View Source WaxAPIREST.Plug (wax_api_rest v0.4.0)
A plug that exposes the FIDO2 REST API 7. Transport Binding Profil.
usage
Usage
In a Phoenix router, forward a route to the WaxAPIREST.Plug
:
defmodule MyApp.Router do
use Phoenix.Router
forward "/webauthn", WaxAPIREST.Plug, callback: MyApp.WebAuthnCallbackModule
end
If you're using Plug.Router
:
defmodule MyApp.Router do
use Plug.Router
forward "/webauthn", to: WaxAPIREST.Plug, callback: MyApp.WebAuthnCallbackModule
end
callback-module
Callback module
An implementation of the WaxAPIREST.Callback
module must be provided as an option or
in the configuration file.
options
Options
In addition to Wax's options (Wax.opt/0
), the opts/0
can be used specifically
with this plug.
For instance, using Phoenix:
defmodule MyApp.Router do
use Phoenix.Router
forward "/webauthn", WaxAPIREST.Plug, [
callback_module: MyApp.WebAuthnCallbackModule,
rp_name: "My site",
pub_key_cred_params: [-36, -35, -7, -259, -258, -257] # allows RSA algs
]
end
Link to this section Summary
Link to this section Types
@type opt() :: {:callback_module, module()} | {:rp_name, String.t()} | {:pub_key_cred_params, [Wax.CoseKey.cose_alg()]} | {:attestation_conveyance_preference, WaxAPIREST.Types.AttestationConveyancePreference.t()}
In addition to the Wax options, this library defines the following options:
:callback_module
[mandatory]: the callback module, no default:rp_name
: a human-palatable identifier for the Relying Party. If not present, defaults to the RP id (Wax
option:rp_id
):pub_key_cred_params
: the list of allowed credential algorithms. Defaults to[-36, -35, -7]
which are ES512, ES384 and ES256 in this order of precedence. These values have been chosen using the following security analysis: Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet):attestation_conveyance_preference
: the attestation conveyance preference. Defaults to the value of the request or, if absent, to"none"
The options can be configured (in order of precedence):
- through options passed as a parameter to the plug router
- in the configuration file (under the
WaxAPIREST
key)