Fido 2
The TIDMA_FIDO2 table holds the specific attributes of FIDO2 credentials.
The table is an extension of the TIDMA_CREDENTIAL base table in All credentials, which lists attributes that are valid for all credentials.
Database table TIDMA_FIDO2
| DB attribute | Java data type(max. size), defaults | Description |
|---|---|---|
| credential_id | Long, not NULL | Primary key (uniquely identifies each individual credential). Foreign key that links to information in the table TIDMA_CREDENTIAL. |
| aaguid | String(128), not NULL | A 128-bit identifier indicating the type (e.g. make and model) of the authenticator |
| attestation_preference | Enum: AttestationConveyancePreference { DIRECT, INDIRECT, NONE, ENTERPRISE } | The server’s preference on how it would like to verify the attestations of the authenticators. |
| authenticator_attachment | Enum: AuthenticatorAttachment { PLATFORM, CROSSPLATFORM } | Defines how the authenticator is accessed by the WebAuthn client, i.e. where the authenticator is at. |
| authenticator | String(65535), not NULL | CBOR serialized authenticator object |
| fido2_credential_id | String(255), not NULL | The hashed and encoded FIDO2 credential ID of the credential. |
| relying_party_id | String(255), not NULL | relyingPartyId |
| resident_key_requirement | Enum: ResidentKey { REQUIRED, DISCOURAGED } | Whether the server is willing to accept residental keys (i.e. whether storing the webauthn private key encrypted on the server side is okay or not) |
| user_agent | String(255), not NULL | User agent used by the AuthCloud team, no FIDO2 relation |
| user_friendly_name | String(1000), not NULL | Human readable name for the credential |
| user_verification_requirement | Enum: UserVerification { REQUIRED, PREFERRED, DISCOURAGED } | The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows). |