Package io.quarkus.security.webauthn

Interface WebAuthnUserProvider

public interface WebAuthnUserProvider
Implement this interface in order to tell Quarkus WebAuthn how to look up WebAuthn credentials, store new credentials, or update the credentials' counter, as well as what roles those credentials map to.

  • Method Details

    • findByUsername

      io.smallrye.mutiny.Uni<List<WebAuthnCredentialRecord>> findByUsername(String username)
      Look up a WebAuthn credential by username. This should return an empty list Uni if the user name is not found.
      Parameters:
      username - the username
      Returns:
      a list of credentials for this username, or an empty list if there are no credentials or if the user name is not found.

    • findByCredentialId

      io.smallrye.mutiny.Uni<WebAuthnCredentialRecord> findByCredentialId(String credentialId)
      Look up a WebAuthn credential by credential ID, this should return an exception Uni rather than return a null-item Uni in case the credential is not found.
      Parameters:
      credentialId - the credential ID
      Returns:
      a credentials for this credential ID.

    • update

      default io.smallrye.mutiny.Uni<Void> update(String credentialId, long counter)
      Update an existing WebAuthn credential's counter. This is only used by the default login endpoint, which is disabled by default and can be enabled via the quarkus.webauthn.enable-login-endpoint. You don't have to implement this method if you handle logins manually via WebAuthnSecurity.login(WebAuthnLoginResponse, io.vertx.ext.web.RoutingContext). The default behaviour is to not do anything.
      Parameters:
      credentialId - the credential ID
      Returns:
      a uni completion object

    • store

      default io.smallrye.mutiny.Uni<Void> store(WebAuthnCredentialRecord credentialRecord)
      Store a new WebAuthn credential. This is only used by the default registration endpoint, which is disabled by default and can be enabled via the quarkus.webauthn.enable-registration-endpoint. You don't have to implement this method if you handle registration manually via
      invalid reference 
      WebAuthnSecurity#register(WebAuthnRegisterResponse, io.vertx.ext.web.RoutingContext)
      Make sure that you never allow creating new credentials for a `username` that already exists. Otherwise you risk allowing third-parties to impersonate existing users by letting them add their own credentials to existing accounts. If you want to allow existing users to register more than one WebAuthn credential, you must make sure that the user is currently logged in under the same username to which you want to add new credentials. In every other case, make sure to return a failed Uni from this method. The default behaviour is to not do anything.
      Parameters:
      credentialRecord - the new credentials to store
      Returns:
      a uni completion object
      Throws:
      Exception - a failed Uni if the credentialId already exists, or the username already has a credential and you disallow having more, or if trying to add credentials to other users than the current user.

    • getRoles

      default Set<String> getRoles(String username)
      Returns the set of roles for the given username
      Parameters:
      username - the username
      Returns:
      the set of roles (defaults to an empty set)