Abstract Abstract accountsThe accounts that have been registered with the SDK.
Abstract authenticatorsThe available authenticators.
Note that this may also include authenticators that cannot be used to complete the operation.
All the available authenticators are returned so that the users of the SDK can figure out not only whether an account authenticator can be used for the operation, but also why. For example, a developer would like to give a visual hint explaining why the Fingerprint authenticator for a given user cannot be used during authentication if it is not registered: by using Authenticator.registration this situation can be identified.
The following snippet can be used to identify whether the authenticator can be used or not with a given account (identified by its username):
_isValid(
authenticator: Authenticator,
username: string,
context: AccountSelectionContext,
): boolean {
let registration: Registration = authenticator.registration;
// This method will filter the authenticators that are no supported
// by the hardware, those not registered, and those that are compliant
// with the server policy.
return registration.isRegistered(username) &&
authenticator.isSupportedByHardware &&
context.isPolicyCompliant(authenticator.aaid);
}
Returns all the available authenticators.
Optional Abstract transactionThe transaction confirmation data, if any, to be presented to the user for verification.
If this data is present, data must be presented to the user before authenticating.
Basic implementation layout:
void selectAuthenticator(
context: AuthenticatorSelectionContext,
handler: AuthenticatorSelectionHandler,
) {
if (context.transactionConfirmationData != null) {
showTransactionMessage(context.transactionConfirmationData!,
(userConfirmed) => {
if (userConfirmed) {
selectAuthenticator(context, handler);
}
else {
// Cancel the operation if the transaction was rejected
handler.cancel();
}
});
} else {
// No transaction confirmation,
// just proceed to authenticator selection
selectAuthenticator(context, handler);
}
}
void _showTransactionMessage(transactionConfirmationData: string,
Handler<boolean> confirmationHandler) {
// Display the transaction confirmation data and ask the user to
// confirm it. Then invoke confirmationHandler with the result of
// the confirmation:
// confirmationHandler.accept(confirmation);
}
Note that in the case of registration or authentication not involving transaction confirmation, this is typically empty and thus, it does not require handling.
The contents are the base64 URL decoded contents of the Transaction as described in the FIDO UAF specification.
Abstract isReturns whether the specified account with the provided authenticator is compliant with the policy of the server.
If a username without an authenticator that is policy compliant is provided through AccountSelectionHandler.username, a FidoErrorCode with FidoErrorCodeType.NoSuitableAuthenticator will be returned as a result of the operation.
To know if a given account has at least one policy compliant authenticator, the following code can be used:
async hasPolicyCompliantAuthenticator(accountUsername: string): boolean {
authenticators.forEach((authenticator) {
if (await isPolicyCompliant(authenticator.aaid, accountUsername)) {
return true;
}
});
return false;
}
the AAID of the Authenticator.
the username of the account.
true if the authenticator is compliant with the policy, and false otherwise.
Static fromAlternate constructor that creates AccountSelectionContext from a json.
contains the source for instance creation.
the created AccountSelectionContext instance.
Generated using TypeDoc
The service returning the information required to choose the account to be used.
It returns all the available accounts and authenticators and also informs whether a given authenticator is compliant with the policy required by the FIDO UAF server for the ongoing operation.
See
AccountSelector.selectAccount