The OneSpan FIDO2 SDK supports a set of WebAuthn extensions - Table: Supported WebAuthn extensions lists these extensions.
| Extension | Process | Link |
|---|---|---|
| AppId | Authentication | https://www.w3.org/TR/webauthn/#sctn-appid-extension |
| Simple Transaction Authorization | Authentication | https://www.w3.org/TR/webauthn/#sctn-simple-txauth-extension |
| Generic Transaction Authorization | Authentication | https://www.w3.org/TR/webauthn/#sctn-generic-txauth-extension |
| Authenticator Selection | Registration | https://www.w3.org/TR/webauthn/#sctn-authenticator-selection-extension |
| Supported Extensions | Registration | https://www.w3.org/TR/webauthn/#sctn-supported-extensions-extension |
| User Verification Index | Registration, authentication | https://www.w3.org/TR/webauthn/#sctn-uvi-extension |
| Location | Registration, authentication | https://www.w3.org/TR/webauthn/#sctn-location-extension |
| User Verification Method | Registration, authentication | https://www.w3.org/TR/webauthn/#sctn-uvm-extension |
| Biometric Authenticator Performance Bounds | Registration | https://www.w3.org/TR/webauthn/#sctn-authenticator-biometric-criteria-extension |
The requested extensions are added to PublicKeyCredentialCreationOptions (for the registration process) or to PublicKeyCredentialRequestOptions (for the authentication process).
The requested extensions should be saved in a session storage and passed to the second step of the SDK processes to verify that the requested extensions were processed by an existing client.
For the supported extensions you can override the validation logic: Overriding the validation logic of supported extensions outlines the necessary steps.
Overriding the validation logic of supported extensions
- Implement the ExtensionHandler interface.
- Add the handler to the ExtensionHandlerRegistry instance that is used to configure the extension handling for the SDK.
- Use the corresponding instance of ExtensionHandlerRegistry to configure either RegistrationExtensionVerifier or AuthenticationExtensionVerifier.