@firebase-web-authn/server
v10.4.2
Published
A Firebase Extension for authentication with WebAuthn passkeys.
Downloads
68
Readme
@firebase-web-authn/server
A Firebase Extension for authentication with WebAuthn passkeys.
This package contains six tree-shakeable async methods for using FirebaseWebAuthn in a secure context.
Demo: https://firebase-web-authn.dev
Methods
credentials: (uid: string, app?: App) => Promise<{ [key in WebAuthnUserCredentialFactor]: WebAuthnUserCredential | null }>;
lastCredentialUsed: (uid: string, app?: App) => Promise<WebAuthnUserCredentialFactor | null>;
lastPresent: (uid: string, app?: App) => Promise<Timestamp | null>;
lastVerified: (uid: string, app?: App) => Promise<Timestamp | null>;
lastWebAuthnProcess: (uid: string, app?: App) => Promise<WebAuthnProcess | null>;
webAuthnUserDocument: (uid: string, app?: App) => Promise<WebAuthnUserDocument | null>;
Designed to be used within Firebase Functions or another secure context with access to Firestore to check users' status with FirebaseWebAuthn:
import { getApps, initializeApp } from "firebase-admin/app";
import { lastVerified } from "@firebase-web-authn/server";
getApps().length === 0 && initializeApp();
// If the user was verified within the past 30 seconds, proceed. Otherwise, ask for reverification:
(await lastVerified(user.uid))?.seconds > (Date.now() / 1000) - 30 ?
proceed() :
askForReverification();
If your check involves multiple pieces of data from WebAuthnUserDocument
, use the webAuthnUserDocument
method to reduce Firestore calls:
// If the user was verified with their first-factor credential within the past 30 seconds, proceed. Otherwise, ask for reverification:
(await webAuthnUserDocument(user.uid).then<boolean>(
(webAuthnUserDocument: WebAuthnUserDocument): boolean => webAuthnUserDocument.lastVerified?.seconds > (Date.now() / 1000) - 30 && webAuthnUserDocument.lastCredentialUsed === "first",
)) ?
proceed() :
askForReverification();