diff --git a/spec/json/twilio_verify_passkeys_v1.json b/spec/json/twilio_verify_passkeys_v1.json deleted file mode 100644 index 6afee8e1..00000000 --- a/spec/json/twilio_verify_passkeys_v1.json +++ /dev/null @@ -1,1222 +0,0 @@ -{ - "openapi": "3.0.1", - "info": { - "contact": { - "name": "Twilio", - "url": "http://www.twilio.com" - }, - "version": "preview", - "title": "Verify Passkeys API", - "description": "An API facade for the creation, storage and verification of FIDO2 (passkey) credentials.\nThis API contains many objects referenced directly from the [Level 2 Webauthn API specification](https://www.w3.org/TR/webauthn-2/)." - }, - "servers": [ - { - "url": "https://preview-verify.twilio.com", - "description": "Twilio Verify Passkeys API Preview" - } - ], - "paths": { - "/v1/Services/{service_sid}/Factors": { - "post": { - "summary": "Create a Factor", - "operationId": "CreateFactor", - "description": "This operation creates a passkey Factor.", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - } - ], - "responses": { - "201": { - "description": "Created", - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Factor" - } - } - } - } - }, - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "title": "CreateFactor", - "description": "This operation creates Factors.", - "properties": { - "friendly_name": { - "type": "string" - }, - "factor_type": { - "$ref": "schemas.yaml#/FactorType" - }, - "entity": { - "$ref": "schemas.yaml#/EntityIdentifier" - }, - "config": { - "$ref": "schemas.yaml#/PasskeyFactorConfigRequest" - } - }, - "required": [ - "factor_type", - "entity", - "config" - ] - } - } - } - } - }, - "get": { - "summary": "List Factors", - "operationId": "ListFactors", - "description": "This operation returns a list of Passkey Factors", - "parameters": [ - { - "name": "service_sid", - "in": "path", - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "required": true - }, - { - "name": "entity_sid", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/EntitySID" - } - }, - { - "name": "entity_identity", - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "page_size", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/PageSize" - } - }, - { - "name": "page_token", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/PageToken" - } - } - ], - "responses": { - "200": { - "description": "A list of Factors", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "factors": { - "type": "array", - "items": { - "$ref": "schemas.yaml#/Factor" - } - }, - "pagination": { - "$ref": "schemas.yaml#/PaginationMetadata" - } - } - } - } - } - } - } - } - }, - "/v1/Services/{service_sid}/Factors/Verify": { - "post": { - "summary": "Verify a Factor", - "operationId": "UpdateFactor", - "description": "This operation verifies a Factor", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "Verification Status Updated", - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Factor" - } - } - } - } - }, - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/PasskeyFactorPublicKeyCredential" - } - } - } - } - } - }, - "/v1/Services/{service_sid}/Factors/{factor_sid}": { - "get": { - "summary": "Fetch Factor", - "operationId": "FetchFactor", - "description": "This operation fetches a single Factor by SID", - "parameters": [ - { - "name": "service_sid", - "in": "path", - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "required": true - }, - { - "name": "factor_sid", - "in": "path", - "schema": { - "$ref": "schemas.yaml#/FactorSID" - }, - "required": true - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Factor" - } - } - }, - "description": "Successfully fetched a Factor" - } - } - }, - "delete": { - "summary": "Delete Factor", - "operationId": "DeleteFactor", - "description": "This operation deletes a single Factor by SID", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - }, - { - "schema": { - "$ref": "schemas.yaml#/FactorSID" - }, - "name": "factor_sid", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "The Factor was deleted successfully." - } - } - } - }, - "/v1/Services/{service_sid}/Challenges": { - "post": { - "summary": "Create a Challenge", - "operationId": "CreateChallenge", - "description": "This operation creates a Challenge", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - } - ], - "responses": { - "201": { - "description": "Created", - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Challenge" - } - } - } - } - }, - "requestBody": { - "content": { - "application/json": { - "schema": { - "type": "object", - "title": "CreateChallenge", - "description": "This operation creates Challenges.", - "properties": { - "factor_sid": { - "$ref": "schemas.yaml#/FactorSID" - }, - "entity": { - "$ref": "schemas.yaml#/EntityIdentifier" - }, - "details": { - "type": "object", - "description": "The challenge details.", - "properties": { - "rpId": { - "type": "string", - "description": "The relying party identifier." - }, - "userVerification": { - "$ref": "schemas.yaml#/UserVerification" - } - }, - "required": [ - "rpId" - ] - } - }, - "required": [ - "details" - ] - } - } - } - } - }, - "get": { - "summary": "List Challenges", - "operationId": "ListChallenges", - "description": "This operation returns a list of Challenges", - "parameters": [ - { - "name": "service_sid", - "in": "path", - "required": true, - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - } - }, - { - "name": "entity_sid", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/EntitySID" - } - }, - { - "name": "entity_identity", - "in": "query", - "schema": { - "type": "string" - } - }, - { - "name": "page_size", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/PageSize" - } - }, - { - "name": "page_token", - "in": "query", - "schema": { - "$ref": "schemas.yaml#/PageToken" - } - } - ], - "responses": { - "200": { - "description": "Successfully returned a list of Challenges", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "challenges": { - "type": "array", - "items": { - "$ref": "schemas.yaml#/Challenge" - } - }, - "pagination": { - "$ref": "schemas.yaml#/PaginationMetadata" - } - } - } - } - } - } - } - } - }, - "/v1/Services/{service_sid}/Challenges/Verify": { - "post": { - "summary": "Verify a Challenge", - "operationId": "CreateVerifyChallenge", - "description": "This operation verifies a Challenge", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "Verified", - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Challenge" - } - } - } - } - }, - "requestBody": { - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/ChallengePublicKeyCredential" - } - } - } - } - } - }, - "/v1/Services/{service_sid}/Challenges/{challenge_sid}": { - "get": { - "summary": "Fetch a Challenge", - "operationId": "FetchChallenge", - "description": "This operation fetches a