@spec get_webauthn_strategy(
  module(),
  keyword()
) ::
  {:ok, AshAuthentication.Strategy.WebAuthn.t()}
  | {:error, :no_webauthn_strategy}

Returns the WebAuthn strategy on a resource, if any.

Options

• :strategy — return the named strategy. If unset, returns the first WebAuthn strategy.

@spec webauthn_available?(module()) :: boolean()

Returns true if the resource has a WebAuthn strategy configured.

@spec webauthn_configured?(
  nil | Ash.Resource.record(),
  keyword()
) :: boolean()

Returns true if the user has at least one registered WebAuthn credential.

Walks the strategy's credentials_relationship_name (loading it if it isn't already loaded). Returns false for nil users so callers don't have to nil-check first.

Options

• :strategy — the WebAuthn strategy to check against. Defaults to the first WebAuthn strategy on the user's resource.

@spec webauthn_verified?(
  Plug.Conn.t() | Phoenix.LiveView.Socket.t() | struct() | nil,
  keyword()
) :: boolean()

Returns true if the current request has a WebAuthn verification on it.

Accepts either:

• a Plug.Conn — looks at the assign named by :current_user_assign (default :current_user).
• a Phoenix.LiveView.Socket — same, against socket.assigns.
• a user struct — checks its __metadata__[:webauthn_verified_at] directly. Useful in AuthController.success/4 clauses where you have the user but no conn / socket.

Options

• :max_age — maximum age of the verification in seconds. nil (default) means no expiry; any timestamp counts.
• :current_user_assign — assign holding the user (conn / socket forms only). Defaults to :current_user.