All Classes and Interfaces
Class
Description
Verifies the assertion signature in
AuthenticationData based on COSEKeyAssertion utility class that assists in validating arguments.
The supported attachment hint type(s).
WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference
regarding attestation conveyance during credential generation.
The attestation object contains both authenticator data and an attestation statement.
Converter for
AttestationObjectAttestation metadata.certs container
Verifies the specified
AttestationStatementAttested credential data is a variable-length byte array added to the authenticator data when
generating an attestation object for a given credential.
A converter class that handles conversion operations for WebAuthn Attested Credential Data.
The supported authentication algorithm(s).
WebAuthn authentication data
AuthenticationExtensionsAuthenticatorInputs containing the authenticator extension input values for
zero or more WebAuthn extensions, as defined in §9 WebAuthn Extensions.Internal envelope class for
AuthenticationExtensionsAuthenticatorOutputs deserializationJackson Serializer for
AuthenticationExtensionsAuthenticatorOutputsEnvelopeAuthenticationExtensionsClientInputs is a map containing the client extension input values for
zero or more WebAuthn extensions, as defined in §9 WebAuthn Extensions.Converter for
AuthenticationExtensionsClientInputs
This class provides functionality to convert between AuthenticationExtensionsClientInputs objects and their JSON string
representation for WebAuthn extensions processing.Map containing the client extension output values for zero or more WebAuthn
extensions, as defined in §9 WebAuthn Extensions.
Converter for
AuthenticationExtensionsClientOutputs
This class provides functionality to convert between AuthenticationExtensionsClientOutputs objects and their JSON string
representation for WebAuthn extensions processing.Internal data transfer object for authentication data
WebAuthn authentication parameters
Data class that represents WebAuthn authentication request data
Deprecated.
The AuthenticatorAssertionResponse represents an authenticator's response to a
client’s request for generation of a new authentication assertion given the WebAuthn
Relying Party's challenge and OPTIONAL list of credentials it is aware of.
This enumeration’s values describe authenticators' attachment modalities.
The
AuthenticatorAttestationResponse represents the authenticator's response to a client’s request
for the creation of a new public key credential.The supported attestation type(s).
The authenticator data structure encodes contextual bindings made by the authenticator.
Converter for
AuthenticatorData
This class provides functionality to convert between AuthenticatorData objects and their binary representation
for WebAuthn processing.Jackson Deserializer for
AuthenticatorDataJackson Serializer for
AuthenticatorDataDeprecated.
AuthenticatorImpl is deprecated since WebAuthn Level3 added new fields to the credential record.Authenticators respond to Relying Party requests by returning an object derived from the AuthenticatorResponse.
WebAuthn Relying Parties may use the AuthenticatorSelectionCriteria to specify their
requirements regarding authenticator attributes.
Authenticators may implement various transports for communicating with clients.
Converter for
AuthenticatorTransport
This class provides functionality to convert between AuthenticatorTransport objects and their string
representation for WebAuthn processing.Thrown if bad aaguid is detected
Thrown if bad algorithm is specified
Thrown if bad attestation statement is specified
Thrown if bad challenge is detected
Thrown if bad origin is specified
Thrown if bad rpId is specified
Thrown if bad signature is specified
A Utility class for base64url manipulation
A Utility class for base64 manipulation
Per field checker utility class
A utility class for CBOR serialization/deserialization
Thrown if certificate problems happen
A Utility class for certificate manipulation
Jackson Deserializer for
CertPathJackson Serializer for
CertPathVerifies the specified
AttestationStatement x5c trustworthinessJackson Deserializer for
ChallengeJackson Serializer for
ChallengeVerifies the specified
ChallengeThe client data represents the contextual bindings of both the WebAuthn Relying Party and the client.
Converter for
CollectedClientDataThrown if the value violates constraints
Core authentication data
This class is a subset of
AuthenticationData containing only the core authentication data fieldsInternal data transfer object for authentication data
Deprecated.
CoreAuthenticator is deprecated since WebAuthn Level3 added new fields to the credential record.Deprecated.
CoreAuthenticatorImpl is deprecated since WebAuthn Level3 added new fields to the credential record.Core interface that represents FIDO CTAP2 credential record (Passkey credential record without ClientData).
Implementation of the
CoreCredentialRecord interface representing a FIDO CTAP2 credential record.strategy interface to handle malicious counter value detection during authentication.
