WebAuthnAuthenticationService
Component Detail
Description
Implements the WebAuthn authentication ceremony. Fetches an assertion challenge from the backend, resolves stored credential IDs, invokes the platform authenticator, and submits the signed assertion for verification. Returns a session token on success.
webauthn-authentication-service
Sources & reasoning
Passkeys are not explicitly mentioned in the source documentation. The feature is required by the authoritative blueprint which assigns it to Authentication & Access Control at v1.1. Target release v1.1 follows the blueprint's phase assignment; no earlier phase evidence exists in the source doc, and the feature is clearly post-BankID/Vipps (Fase 2) in any logical delivery sequence.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Request authentication challenge from backend API
- Resolve allowed credential descriptors from local repository
- Call platform navigator.credentials.get() or equivalent native API
- POST signed assertion to backend for cryptographic verification
- Return authenticated session or propagate verification errors
Interfaces
beginAuthentication(rpId: string): Promise<AuthenticationResult>
submitAssertion(assertion: AssertionResponse): Promise<SessionToken>
hasAvailableCredentials(rpId: string): Promise<boolean>