wip passkey registration day 2

2026-04-12 16:59:40 -04:00
parent 6c2305cac9
commit 8ff4fa74e4
8 changed files with 192 additions and 45 deletions
@@ -123,8 +123,28 @@ message PasskeyPayload {

 message PasskeyCredentialCreateOptions{
 	string challenge = 1;
-	string userId = 2;
+	PublicKeyCredentialUser user = 2;
+	PublicKeyCredentialRpEntity rp = 3;
+	repeated PubKeyCredParam pubKeyParams = 4;
 }
+
+message PubKeyCredParam{
+	string alg = 1;
+	string type = 2;
+}
+
+message PublicKeyCredentialRpEntity{
+	string id = 1;
+	string icon = 2;
+	string name = 3;
+}
+
+message PublicKeyCredentialUser{
+	string id = 1;
+	string name = 2;
+	string displayName = 3;
+}
+
 message PasskeyRegistrationCredentials{
 	string id = 1;
 	string rawId = 2;
@@ -136,4 +156,11 @@ message CredentialsClientResponse{
 	string clientDataJSON = 1;
 	string attestationObject = 2;
 	string authenticatorData = 3;
-}
+}
+
+message PublicKeyCredentialDescriptor{
+	string type = 1;
+	string id = 2;
+	repeated string transports = 3;
+}
+
@@ -32,13 +32,16 @@ public class AccountRpcService(IFido2 fido2, AccountsService accounts) : Account
 		var credOptions = fido2.RequestNewCredential(new RequestNewCredentialParams
 		{
 			User = user,
-			ExcludeCredentials = curUser.CredentialDescriptors
+			ExcludeCredentials = curUser.CredentialDescriptors,
+			AuthenticatorSelection = new AuthenticatorSelection
+			{
+				ResidentKey = Fido2NetLib.Objects.ResidentKeyRequirement.Required,
+				UserVerification = Fido2NetLib.Objects.UserVerificationRequirement.Preferred
+			}
 		});
-		return new PasskeyCredentialCreateOptions
-		{
-			Challenge = credOptions.Challenge.ToB64String().Replace('+', '-').Replace('/', '_'),
-			UserId = credOptions.User.Id.ToB64String().Replace('+', '-').Replace('/', '_')
-		};
+		
+
+		return credOptions.ToRPC();
 	}

 	public override Task<Empty> CompletePasskeyRegistration(PasskeyRegistrationCredentials request, ServerCallContext context)
@@ -0,0 +1,55 @@
+using Aoba.RPC;
+
+using Isopoh.Cryptography.Argon2;
+
+namespace AobaServer.Utils;
+
+public static class PasskeyExtensions
+{
+	public static PublicKeyCredentialRpEntity ToRPC(this Fido2NetLib.PublicKeyCredentialRpEntity value) 
+	{
+		return new PublicKeyCredentialRpEntity
+		{
+			Id = value.Id,
+			Icon = value.Icon,
+			Name = value.Name,
+		};
+	}
+
+	public static PublicKeyCredentialUser ToRPC(this Fido2NetLib.Fido2User value)
+	{
+		return new PublicKeyCredentialUser
+		{
+			Id = value.Id.ToB64String(),
+			DisplayName = value.DisplayName,
+			Name = value.Name,
+		};
+	}
+
+	public static PubKeyCredParam ToRPC(this Fido2NetLib.PubKeyCredParam value)
+	{
+		return new PubKeyCredParam
+		{
+			Alg = value.Alg.ToString(),
+			Type = value.Type.ToString(),
+		};
+	}
+
+	public static IEnumerable<PubKeyCredParam> ToRPC(this IEnumerable<Fido2NetLib.PubKeyCredParam> value)
+	{
+		return value.Select(x => x.ToRPC());
+	}
+
+	public static PasskeyCredentialCreateOptions ToRPC(this Fido2NetLib.CredentialCreateOptions value)
+	{
+		var opts = new PasskeyCredentialCreateOptions
+		{
+			Challenge = value.Challenge.ToB64String(),
+			Rp = value.Rp.ToRPC(),
+			User = value.User.ToRPC()
+		};
+		//todo: excluded credentials
+		opts.PubKeyParams.AddRange(value.PubKeyCredParams.ToRPC());
+		return opts;
+	}
+}