Core registration data
This class is a subset of
RegistrationData containing only the core registration data fieldsCore data transfer object that represents basic relying party server properties
Internal envelope class for
COSEKey deserializationJackson Deserializer for
COSEKeyEnvelopeCore interface that represents Passkey(WebAuthn) credential record
Implementation of the
CredentialRecord interface representing a WebAuthn (Passkey) credential record.Handler interface to verify authentication with custom logic
Handler interface to verify authentication with custom logic
Handler interface to verify registration with custom logic
Handler interface to verify registration with custom logic
Default implementation of
SelfAttestationTrustworthinessVerifierA Utility class for Elliptic Curve(EC) manipulation
Verifies the specified
AttestationStatement is a valid FIDO-U2F attestationThrown if inconsistent type is specified for client data
A utility class for JSON serialization/deserialization
Jackson Deserializer for
JWSJackson Serializer for
JWSThrown if an invalid TPM key description is detected
The supported key protection type(s).
Thrown if it fails to load certificate from
KeyStoreLoad
TrustAnchors from KeyStore.A Utility class for Message Authentication Code(MAC) manipulation
Thrown if the counter value is lower than expected value
Strategy interface to handle malicious counter value during authentication.
The supported matcher protection type(s).
A Utility class for MessageDigest
Thrown if challenge doesn't exist in the session
Verifies the specified
AttestationStatement is a none attestationThrown if the execution falls into not implemented block
Null verifier that bypass x5c trustworthiness check
Null verifier for
FIDOU2FAttestationStatementNull verifier for
PackedAttestationStatementNull verifier that bypass self attestation rule check
A set of object converter classes
Origin contains the fully qualified origin of the requester, as provided to the authenticator
by the client.Jackson Serializer for
OriginHandler interface to verify the given
Origin instance.Verifies the specified
AttestationStatement is a valid packed attestationThe PublicKeyCredential interface contains the attributes that are returned to the caller
when a new credential is created, or a new assertion is requested.
Options for Credential Creation
PublicKeyCredentialDescriptor contains the attributes that are specified by a caller when referring to
a public key credential as an input parameter to the create() or get() methods.The PublicKeyCredentialEntity describes a user account, or a WebAuthn Relying Party,
which a public key credential is associated with or scoped to, respectively.
PublicKeyCredentialParameters is used to supply additional parameters when creating a new credential.PublicKeyCredentialRequestOptions supplies get() with the data it needs to
generate an assertion.PublicKeyCredentialRpEntity is used to supply additional Relying Party attributes
when creating a new credential.PublicKeyCredentialType defines the valid credential types.PublicKeyCredentialUserEntity is used to supply additional user account attributes
when creating a new credential.Thrown if the public key in the first certificate in x5c doesn't matches the credentialPublicKey in the attestedCredentialData
The supported publik key representation format(s).
WebAuthn registration data
Internal data transfer object for registration data
WebAuthn registration parameters
Data class that represents WebAuthn registration request data
This enumeration’s values describe the Relying Party's requirements for client-side discoverable credentials (formerly known as resident credentials or resident keys)
Verifies the specified rpIdHash
Thrown if self attestation is specified while prohibited
Verifies the specified
AttestationStatement trustworthiness based on self-attestation ruleData transfer object that represents relying party server property for verifiers
A Utility class for signature calculation
TokenBinding contains information about the state of the Token Binding protocol
used when communicating with the Relying Party.Thrown if tokenBinding error happen
TokenBindingStatus is one of the following:
supported
present
Deprecated.
While Token Binding was present in Level 1 and Level 2 of WebAuthn, its use is not expected in Level 3.
Jackson Deserializer for
TPMSAttestJackson Serializer for
TPMSAttestJackson Deserializer for
TPMTPublicJackson Serializer for
TPMTPublicThe supported transaction confirmation display type(s).
Thrown if no trust anchor chained to the attestation certificate is found
Repository interface that look up
TrustAnchor(s)
WebAuthn4J uses this interface to lookup TrustAnchor(s) for an attestation certificate when verifying the authenticator.Thrown if unexpected checked exception is thrown
Thrown if unexpected extension is contained
A Utility class for unsigned number
Thrown if user is to be present but not present
Thrown if user is to be verified but not verified
The supported user verification method(s).
A WebAuthn Relying Party may require user verification for some of its operations but not for
others, and may use this type to express its needs.
An abstract exception for verification violation
Manager class for WebAuthn authentication operations.
Jackson Module for WebAuthn CBOR data structures
Jackson Module for WebAuthn JSON data structures
Manager class for WebAuthn operations.
Manager class for WebAuthn registration operations.
Jackson Deserializer for
X509CertificateJackson Deserializer for
X509CertificateJackson Serializer for
X509CertificateJackson Serializer for
X509Certificate
Authenticatoris deprecated since WebAuthn Level3 added new fields to the credential record.