@liam-public/node-webauthn
v0.1.1
Published
Server-side passkey (WebAuthn) ceremony service over @simplewebauthn/server, with a storage-agnostic CredentialStore — the back half of base-CMS passwordless auth.
Readme
@liam-public/node-webauthn
Server-side passkey (WebAuthn) ceremony service — the back half of the base CMS's passwordless
auth. Wraps @simplewebauthn/server and stays storage-agnostic via a CredentialStore you
implement over your DB, so it drops into node-auth-server (or any backend).
Exports
createWebAuthnService({ rpName, rpID, origin, store })→{ startRegistration, finishRegistration, startAuthentication, finishAuthentication }.CredentialStore— implementlistByUser/getById/add/updateCounterover your DB.
Flow
The caller persists the per-ceremony challenge from the options (against the user/session) and
passes it back as expectedChallenge on finish:
const webauthn = createWebAuthnService({ rpName: 'Newsfeed CMS', rpID: 'example.com', origin: 'https://cms.example.com', store })
// POST /auth/passkey/register/options
const options = await webauthn.startRegistration({ id: user.id, name: user.email })
await saveChallenge(user.id, options.challenge)
return options
// POST /auth/passkey/register/verify
const { verified } = await webauthn.finishRegistration({ id: user.id, name: user.email }, req.body, await loadChallenge(user.id))
// POST /auth/passkey/login/verify (passwordless)
const { verification, userId } = await webauthn.finishAuthentication(req.body, await loadChallenge(sessionId))
if (verification.verified) issueSession(userId)Pairs with @liam-public/browser-webauthn on the client. Built on @simplewebauthn/server.