Challenge", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - }, - { - "schema": { - "$ref": "schemas.yaml#/ChallengeSID" - }, - "name": "challenge_sid", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "schemas.yaml#/Challenge" - } - } - }, - "description": "Successfully fetched a Challenge" - } - } - }, - "delete": { - "summary": "Delete Challenge", - "operationId": "DeleteChallenge", - "description": "This operation deletes a single Challenge by SID", - "parameters": [ - { - "schema": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "name": "service_sid", - "in": "path", - "required": true - }, - { - "schema": { - "$ref": "schemas.yaml#/ChallengeSID" - }, - "name": "challenge_sid", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": "The Challenge was deleted successfully." - } - } - } - } - }, - "components": { - "schemas": { - "Factor": { - "title": "Factor", - "type": "object", - "properties": { - "sid": { - "$ref": "schemas.yaml#/FactorSID" - }, - "friendly_name": { - "type": "string" - }, - "account_sid": { - "$ref": "schemas.yaml#/AccountSID" - }, - "service_sid": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "entity_sid": { - "$ref": "schemas.yaml#/EntitySID" - }, - "entity_identity": { - "type": "string" - }, - "factor_type": { - "$ref": "schemas.yaml#/FactorType" - }, - "status": { - "type": "string", - "description": "The verification status of the factor.", - "enum": [ - "unverified", - "verified", - "expired" - ], - "default": "unverified" - }, - "binding": { - "title": "PasskeyBinding", - "description": "The public key credential and metadata of a verified passkey binding.", - "$ref": "schemas.yaml#/PasskeyFactorBinding" - }, - "config": { - "type": "object", - "description": "The type-specific factor configuration.", - "$ref": "schemas.yaml#/PasskeyFactorConfig" - }, - "date_created": { - "type": "string", - "format": "date-time" - }, - "date_updated": { - "type": "string", - "format": "date-time" - } - }, - "required": [ - "sid", - "account_sid", - "service_sid", - "entity_sid", - "entity_identity", - "factor_type", - "status", - "date_created", - "date_updated" - ] - }, - "FactorType": { - "type": "string", - "description": "The type of authentication method enrolled.", - "enum": [ - "passkey" - ], - "default": "passkey" - }, - "PasskeyFactorBinding": { - "title": "PasskeyFactorBinding", - "type": "object", - "properties": { - "credential_id": { - "description": "A unique identifier for this credential so that it can be requested for future authentications.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "credential_public_key": { - "type": "string", - "description": "A COSE-encoded public key. This public key will be stored on the server associated with a user's account and be used for future authentications.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "transports": { - "$ref": "schemas.yaml#/TransportTypes" - }, - "flags": { - "type": "array", - "items": { - "type": "string", - "enum": [ - "user-present", - "user-verified", - "backup-eligible", - "backup-state", - "attested-credential-data", - "extension-data" - ] - }, - "description": "The most commonly stored authenticator flags." - }, - "authenticator_metadata": { - "type": "object", - "description": "The [authenticator data](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/Authenticator_data) structure contains information from the authenticator\nabout the processing of a credential creation or authentication request.", - "properties": { - "AAGUID": { - "type": "string", - "description": "The authenticator attestation GUID." - }, - "sign_count": { - "type": "integer", - "description": "The signature counter value of the authenticator." - }, - "clone_warning": { - "type": "boolean", - "description": "A flag indicating that the authenticator may be cloned." - }, - "authenticator_attachment": { - "$ref": "schemas.yaml#/AuthenticatorAttachment" - } - } - } - } - }, - "PasskeyFactorConfigRequest": { - "title": "PasskeyFactorConfigRequest", - "type": "object", - "description": "The basic information needed to initiate the FIDO2 registration process.\nThis configuration will be used to generate the `PublicKeyCredentialCreationOptions` in the response.", - "properties": { - "relying_party": { - "type": "object", - "description": "The relying party information.", - "properties": { - "id": { - "type": "string", - "description": "The relying party identifier. This should generally be the origin without a scheme and port." - }, - "name": { - "type": "string", - "description": "The relying party name that the authenticator will show during the registration/authentication process." - }, - "origins": { - "type": "array", - "description": "List of Relying Party Server Origins or App IDs that are permitted.", - "items": { - "type": "string" - } - } - } - }, - "authenticator_criteria": { - "type": "object", - "description": "A set of criteria to guide the selection of an eligible authenticator.", - "properties": { - "authenticator_attachment": { - "description": "A flag indicating a requirement to attach only to a certain type of authenticator.", - "$ref": "schemas.yaml#/ExpandedAuthenticatorAttachment", - "default": "any" - }, - "discoverable_credentials": { - "$ref": "schemas.yaml#/ResidentKey", - "description": "A flag indicating the level of preference for discoverable credentials.", - "default": "preferred" - }, - "user_verification": { - "$ref": "schemas.yaml#/UserVerification", - "default": "required", - "description": "Whether user identity verification (via biometrics or PIN) is required." - } - } - } - }, - "required": [ - "relying_party" - ] - }, - "PasskeyFactorConfig": { - "type": "object", - "title": "PasskeyFactorConfig", - "allOf": [ - { - "$ref": "schemas.yaml#/PasskeyFactorConfigRequest" - }, - { - "title": "PasskeyCreationRequest", - "type": "object", - "properties": { - "creation_request": { - "$ref": "schemas.yaml#/PublicKeyCredentialCreationOptions" - } - } - } - ] - }, - "PasskeyFactorPublicKeyCredential": { - "type": "object", - "title": "PasskeyFactorPublicKeyCredential", - "description": "The public key credential created by the authenticator, as specified in\n[PublicKeyCredential](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential).", - "properties": { - "id": { - "description": "A [base64url](https://base64.guru/standards/base64url) encoded representation of `rawId`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "rawId": { - "description": "The globally unique identifier for this `PublicKeyCredential`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "authenticatorAttachment": { - "$ref": "schemas.yaml#/AuthenticatorAttachment" - }, - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - }, - "response": { - "title": "AuthenticatorAttestationResponse", - "type": "object", - "description": "The result of a WebAuthn credential registration via `navigator.credentials.create()`, \nas specified in [AuthenticatorAttestationResponse](https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse).", - "properties": { - "attestationObject": { - "description": "The authenticator data and an attestation statement for a new key pair generated by the authenticator.", - "$ref": "schemas.yaml#/CBORString" - }, - "clientDataJSON": { - "description": "This property contains the JSON-compatible serialization of the data passed from the browser to the authenticator in order to generate this credential.