WebAuthn Service
Component Detail
Service Layer
high complexity
backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Server-side WebAuthn library integration (SimpleWebAuthn or WebAuthn4J) running on the Node.js / Next.js backend. Generates and validates registration challenges and assertion challenges, stores verified credential public keys, and issues a session on successful assertion.
webauthn-service
Sources & reasoning
The blueprint mandates this service. Server-side WebAuthn verification cannot be delegated to the client; a dedicated service handles challenge lifecycle, credential storage, and the assertion-to-session handoff, keeping the Auth Module's extension-point contract intact.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Generate registration options (challenge, relying party ID, user handle)
- Verify registration response and persist credential public key + ID
- Generate authentication options for assertion
- Verify assertion response against stored public key and issue session
- Enforce relying party ID matching app domain, Apple App Site Association, and Android Asset Links
Interfaces
generateRegistrationOptions(userId): RegistrationOptions
verifyRegistrationResponse(userId, response): VerifiedCredential
generateAuthenticationOptions(userId): AuthenticationOptions
verifyAuthenticationResponse(response): AuthResult
deleteCredential(userId, credentialId): void
listCredentials(userId): List<PasskeyCredential>
Related Data Entities (2)
Data entities managed by this component