lib library with the difference that error handling must be done within GraphQL mutations because it is not included in types as it is the case in fido2-net-lib library.

You can consult the schema via Banana Cake Pop to directly see which type you can use and deduce the relationships using the table below.

(back to top)

Examples

Here is the list of the different prototypes needed to implement the protocol. You can refer to the examples provided in the fido2-net-lib library documentation to understand what each of the following prototypes correspond to. Refer also to their implementation in the example provided in the project.

For more details concerning the implementation of controllers allowing the implementation of FIDO2 / WebAuthn refer to the example provided by the fido2-net-lib library.

Create Attestation Options

public CredentialCreateOptions MakeCredentialOptions(
    IFido2 fido2,
    IHttpContextAccessor httpContextAccessor,
    string? username,
    string displayName,
    AttestationConveyancePreference attType,
    AuthenticatorAttachment? authType,
    bool requireResidentKey,
    UserVerificationRequirement userVerification)
{ }

Register Credentials

public async Task<AttestationVerificationSuccess> MakeCredential(
    IFido2 fido2,
    IHttpContextAccessor httpContextAccessor,
    AuthenticatorAttestationRawResponse attestationResponse,
    CancellationToken cancellationToken)
{ }

Create Assertion Options

public AssertionOptions MakeAssertionOptions(
    IResolverContext context,
    IFido2 fido2,
    IHttpContextAccessor httpContextAccessor,
    string? username,
    UserVerificationRequirement userVerification = UserVerificationRequirement.Discouraged)
{ }

Verify The Assertion Response

public async Task<AssertionVerificationResult> MakeAssertion(
    IFido2 fido2,
    IHttpContextAccessor httpContextAccessor,
    AuthenticatorAssertionRawResponse clientResponse,
    CancellationToken cancellationToken)
{ }

(back to top)

Type Mapping Table

FIDO2 types	HotChocolate types	GraphQL types	Binding behavior1
AssertionOptions	PublicKeyCredentialRequestOptionsType	PublicKeyCredentialRequestOptions	Implicit2
AssertionVerificationResult	AssertionVerificationResultType	AssertionVerificationResult	Implicit2
AttestationConveyancePreference	AttestationConveyancePreferenceType	AttestationConveyancePreference	Implicit2
AttestationConveyancePreference	EnumMemberType<AttestationConveyancePreference>	AttestationConveyancePreferenceStringEnum	Explicit3
AttestationVerificationSuccess	AttestationVerificationSuccessType	AttestationVerificationSuccess	Implicit2
AuthenticationExtensionsClientInputs	AuthenticationExtensionsClientInputsType	AuthenticationExtensionsClientInputs	Explicit3
AuthenticationExtensionsClientOutputs	AuthenticationExtensionsClientOutputsType	AuthenticationExtensionsClientOutputs	Explicit3
AuthenticatorAssertionRawResponse	PublicKeyCredentialAssertionInputType	PublicKeyCredentialAssertionInput	Implicit2
AuthenticatorAssertionRawResponse.AssertionResponse	AuthenticatorAssertionResponseInputType	AuthenticatorAssertionResponseInput	Explicit3
AuthenticatorAttachment	AuthenticatorAttachmentType	AuthenticatorAttachment	Implicit2
AuthenticatorAttachment	EnumMemberType<AuthenticatorAttachment>	AuthenticatorAttachmentStringEnum	Explicit3
AuthenticatorAttestationRawResponse	PublicKeyCredentialAttestationInputType	PublicKeyCredentialAttestationInput	Implicit2
AuthenticatorAttestationRawResponse.ResponseData	AuthenticatorAttestationResponseInputType	AuthenticatorAttestationResponseInput	Explicit3
AuthenticatorSelection	AuthenticatorSelectionCriteriaType	AuthenticatorSelectionCriteria	Explicit3
AuthenticatorTransport	AuthenticatorTransportType	AuthenticatorTransport	Implicit2
AuthenticatorTransport	EnumMemberType<AuthenticatorTransport>	AuthenticatorTransportStringEnum	Explicit3
CredentialCreateOptions	PublicKeyCredentialCreationOptionsType	PublicKeyCredentialCreationOptions	Implicit2
Fido2User	PublicKeyCredentialUserEntityType	PublicKeyCredentialUserEntity	Explicit3
PubKeyCredParam	PublicKeyCredentialParametersType	PublicKeyCredentialParameters	Explicit3
PublicKeyCredentialDescriptor	PublicKeyCredentialDescriptorType	PublicKeyCredentialDescriptor	Explicit3
PublicKeyCredentialRpEntity	PublicKeyCredentialRpEntityType	PublicKeyCredentialRpEntity	Explicit3
PublicKeyCredentialType	PublicKeyCredentialTypeType	PublicKeyCredentialType	Implicit2
PublicKeyCredentialType	EnumMemberType<PublicKeyCredentialType>	PublicKeyCredentialTypeStringEnum	Explicit3
UserVerificationRequirement	UserVerificationRequirementType	UserVerificationRequirement	Implicit2
UserVerificationRequirement	EnumMemberType<UserVerificationRequirement>	UserVerificationRequirementStringEnum	Explicit3

License

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Credits

• Fingerprint icons created by Blaze150 - Flaticon

(back to top)

Footnotes

1. Defines the type system binding behavior of HotChocolate. ↩

2. Implicitly bind type system members. ↩ ↩² ↩³ ↩⁴ ↩⁵ ↩⁶ ↩⁷ ↩⁸ ↩⁹ ↩¹⁰ ↩¹¹

3. Type system members need to be explicitly bound. ↩ ↩² ↩³ ↩⁴ ↩⁵ ↩⁶ ↩⁷ ↩⁸ ↩⁹ ↩¹⁰ ↩¹¹ ↩¹² ↩¹³ ↩¹⁴