PasskeyCredentialRepository
Component Detail
Description
Persists passkey credential metadata (credential ID, RP ID, user handle, display name, creation timestamp) in local secure storage. Provides CRUD access for the credential manager and authentication service without storing private key material, which remains in the platform authenticator.
passkey-credential-repository
Sources & reasoning
Passkeys are not explicitly mentioned in the source documentation. The feature is required by the authoritative blueprint which assigns it to Authentication & Access Control at v1.1. Target release v1.1 follows the blueprint's phase assignment; no earlier phase evidence exists in the source doc, and the feature is clearly post-BankID/Vipps (Fase 2) in any logical delivery sequence.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Save credential descriptor after successful registration
- Retrieve all credentials filtered by RP ID
- Delete credential by ID on user request or backend revocation
- Persist user-assigned nicknames and last-used timestamps
- Enforce secure storage (Keychain / EncryptedSharedPreferences / IndexedDB)
Interfaces
save(credential: PasskeyCredential): Promise<void>
findByRpId(rpId: string): Promise<PasskeyCredential[]>
delete(credentialId: string): Promise<void>
updateNickname(credentialId: string, nickname: string): Promise<void>