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "transports": { - "$ref": "schemas.yaml#/TransportTypes" - } - } - } - }, - "required": [ - "authenticatorAttachment", - "response" - ] - }, - "Challenge": { - "title": "Challenge", - "type": "object", - "properties": { - "sid": { - "$ref": "schemas.yaml#/ChallengeSID" - }, - "account_sid": { - "$ref": "schemas.yaml#/AccountSID" - }, - "service_sid": { - "$ref": "schemas.yaml#/ServiceSID" - }, - "factor_sid": { - "$ref": "schemas.yaml#/FactorSID" - }, - "factor_type": { - "$ref": "schemas.yaml#/FactorType" - }, - "entity_sid": { - "$ref": "schemas.yaml#/EntitySID" - }, - "entity_identity": { - "type": "string" - }, - "status": { - "type": "string", - "enum": [ - "pending", - "approved", - "denied", - "expired" - ] - }, - "details": { - "type": "object", - "description": "The challenge details.", - "$ref": "schemas.yaml#/PublicKeyChallenge" - }, - "date_created": { - "type": "string", - "format": "date-time" - }, - "date_updated": { - "type": "string", - "format": "date-time" - } - }, - "required": [ - "sid", - "account_sid", - "service_sid", - "details", - "status", - "date_created", - "date_updated" - ] - }, - "ChallengePublicKeyCredential": { - "title": "ChallengePublicKeyCredential", - "type": "object", - "description": "The result of a WebAuthn authentication via a `navigator.credentials.get()` request,\nas specified in [AuthenticatorAssertionResponse](https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse).", - "properties": { - "id": { - "description": "A [base64url](https://base64.guru/standards/base64url) encoded representation of `rawId`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "rawId": { - "description": "The globally unique identifier for this `PublicKeyCredential`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "authenticatorAttachment": { - "$ref": "schemas.yaml#/AuthenticatorAttachment" - }, - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - }, - "response": { - "title": "AuthenticatorAssertionResponse", - "type": "object", - "properties": { - "authenticatorData": { - "$ref": "schemas.yaml#/CBORString" - }, - "clientDataJSON": { - "description": "This property contains the JSON-compatible serialization of the data passed from the browser to the authenticator in order to generate this credential.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "signature": { - "$ref": "schemas.yaml#/Base64UrlString", - "description": "An assertion signature over `authenticatorData` and `clientDataJSON`.\nThe assertion signature is created with the private key of the key pair that was created during the originating `navigator.credentials.create()` call\nand verified using the public key of that same key pair." - }, - "userHandle": { - "type": "string", - "description": "The user handle stored in the authenticator, specified as `user.id` in the options passed to the originating `navigator.credentials.create()` call.\nThis property should contain a base64url-encoded entity SID." - } - } - } - } - }, - "EntityIdentifier": { - "allOf": [ - { - "type": "object", - "title": "EntitySID", - "properties": { - "sid": { - "$ref": "schemas.yaml#/EntitySID" - } - }, - "additionalProperties": false - }, - { - "type": "object", - "title": "EntityIdentity", - "properties": { - "identity": { - "type": "string" - }, - "display_name": { - "type": "string" - } - }, - "additionalProperties": false - } - ] - }, - "AccountSID": { - "type": "string", - "pattern": "^AC[a-z0-9]{32}$", - "minLength": 34, - "maxLength": 34, - "example": "AC74c5d607bf7c41bf909d69b5d70c03cd" - }, - "ServiceSID": { - "type": "string", - "pattern": "^VA[a-z0-9]{32}$", - "minLength": 34, - "maxLength": 34, - "example": "VA20f25399d74d4be98d68195b72891f55" - }, - "EntitySID": { - "type": "string", - "pattern": "^YE[a-z0-9]{32}$", - "minLength": 34, - "maxLength": 34, - "example": "YEfab61d47680244af8ae327ab4312fdb4" - }, - "FactorSID": { - "type": "string", - "pattern": "^YF04[a-z0-9]{30}$", - "minLength": 34, - "maxLength": 34, - "example": "YF0494ed3269884a3288098defbc4c276e" - }, - "ChallengeSID": { - "type": "string", - "pattern": "^YC04[a-z0-9]{30}$", - "minLength": 34, - "maxLength": 34, - "example": "YC04ce7edcef0149a094ad077d4c30f427" - }, - "PageSize": { - "type": "integer", - "description": "The number of resources to return in a page.", - "format": "int32", - "minimum": 1, - "maximum": 100, - "default": 50 - }, - "PageToken": { - "type": "string", - "description": "The token that identifies the page of resources to fetch." - }, - "PaginationMetadata": { - "title": "PaginationMetadata", - "type": "object", - "description": "The metadata associated with the page of resources returned.", - "properties": { - "prev": { - "description": "The page token for the previous page of resources.", - "type": "string" - }, - "next": { - "description": "The page token for the next page of resources.", - "type": "string" - }, - "self": { - "description": "The page token for the current page of resources.", - "type": "string" - } - } - }, - "AuthenticatorAttachment": { - "title": "AuthenticatorAttachment", - "description": "A string that indicates the mechanism by which the WebAuthn implementation is attached to the authenticator at the time the associated \n`navigator.credentials.create()` or `navigator.credentials.get()` call completes.", - "type": "string", - "enum": [ - "platform", - "cross-platform" - ] - }, - "ExpandedAuthenticatorAttachment": { - "title": "AuthenticatorAttachment", - "description": "A string that indicates the mechanism by which the WebAuthn implementation is attached to the authenticator at the time the associated \n`navigator.credentials.create()` or `navigator.credentials.get()` call completes.", - "type": "string", - "enum": [ - "platform", - "cross-platform", - "any" - ] - }, - "PublicKeyCredentialCreationOptions": { - "title": "PublicKeyCredentialCreationOptions", - "description": "An instance of a [PublicKeyCredentialCreationOptions](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#publickey_object_structure) object that can be passed directly to the `navigator.credentials.create()` interface of the Webauthn API.", - "type": "object", - "properties": { - "rp": { - "type": "object", - "description": "An object describing the relying party that requested the credential creation.", - "properties": { - "id": { - "type": "string", - "description": "The relying party identifier. This should be the origin without a scheme and port." - }, - "name": { - "type": "string", - "description": "The relying party name that the authenticator will show during the registration/authentication process." - } - }, - "required": [ - "id", - "name" - ] - }, - "user": { - "type": "object", - "description": "An object describing the user account for which the credential is generated.", - "properties": { - "id": { - "$ref": "schemas.yaml#/Base64UrlString", - "description": "The unique ID for the user account. This property will contain the base64url-encoded entity SID and should not be displayed to the end user.