 |
Moodle PHP Documentation 4.3
Moodle 4.3.5 (Build: 20240610) (7dcfaa79f78)
|
|
Moodle PHP Documentation 4.3
Moodle 4.3.5 (Build: 20240610) (7dcfaa79f78)
|
Public Member Functions | |
| __construct ($rpName, $rpId, $allowedFormats=null, $useBase64UrlEncoding=false) | |
| Initialize a new WebAuthn server. | |
| addRootCertificates ($path, $certFileExtensions=null) | |
| add a root certificate to verify new registrations | |
| getChallenge () | |
| Returns the generated challenge to save for later validation. | |
| getCreateArgs ($userId, $userName, $userDisplayName, $timeout=20, $requireResidentKey=false, $requireUserVerification=false, $crossPlatformAttachment=null, $excludeCredentialIds=array()) | |
| generates the object for a key registration provide this data to navigator.credentials.create | |
| getGetArgs ($credentialIds=array(), $timeout=20, $allowUsb=true, $allowNfc=true, $allowBle=true, $allowHybrid=true, $allowInternal=true, $requireUserVerification=false) | |
| generates the object for key validation Provide this data to navigator.credentials.get | |
| getSignatureCounter () | |
| returns the new signature counter value. | |
| processCreate ($clientDataJSON, $attestationObject, $challenge, $requireUserVerification=false, $requireUserPresent=true, $failIfRootMismatch=true, $requireCtsProfileMatch=true) | |
| process a create request and returns data to save for future logins | |
| processGet ($clientDataJSON, $authenticatorData, $signature, $credentialPublicKey, $challenge, $prevSignatureCnt=null, $requireUserVerification=false, $requireUserPresent=true) | |
| process a get request | |
| queryFidoMetaDataService ($certFolder, $deleteCerts=true) | |
| Downloads root certificates from FIDO Alliance Metadata Service (MDS) to a specific folder https://fidoalliance.org/metadata/. | |
| lbuchs\WebAuthn\WebAuthn::__construct | ( | $rpName, | |
| $rpId, | |||
| $allowedFormats = null, | |||
| $useBase64UrlEncoding = false ) |
Initialize a new WebAuthn server.
| string | $rpName | the relying party name |
| string | $rpId | the relying party ID = the domain name |
| bool | $useBase64UrlEncoding | true to use base64 url encoding for binary data in json objects. Default is a RFC 1342-Like serialized string. |
| WebAuthnException |
| lbuchs\WebAuthn\WebAuthn::addRootCertificates | ( | $path, | |
| $certFileExtensions = null ) |
add a root certificate to verify new registrations
| string | $path | file path of / directory with root certificates |
| array | null | $certFileExtensions | if adding a direction, all files with provided extension are added. default: pem, crt, cer, der |
| lbuchs\WebAuthn\WebAuthn::getChallenge | ( | ) |
Returns the generated challenge to save for later validation.
| ByteBuffer |
| lbuchs\WebAuthn\WebAuthn::getCreateArgs | ( | $userId, | |
| $userName, | |||
| $userDisplayName, | |||
| $timeout = 20, | |||
| $requireResidentKey = false, | |||
| $requireUserVerification = false, | |||
| $crossPlatformAttachment = null, | |||
| $excludeCredentialIds = array() ) |
generates the object for a key registration provide this data to navigator.credentials.create
| string | $userId | |
| string | $userName | |
| string | $userDisplayName | |
| int | $timeout | timeout in seconds |
| bool | string | $requireResidentKey | 'required', if the key should be stored by the authentication device Valid values: true = required false = preferred string 'required' 'preferred' 'discouraged' |
| bool | string | $requireUserVerification | indicates that you require user verification and will fail the operation if the response does not have the UV flag set. Valid values: true = required false = preferred string 'required' 'preferred' 'discouraged' |
| bool | null | $crossPlatformAttachment | true for cross-platform devices (eg. fido usb), false for platform devices (eg. windows hello, android safetynet), null for both |
| array | $excludeCredentialIds | a array of ids, which are already registered, to prevent re-registration |
| stdClass |
| lbuchs\WebAuthn\WebAuthn::getGetArgs | ( | $credentialIds = array(), | |
| $timeout = 20, | |||
| $allowUsb = true, | |||
| $allowNfc = true, | |||
| $allowBle = true, | |||
| $allowHybrid = true, | |||
| $allowInternal = true, | |||
| $requireUserVerification = false ) |
generates the object for key validation Provide this data to navigator.credentials.get
| array | $credentialIds | binary |
| int | $timeout | timeout in seconds |
| bool | $allowUsb | allow removable USB |
| bool | $allowNfc | allow Near Field Communication (NFC) |
| bool | $allowBle | allow Bluetooth |
| bool | $allowHybrid | allow a combination of (often separate) data-transport and proximity mechanisms. |
| bool | $allowInternal | allow client device-specific transport. These authenticators are not removable from the client device. |
| bool | string | $requireUserVerification | indicates that you require user verification and will fail the operation if the response does not have the UV flag set. Valid values: true = required false = preferred string 'required' 'preferred' 'discouraged' |
| stdClass |
| lbuchs\WebAuthn\WebAuthn::getSignatureCounter | ( | ) |
returns the new signature counter value.
returns null if there is no counter
| ?int |
| lbuchs\WebAuthn\WebAuthn::processCreate | ( | $clientDataJSON, | |
| $attestationObject, | |||
| $challenge, | |||
| $requireUserVerification = false, | |||
| $requireUserPresent = true, | |||
| $failIfRootMismatch = true, | |||
| $requireCtsProfileMatch = true ) |
process a create request and returns data to save for future logins
| string | $clientDataJSON | binary from browser |
| string | $attestationObject | binary from browser |
| string | ByteBuffer | $challenge | binary used challange |
| bool | $requireUserVerification | true, if the device must verify user (e.g. by biometric data or pin) |
| bool | $requireUserPresent | false, if the device must NOT check user presence (e.g. by pressing a button) |
| bool | $failIfRootMismatch | false, if there should be no error thrown if root certificate doesn't match |
| bool | $requireCtsProfileMatch | false, if you don't want to check if the device is approved as a Google-certified Android device. |
| stdClass |
| WebAuthnException |
| lbuchs\WebAuthn\WebAuthn::processGet | ( | $clientDataJSON, | |
| $authenticatorData, | |||
| $signature, | |||
| $credentialPublicKey, | |||
| $challenge, | |||
| $prevSignatureCnt = null, | |||
| $requireUserVerification = false, | |||
| $requireUserPresent = true ) |
process a get request
| string | $clientDataJSON | binary from browser |
| string | $authenticatorData | binary from browser |
| string | $signature | binary from browser |
| string | $credentialPublicKey | string PEM-formated public key from used credentialId |
| string | ByteBuffer | $challenge | binary from used challange |
| int | $prevSignatureCnt | signature count value of the last login |
| bool | $requireUserVerification | true, if the device must verify user (e.g. by biometric data or pin) |
| bool | $requireUserPresent | true, if the device must check user presence (e.g. by pressing a button) |
| boolean | true if get is successful |
| WebAuthnException |
| lbuchs\WebAuthn\WebAuthn::queryFidoMetaDataService | ( | $certFolder, | |
| $deleteCerts = true ) |
Downloads root certificates from FIDO Alliance Metadata Service (MDS) to a specific folder https://fidoalliance.org/metadata/.
| string | $certFolder | Folder path to save the certificates in PEM format. |
| bool | $deleteCerts | delete certificates in the target folder before adding the new ones. |
| int | number of cetificates |
| WebAuthnException |
1.11.0