/** * WebAuthn / Passkeys Handler * * P1 - Modern passwordless authentication * * Supports: * - WebAuthn registration (credential creation) * - WebAuthn authentication (assertion) * - Passkeys (platform and cross-device) * - Credential ID storage and lookup * * @see https://w3c.github.io/webauthn/ */ export interface WebAuthnConfig { /** Relying Party ID (usually the domain) */ rpId: string; /** Relying Party name (app name) */ rpName: string; /** Relying Party origin */ origin?: string; /** User verification requirement */ userVerification?: 'required' | 'preferred' | 'discouraged'; /** Attestation preference */ attestation?: 'none' | 'indirect' | 'direct'; /** Require resident key (passkey) */ requireResidentKey?: boolean; } export interface WebAuthnUser { /** User ID (binary) */ id: ArrayBuffer; /** Username */ name: string; /** Display name */ displayName: string; /** Optional icon */ icon?: string; } export interface WebAuthnCredential { /** Credential ID */ id: string; /** Public key */ publicKey: string; /** Sign counter */ counter: number; /** User handle */ userHandle?: string; /** Credential type */ type: 'public-key'; /** Transport hints */ transports?: AuthenticatorTransport[]; } export interface RegistrationResult { success: boolean; credential?: WebAuthnCredential; error?: string; } export interface AuthenticationResult { success: boolean; credentialId?: string; userHandle?: string; error?: string; } /** * Types for WebAuthn API */ export interface PublicKeyCredentialCreationOptionsJSON { challenge: string; rp: { id: string; name: string; }; user: { id: string; name: string; displayName: string; icon?: string; }; pubKeyCredParams: { type: string; alg: number; }[]; excludeCredentials?: { id: string; type: string; }[]; authenticatorSelection?: { authenticatorAttachment?: 'platform' | 'cross-platform'; requireResidentKey?: boolean; userVerification?: 'required' | 'preferred' | 'discouraged'; }; attestation?: 'none' | 'indirect' | 'direct'; timeout?: number; } export interface PublicKeyCredentialRequestOptionsJSON { challenge: string; rpId?: string; allowCredentials?: { id: string; type: string; }[]; userVerification?: 'required' | 'preferred' | 'discouraged'; timeout?: number; } /** * WebAuthn Handler class */ export declare class WebAuthnHandler { private config; private credentials; constructor(config: WebAuthnConfig); /** * Generate a random challenge for WebAuthn */ generateChallenge(): string; /** * Create registration options for WebAuthn navigator.credentials.create() */ createRegistrationOptions(user: WebAuthnUser, excludeCredentials?: string[]): PublicKeyCredentialCreationOptionsJSON; /** * Parse registration response from navigator.credentials.create() */ parseRegistration(response: any): Promise; /** * Create authentication options for WebAuthn navigator.credentials.get() */ createAuthenticationOptions(allowedCredentials?: string[]): PublicKeyCredentialRequestOptionsJSON; /** * Parse authentication response from navigator.credentials.get() */ parseAuthentication(response: any): Promise; /** * Get stored credential by ID */ getCredential(credentialId: string): WebAuthnCredential | undefined; /** * Get all stored credentials for a user */ getCredentials(): WebAuthnCredential[]; /** * Check if WebAuthn is supported in current browser */ isSupported(): boolean; /** * Check if platform authenticator is available */ isPlatformAvailable(): Promise; /** * Check if conditional mediation (autofill) is supported */ isConditionalMediationSupported(): boolean; /** * Store credential externally */ storeCredential(credential: WebAuthnCredential): void; /** * Remove credential */ removeCredential(credentialId: string): boolean; /** * Clear all credentials */ clearCredentials(): void; /** * Helper: Convert ArrayBuffer to Base64 */ private bufferToBase64; /** * Helper: Convert Base64 to Uint8Array */ private base64ToBuffer; /** * Helper to extract public key from attestation object * This is a simplified version - full CBOR parsing would be more complex */ private extractPublicKeyFromAttestation; private decoder; } /** * Factory function to create WebAuthn handler */ export declare function createWebAuthnHandler(config: WebAuthnConfig): WebAuthnHandler; export default WebAuthnHandler;