\nThe `user.id` will later be used for authentication via discoverable credentials, where this same identifier will be passed via the `userHandle` property." - }, - "name": { - "type": "string", - "description": "A string providing a human-friendly identifier for the user's account, to help distinguish between different accounts with similar `displayName`s." - }, - "displayName": { - "type": "string", - "description": "A string providing a human-friendly user display name." - } - }, - "required": [ - "id", - "name", - "displayName" - ] - }, - "challenge": { - "$ref": "schemas.yaml#/Base64UrlString", - "description": "A string generated as a cryptographic challenge, to be signed by the authenticator and sent back as part of the registration process.\nThis will contain a base64url-encoded challenge SID." - }, - "pubKeyCredParams": { - "type": "array", - "description": "An array of objects which specify the key types and signature algorithms the relying party supports, ordered from most preferred to least preferred.", - "items": { - "type": "object", - "properties": { - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - }, - "alg": { - "$ref": "schemas.yaml#/PublicKeyAlgorithm" - } - }, - "required": [ - "type", - "alg" - ] - } - }, - "timeout": { - "type": "integer", - "description": "A numerical hint, in milliseconds, which indicates the time the calling app is willing to wait for the creation operation to complete.", - "format": "int64" - }, - "excludeCredentials": { - "type": "array", - "description": "An array of objects describing existing credentials that are already mapped\nto this user account (as identified by `user.id`).", - "items": { - "type": "object", - "properties": { - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - }, - "id": { - "type": "string" - }, - "transports": { - "$ref": "schemas.yaml#/TransportTypes" - } - }, - "required": [ - "type", - "id" - ] - } - }, - "authenticatorSelection": { - "type": "object", - "description": "An object whose properties are criteria used to filter out the potential authenticators for the credential creation operation.", - "properties": { - "authenticatorAttachment": { - "$ref": "schemas.yaml#/AuthenticatorAttachment" - }, - "requireResidentKey": { - "type": "boolean", - "description": "A flag indicating that the authenticator must support the resident key requirement." - }, - "residentKey": { - "$ref": "schemas.yaml#/ResidentKey" - }, - "userVerification": { - "$ref": "schemas.yaml#/UserVerification" - } - } - }, - "attestation": { - "description": "A string specifying the relying party's preference for how the attestation statement\n(i.e., provision of verifiable evidence of the authenticity of the authenticator and its data) is conveyed during credential creation.\n\nAttestation is not supported in the current version of the API.", - "type": "string", - "enum": [ - "none" - ] - } - }, - "required": [ - "challenge", - "pubKeyCredParams", - "rp", - "user" - ] - }, - "PublicKeyAlgorithm": { - "title": "PublicKeyAlgorithm", - "description": "The algorithm used to generate the public key, \nrepresented as a [COSE Algorithm Identifier](https://www.iana.org/assignments/cose/cose.xhtml#algorithms).\n\n`-8`: Ed25519\n`-7`: ES256\n`-257`: RS256", - "type": "integer", - "enum": [ - -8, - -7, - -257 - ] - }, - "PublicKeyCredential": { - "type": "object", - "title": "PublicKeyCredential", - "description": "The public key credential created by the authenticator, as specified in\n[PublicKeyCredential](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential).", - "properties": { - "id": { - "description": "A [base64url](https://base64.guru/standards/base64url) encoded representation of `rawId`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "rawId": { - "description": "The globally unique identifier for this `PublicKeyCredential`.", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "authenticatorAttachment": { - "$ref": "schemas.yaml#/AuthenticatorAttachment" - }, - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - } - }, - "required": [ - "id", - "rawId", - "authenticatorAttachment" - ] - }, - "PublicKeyType": { - "title": "PublicKeyType", - "description": "The valid credential types supported by the API.\nThe values of this enumeration are used for versioning the `AuthenticatorAssertion` and `AuthenticatorAttestation` structures according to the type of the authenticator.", - "type": "string", - "enum": [ - "public-key" - ], - "default": "public-key" - }, - "UserVerification": { - "title": "UserVerification", - "description": "A string that specifies the extent to which the relying party desires to authenticate the user to the client,\nand the extent to which the client should request that the user be authenticated.", - "type": "string", - "enum": [ - "required", - "preferred", - "discouraged" - ] - }, - "TransportTypes": { - "title": "TransportTypes", - "description": "An array of strings providing hints as to the methods the client could use to communicate with the relevant \nauthenticator of the public key credential to retrieve.", - "type": "array", - "items": { - "type": "string", - "enum": [ - "usb", - "nfc", - "ble", - "smart-card", - "internal", - "hybrid" - ] - } - }, - "ResidentKey": { - "title": "ResidentKey", - "description": "A string that specifies the extent to which the relying party desires to create a client-side discoverable credential.", - "type": "string", - "enum": [ - "required", - "preferred", - "discouraged" - ] - }, - "PublicKeyChallenge": { - "title": "PublicKeyChallenge", - "type": "object", - "properties": { - "publicKey": { - "type": "object", - "properties": { - "challenge": { - "description": "A cryptographic challenge created by the replying party server.