WebAuthn Service
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
1
Entities
0
Integrations
Description
Backend service that generates WebAuthn registration and authentication challenges and verifies attestation and assertion responses from clients. Enforces relying party policy and binds verified credentials to user accounts.
webauthn-service
Sources & reasoning
Passkeys are not named in source docs; included because the blueprint authoritatively lists 'Passkeys (WebAuthn)' as a required feature in Authentication & Access Control. With no source signal it falls under §5 Phase 3 'Vekst og engasjement' as a forward-looking auth enhancement; target_release uses that phase's verbatim name 'Growth & Engagement'.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Generate registration challenges with relying party parameters
- Verify attestation responses and extract public keys
- Generate authentication challenges for sign-in
- Verify assertion signatures against stored public keys
- Enforce challenge expiry and replay protection
Interfaces
createRegistrationChallenge(userId): ChallengeOptions
verifyRegistration(userId, response): Passkey
createAuthenticationChallenge(userIdHint): ChallengeOptions
verifyAuthentication(response): AuthToken