\nThis value must be signed by the authenticator as part of the challenge verification flow.", - "type": "string" - }, - "rpId": { - "description": "The relying party identifier. If omitted, it will default to the current origin's domain.", - "type": "string" - }, - "allowCredentials": { - "$ref": "schemas.yaml#/AllowCredentials" - }, - "timeout": { - "type": "integer", - "format": "int64", - "description": "The time in milliseconds that the challenge is valid for." - }, - "userVerification": { - "$ref": "schemas.yaml#/UserVerification", - "default": "preferred" - }, - "extensions": { - "type": "object", - "description": "An object containing properties representing the input values for any requested [Webauthn extensions](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions). \nThese extensions are used to specific additional processing by the client or authenticator during the authentication process.", - "additionalProperties": true - } - }, - "required": [ - "challenge" - ] - } - } - }, - "AllowCredentials": { - "type": "array", - "description": "An array of objects defining a restricted list of the acceptable credentials for retrieval.\n\nIf `allowCredentials` is omitted, it will default to an empty array, meaning that any credential is potentially acceptable for retrieval without the relying party first providing an ID.\nAn empty array enables the use of discoverable credentials on the client.", - "items": { - "type": "object", - "properties": { - "id": { - "description": "The ID of the public key credential to retrieve. This value is mirrored by the `rawId` property of the `PublicKeyCredential` object", - "$ref": "schemas.yaml#/Base64UrlString" - }, - "type": { - "$ref": "schemas.yaml#/PublicKeyType" - }, - "transports": { - "$ref": "schemas.yaml#/TransportTypes" - } - } - } - }, - "Base64UrlString": { - "title": "Base64UrlString", - "type": "string", - "description": "A [base64url](https://base64.guru/standards/base64url)-encoded string.", - "additionalProperties": false - }, - "CBORString": { - "title": "CBORString", - "type": "string", - "description": "A CBOR-encoded string, in \n[CTAP2 canonical CBOR encoding form](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#ctap2-canonical-cbor-encoding-form).", - "additionalProperties": false - } - } - } -} \ No newline at end of file diff --git a/spec/yaml/twilio_verify_passkeys_v1.yaml b/spec/yaml/twilio_verify_passkeys_v1.yaml deleted file mode 100644 index 35dfbcd7..00000000 --- a/spec/yaml/twilio_verify_passkeys_v1.yaml +++ /dev/null @@ -1,956 +0,0 @@ -openapi: 3.0.1 -info: - contact: - name: Twilio - url: http://www.twilio.com - version: preview - title: Verify Passkeys API - description: 'An API facade for the creation, storage and verification of FIDO2 - (passkey) credentials. - - This API contains many objects referenced directly from the [Level 2 Webauthn - API specification](https://www.w3.org/TR/webauthn-2/).' -servers: -- url: https://preview-verify.twilio.com - description: Twilio Verify Passkeys API Preview -paths: - /v1/Services/{service_sid}/Factors: - post: - summary: Create a Factor - operationId: CreateFactor - description: This operation creates a passkey Factor. - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: schemas.yaml#/Factor - requestBody: - content: - application/json: - schema: - type: object - title: CreateFactor - description: This operation creates Factors. - properties: - friendly_name: - type: string - factor_type: - $ref: schemas.yaml#/FactorType - entity: - $ref: schemas.yaml#/EntityIdentifier - config: - $ref: schemas.yaml#/PasskeyFactorConfigRequest - required: - - factor_type - - entity - - config - get: - summary: List Factors - operationId: ListFactors - description: This operation returns a list of Passkey Factors - parameters: - - name: service_sid - in: path - schema: - $ref: schemas.yaml#/ServiceSID - required: true - - name: entity_sid - in: query - schema: - $ref: schemas.yaml#/EntitySID - - name: entity_identity - in: query - schema: - type: string - - name: page_size - in: query - schema: - $ref: schemas.yaml#/PageSize - - name: page_token - in: query - schema: - $ref: schemas.yaml#/PageToken - responses: - '200': - description: A list of Factors - content: - application/json: - schema: - type: object - properties: - factors: - type: array - items: - $ref: schemas.yaml#/Factor - pagination: - $ref: schemas.yaml#/PaginationMetadata - /v1/Services/{service_sid}/Factors/Verify: - post: - summary: Verify a Factor - operationId: UpdateFactor - description: This operation verifies a Factor - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - responses: - '200': - description: Verification Status Updated - content: - application/json: - schema: - $ref: schemas.yaml#/Factor - requestBody: - content: - application/json: - schema: - $ref: schemas.yaml#/PasskeyFactorPublicKeyCredential - /v1/Services/{service_sid}/Factors/{factor_sid}: - get: - summary: Fetch Factor - operationId: FetchFactor - description: This operation fetches a single Factor by SID - parameters: - - name: service_sid - in: path - schema: - $ref: schemas.yaml#/ServiceSID - required: true - - name: factor_sid - in: path - schema: - $ref: schemas.yaml#/FactorSID - required: true - responses: - '200': - content: - application/json: - schema: - $ref: schemas.yaml#/Factor - description: Successfully fetched a Factor - delete: - summary: Delete Factor - operationId: DeleteFactor - description: This operation deletes a single Factor by SID - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - - schema: - $ref: schemas.yaml#/FactorSID - name: factor_sid - in: path - required: true - responses: - '204': - description: The Factor was deleted successfully. - /v1/Services/{service_sid}/Challenges: - post: - summary: Create a Challenge - operationId: CreateChallenge - description: This operation creates a Challenge - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - responses: - '201': - description: Created - content: - application/json: - schema: - $ref: schemas.yaml#/Challenge - requestBody: - content: - application/json: - schema: - type: object - title: CreateChallenge - description: This operation creates Challenges. - properties: - factor_sid: - $ref: schemas.yaml#/FactorSID - entity: - $ref: schemas.yaml#/EntityIdentifier - details: - type: object - description: The challenge details. - properties: - rpId: - type: string - description: The relying party identifier. - userVerification: - $ref: schemas.yaml#/UserVerification - required: - - rpId - required: - - details - get: - summary: List Challenges - operationId: ListChallenges - description: This operation returns a list of Challenges - parameters: - - name: service_sid - in: path - required: true - schema: - $ref: schemas.yaml#/ServiceSID - - name: entity_sid - in: query - schema: - $ref: schemas.yaml#/EntitySID - - name: entity_identity - in: query - schema: - type: string - - name: page_size - in: query - schema: - $ref: schemas.yaml#/PageSize - - name: page_token - in: query - schema: - $ref: schemas.yaml#/PageToken - responses: - '200': - description: Successfully returned a list of Challenges - content: - application/json: - schema: - type: object - properties: - challenges: - type: array - items: - $ref: schemas.yaml#/Challenge - pagination: - $ref: schemas.yaml#/PaginationMetadata - /v1/Services/{service_sid}/Challenges/Verify: - post: - summary: Verify a Challenge - operationId: CreateVerifyChallenge - description: This operation verifies a Challenge - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - responses: - '200': - description: Verified - content: - application/json: - schema: - $ref: schemas.yaml#/Challenge - requestBody: - content: - application/json: - schema: - $ref: schemas.yaml#/ChallengePublicKeyCredential - /v1/Services/{service_sid}/Challenges/{challenge_sid}: - get: - summary: Fetch a Challenge - operationId: FetchChallenge - description: This operation fetches a Challenge - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - - schema: - $ref: schemas.yaml#/ChallengeSID - name: challenge_sid - in: path - required: true - responses: - '200': - content: - application/json: - schema: - $ref: schemas.yaml#/Challenge - description: Successfully fetched a Challenge - delete: - summary: Delete Challenge - operationId: DeleteChallenge - description: This operation deletes a single Challenge by SID - parameters: - - schema: - $ref: schemas.yaml#/ServiceSID - name: service_sid - in: path - required: true - - schema: - $ref: schemas.yaml#/ChallengeSID - name: challenge_sid - in: path - required: true - responses: - '204': - description: The Challenge was deleted successfully. -components: - schemas: - Factor: - title: Factor - type: object - properties: - sid: - $ref: schemas.yaml#/FactorSID - friendly_name: - type: string - account_sid: - $ref: schemas.yaml#/AccountSID - service_sid: - $ref: schemas.yaml#/ServiceSID - entity_sid: - $ref: schemas.yaml#/EntitySID - entity_identity: - type: string - factor_type: - $ref: schemas.yaml#/FactorType - status: - type: string - description: The verification status of the factor. - enum: - - unverified - - verified - - expired - default: unverified - binding: - title: PasskeyBinding - description: The public key credential and metadata of a verified passkey - binding. - $ref: schemas.yaml#/PasskeyFactorBinding - config: - type: object - description: The type-specific factor configuration. - $ref: schemas.yaml#/PasskeyFactorConfig - date_created: - type: string - format: date-time - date_updated: - type: string - format: date-time - required: - - sid - - account_sid - - service_sid - - entity_sid - - entity_identity - - factor_type - - status - - date_created - - date_updated - FactorType: - type: string - description: The type of authentication method enrolled. - enum: - - passkey - default: passkey - PasskeyFactorBinding: - title: PasskeyFactorBinding - type: object - properties: - credential_id: - description: A unique identifier for this credential so that it can be requested - for future authentications. - $ref: schemas.yaml#/Base64UrlString - credential_public_key: - type: string - description: A COSE-encoded public key. This public key will be stored on - the server associated with a user's account and be used for future authentications. - $ref: schemas.yaml#/Base64UrlString - transports: - $ref: schemas.yaml#/TransportTypes - flags: - type: array - items: - type: string - enum: - - user-present - - user-verified - - backup-eligible - - backup-state - - attested-credential-data - - extension-data - description: The most commonly stored authenticator flags. - authenticator_metadata: - type: object - description: 'The [authenticator data](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/Authenticator_data) - structure contains information from the authenticator - - about the processing of a credential creation or authentication request.' - properties: - AAGUID: - type: string - description: The authenticator attestation GUID. - sign_count: - type: integer - description: The signature counter value of the authenticator. - clone_warning: - type: boolean - description: A flag indicating that the authenticator may be cloned. - authenticator_attachment: - $ref: schemas.yaml#/AuthenticatorAttachment - PasskeyFactorConfigRequest: - title: PasskeyFactorConfigRequest - type: object - description: 'The basic information needed to initiate the FIDO2 registration - process. - - This configuration will be used to generate the `PublicKeyCredentialCreationOptions` - in the response.' - properties: - relying_party: - type: object - description: The relying party information. - properties: - id: - type: string - description: The relying party identifier. This should generally be - the origin without a scheme and port. - name: - type: string - description: The relying party name that the authenticator will show - during the registration/authentication process. - origins: - type: array - description: List of Relying Party Server Origins or App IDs that are - permitted. - items: - type: string - authenticator_criteria: - type: object - description: A set of criteria to guide the selection of an eligible authenticator. - properties: - authenticator_attachment: - description: A flag indicating a requirement to attach only to a certain - type of authenticator. - $ref: schemas.yaml#/ExpandedAuthenticatorAttachment - default: any - discoverable_credentials: - $ref: schemas.yaml#/ResidentKey - description: A flag indicating the level of preference for discoverable - credentials. - default: preferred - user_verification: - $ref: schemas.yaml#/UserVerification - default: required - description: Whether user identity verification (via biometrics or PIN) - is required. - required: - - relying_party - PasskeyFactorConfig: - type: object - title: PasskeyFactorConfig - allOf: - - $ref: schemas.yaml#/PasskeyFactorConfigRequest - - title: PasskeyCreationRequest - type: object - properties: - creation_request: - $ref: schemas.yaml#/PublicKeyCredentialCreationOptions - PasskeyFactorPublicKeyCredential: - type: object - title: PasskeyFactorPublicKeyCredential - description: 'The public key credential created by the authenticator, as specified - in - - [PublicKeyCredential](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential).' - properties: - id: - description: A [base64url](https://base64.guru/standards/base64url) encoded - representation of `rawId`. - $ref: schemas.yaml#/Base64UrlString - rawId: - description: The globally unique identifier for this `PublicKeyCredential`. - $ref: schemas.yaml#/Base64UrlString - authenticatorAttachment: - $ref: schemas.yaml#/AuthenticatorAttachment - type: - $ref: schemas.yaml#/PublicKeyType - response: - title: AuthenticatorAttestationResponse - type: object - description: "The result of a WebAuthn credential registration via `navigator.credentials.create()`,\ - \ \nas specified in [AuthenticatorAttestationResponse](https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse)." - properties: - attestationObject: - description: The authenticator data and an attestation statement for - a new key pair generated by the authenticator. - $ref: schemas.yaml#/CBORString - clientDataJSON: - description: This property contains the JSON-compatible serialization - of the data passed from the browser to the authenticator in order - to generate this credential. - $ref: schemas.yaml#/Base64UrlString - transports: - $ref: schemas.yaml#/TransportTypes - required: - - authenticatorAttachment - - response - Challenge: - title: Challenge - type: object - properties: - sid: - $ref: schemas.yaml#/ChallengeSID - account_sid: - $ref: schemas.yaml#/AccountSID - service_sid: - $ref: schemas.yaml#/ServiceSID - factor_sid: - $ref: schemas.yaml#/FactorSID - factor_type: - $ref: schemas.yaml#/FactorType - entity_sid: - $ref: schemas.yaml#/EntitySID - entity_identity: - type: string - status: - type: string - enum: - - pending - - approved - - denied - - expired - details: - type: object - description: The challenge details. - $ref: schemas.yaml#/PublicKeyChallenge - date_created: - type: string - format: date-time - date_updated: - type: string - format: date-time - required: - - sid - - account_sid - - service_sid - - details - - status - - date_created - - date_updated - ChallengePublicKeyCredential: - title: ChallengePublicKeyCredential - type: object - description: 'The result of a WebAuthn authentication via a `navigator.credentials.get()` - request, - - as specified in [AuthenticatorAssertionResponse](https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse).' - properties: - id: - description: A [base64url](https://base64.guru/standards/base64url) encoded - representation of `rawId`. - $ref: schemas.yaml#/Base64UrlString - rawId: - description: The globally unique identifier for this `PublicKeyCredential`. - $ref: schemas.yaml#/Base64UrlString - authenticatorAttachment: - $ref: schemas.yaml#/AuthenticatorAttachment - type: - $ref: schemas.yaml#/PublicKeyType - response: - title: AuthenticatorAssertionResponse - type: object - properties: - authenticatorData: - $ref: schemas.yaml#/CBORString - clientDataJSON: - description: This property contains the JSON-compatible serialization - of the data passed from the browser to the authenticator in order - to generate this credential. - $ref: schemas.yaml#/Base64UrlString - signature: - $ref: schemas.yaml#/Base64UrlString - description: 'An assertion signature over `authenticatorData` and `clientDataJSON`. - - The assertion signature is created with the private key of the key - pair that was created during the originating `navigator.credentials.create()` - call - - and verified using the public key of that same key pair.' - userHandle: - type: string - description: 'The user handle stored in the authenticator, specified - as `user.id` in the options passed to the originating `navigator.credentials.create()` - call. - - This property should contain a base64url-encoded entity SID.' - EntityIdentifier: - allOf: - - type: object - title: EntitySID - properties: - sid: - $ref: schemas.yaml#/EntitySID - additionalProperties: false - - type: object - title: EntityIdentity - properties: - identity: - type: string - display_name: - type: string - additionalProperties: false - AccountSID: - type: string - pattern: ^AC[a-z0-9]{32}$ - minLength: 34 - maxLength: 34 - example: AC74c5d607bf7c41bf909d69b5d70c03cd - ServiceSID: - type: string - pattern: ^VA[a-z0-9]{32}$ - minLength: 34 - maxLength: 34 - example: VA20f25399d74d4be98d68195b72891f55 - EntitySID: - type: string - pattern: ^YE[a-z0-9]{32}$ - minLength: 34 - maxLength: 34 - example: YEfab61d47680244af8ae327ab4312fdb4 - FactorSID: - type: string - pattern: ^YF04[a-z0-9]{30}$ - minLength: 34 - maxLength: 34 - example: YF0494ed3269884a3288098defbc4c276e - ChallengeSID: - type: string - pattern: ^YC04[a-z0-9]{30}$ - minLength: 34 - maxLength: 34 - example: YC04ce7edcef0149a094ad077d4c30f427 - PageSize: - type: integer - description: The number of resources to return in a page. - format: int32 - minimum: 1 - maximum: 100 - default: 50 - PageToken: - type: string - description: The token that identifies the page of resources to fetch. - PaginationMetadata: - title: PaginationMetadata - type: object - description: The metadata associated with the page of resources returned. - properties: - prev: - description: The page token for the previous page of resources. - type: string - next: - description: The page token for the next page of resources. - type: string - self: - description: The page token for the current page of resources. - type: string - AuthenticatorAttachment: - title: AuthenticatorAttachment - description: "A string that indicates the mechanism by which the WebAuthn implementation\ - \ is attached to the authenticator at the time the associated \n`navigator.credentials.create()`\ - \ or `navigator.credentials.get()` call completes." - type: string - enum: - - platform - - cross-platform - ExpandedAuthenticatorAttachment: - title: AuthenticatorAttachment - description: "A string that indicates the mechanism by which the WebAuthn implementation\ - \ is attached to the authenticator at the time the associated \n`navigator.credentials.create()`\ - \ or `navigator.credentials.get()` call completes." - type: string - enum: - - platform - - cross-platform - - any - PublicKeyCredentialCreationOptions: - title: PublicKeyCredentialCreationOptions - description: An instance of a [PublicKeyCredentialCreationOptions](https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#publickey_object_structure) - object that can be passed directly to the `navigator.credentials.create()` - interface of the Webauthn API. - type: object - properties: - rp: - type: object - description: An object describing the relying party that requested the credential - creation. - properties: - id: - type: string - description: The relying party identifier. This should be the origin - without a scheme and port. - name: - type: string - description: The relying party name that the authenticator will show - during the registration/authentication process. - required: - - id - - name - user: - type: object - description: An object describing the user account for which the credential - is generated. - properties: - id: - $ref: schemas.yaml#/Base64UrlString - description: 'The unique ID for the user account. This property will - contain the base64url-encoded entity SID and should not be displayed - to the end user. - - The `user.id` will later be used for authentication via discoverable - credentials, where this same identifier will be passed via the `userHandle` - property.' - name: - type: string - description: A string providing a human-friendly identifier for the - user's account, to help distinguish between different accounts with - similar `displayName`s. - displayName: - type: string - description: A string providing a human-friendly user display name. - required: - - id - - name - - displayName - challenge: - $ref: schemas.yaml#/Base64UrlString - description: 'A string generated as a cryptographic challenge, to be signed - by the authenticator and sent back as part of the registration process. - - This will contain a base64url-encoded challenge SID.' - pubKeyCredParams: - type: array - description: An array of objects which specify the key types and signature - algorithms the relying party supports, ordered from most preferred to - least preferred. - items: - type: object - properties: - type: - $ref: schemas.yaml#/PublicKeyType - alg: - $ref: schemas.yaml#/PublicKeyAlgorithm - required: - - type - - alg - timeout: - type: integer - description: A numerical hint, in milliseconds, which indicates the time - the calling app is willing to wait for the creation operation to complete. - format: int64 - excludeCredentials: - type: array - description: 'An array of objects describing existing credentials that are - already mapped - - to this user account (as identified by `user.id`).' - items: - type: object - properties: - type: - $ref: schemas.yaml#/PublicKeyType - id: - type: string - transports: - $ref: schemas.yaml#/TransportTypes - required: - - type - - id - authenticatorSelection: - type: object - description: An object whose properties are criteria used to filter out - the potential authenticators for the credential creation operation. - properties: - authenticatorAttachment: - $ref: schemas.yaml#/AuthenticatorAttachment - requireResidentKey: - type: boolean - description: A flag indicating that the authenticator must support the - resident key requirement. - residentKey: - $ref: schemas.yaml#/ResidentKey - userVerification: - $ref: schemas.yaml#/UserVerification - attestation: - description: 'A string specifying the relying party''s preference for how - the attestation statement - - (i.e., provision of verifiable evidence of the authenticity of the authenticator - and its data) is conveyed during credential creation. - - - Attestation is not supported in the current version of the API.' - type: string - enum: - - none - required: - - challenge - - pubKeyCredParams - - rp - - user - PublicKeyAlgorithm: - title: PublicKeyAlgorithm - description: "The algorithm used to generate the public key, \nrepresented as\ - \ a [COSE Algorithm Identifier](https://www.iana.org/assignments/cose/cose.xhtml#algorithms).\n\ - \n`-8`: Ed25519\n`-7`: ES256\n`-257`: RS256" - type: integer - enum: - - -8 - - -7 - - -257 - PublicKeyCredential: - type: object - title: PublicKeyCredential - description: 'The public key credential created by the authenticator, as specified - in - - [PublicKeyCredential](https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential).' - properties: - id: - description: A [base64url](https://base64.guru/standards/base64url) encoded - representation of `rawId`. - $ref: schemas.yaml#/Base64UrlString - rawId: - description: The globally unique identifier for this `PublicKeyCredential`. - $ref: schemas.yaml#/Base64UrlString - authenticatorAttachment: - $ref: schemas.yaml#/AuthenticatorAttachment - type: - $ref: schemas.yaml#/PublicKeyType - required: - - id - - rawId - - authenticatorAttachment - PublicKeyType: - title: PublicKeyType - description: 'The valid credential types supported by the API. - - The values of this enumeration are used for versioning the `AuthenticatorAssertion` - and `AuthenticatorAttestation` structures according to the type of the authenticator.' - type: string - enum: - - public-key - default: public-key - UserVerification: - title: UserVerification - description: 'A string that specifies the extent to which the relying party - desires to authenticate the user to the client, - - and the extent to which the client should request that the user be authenticated.' - type: string - enum: - - required - - preferred - - discouraged - TransportTypes: - title: TransportTypes - description: "An array of strings providing hints as to the methods the client\ - \ could use to communicate with the relevant \nauthenticator of the public\ - \ key credential to retrieve." - type: array - items: - type: string - enum: - - usb - - nfc - - ble - - smart-card - - internal - - hybrid - ResidentKey: - title: ResidentKey - description: A string that specifies the extent to which the relying party desires - to create a client-side discoverable credential. - type: string - enum: - - required - - preferred - - discouraged - PublicKeyChallenge: - title: PublicKeyChallenge - type: object - properties: - publicKey: - type: object - properties: - challenge: - description: 'A cryptographic challenge created by the replying party - server. - - This value must be signed by the authenticator as part of the challenge - verification flow.' - type: string - rpId: - description: The relying party identifier. If omitted, it will default - to the current origin's domain. - type: string - allowCredentials: - $ref: schemas.yaml#/AllowCredentials - timeout: - type: integer - format: int64 - description: The time in milliseconds that the challenge is valid for. - userVerification: - $ref: schemas.yaml#/UserVerification - default: preferred - extensions: - type: object - description: "An object containing properties representing the input\ - \ values for any requested [Webauthn extensions](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions).\ - \ \nThese extensions are used to specific additional processing by\ - \ the client or authenticator during the authentication process." - additionalProperties: true - required: - - challenge - AllowCredentials: - type: array - description: 'An array of objects defining a restricted list of the acceptable - credentials for retrieval. - - - If `allowCredentials` is omitted, it will default to an empty array, meaning - that any credential is potentially acceptable for retrieval without the relying - party first providing an ID. - - An empty array enables the use of discoverable credentials on the client.' - items: - type: object - properties: - id: - description: The ID of the public key credential to retrieve. This value - is mirrored by the `rawId` property of the `PublicKeyCredential` object - $ref: schemas.yaml#/Base64UrlString - type: - $ref: schemas.yaml#/PublicKeyType - transports: - $ref: schemas.yaml#/TransportTypes - Base64UrlString: - title: Base64UrlString - type: string - description: A [base64url](https://base64.guru/standards/base64url)-encoded - string. - additionalProperties: false - CBORString: - title: CBORString - type: string - description: "A CBOR-encoded string, in \n[CTAP2 canonical CBOR encoding form](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#ctap2-canonical-cbor-encoding-form)." - additionalProperties: false