com.yubico.webauthn.data

Class UserIdentity

java.lang.Object

com.yubico.webauthn.data.UserIdentity

All Implemented Interfaces:

PublicKeyCredentialEntity

public final class UserIdentity
extends java.lang.Object
implements PublicKeyCredentialEntity

Describes a user account, with which public key credentials can be associated.

See Also:

§5.4.3. User Account Parameters for Credential Generation (dictionary PublicKeyCredentialUserEntity)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	UserIdentity.UserIdentityBuilder

Method Summary

Modifier and Type	Method and Description
static UserIdentity.UserIdentityBuilder.MandatoryStages	builder()
boolean	equals(java.lang.Object o)
@NonNull java.lang.String	getDisplayName() A human-palatable name for the user account, intended only for display.
@NonNull ByteArray	getId() The user handle for the account, specified by the Relying Party.
@NonNull java.lang.String	getName() A human-palatable identifier for a user account.
int	hashCode()
UserIdentity.UserIdentityBuilder	toBuilder()
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

builder

public static UserIdentity.UserIdentityBuilder.MandatoryStages builder()

toBuilder

public UserIdentity.UserIdentityBuilder toBuilder()

getDisplayName

@NonNull
public @NonNull java.lang.String getDisplayName()

A human-palatable name for the user account, intended only for display. For example, "Alex P. Müller" or "田中 倫". The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary.

• Relying Parties SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for the Nickname Profile of the PRECIS FreeformClass [RFC8264], when setting displayName's value, or displaying the value to the user.
• Clients SHOULD perform enforcement, as prescribed in Section 2.3 of [RFC8266] for the Nickname Profile of the PRECIS FreeformClass [RFC8264], on displayName's value prior to displaying the value to the user or including the value as a parameter of the authenticatorMakeCredential operation.

When clients, client platforms, or authenticators display a displayName's value, they should always use UI elements to provide a clear boundary around the displayed value, and not allow overflow into other elements.

Authenticators MUST accept and store a 64-byte minimum length for a displayName member's value. Authenticators MAY truncate a displayName member's value to a length equal to or greater than 64 bytes.

See Also:

RFC 8264, RFC 8266

getId

@NonNull
public @NonNull ByteArray getId()

The user handle for the account, specified by the Relying Party.

A user handle is an opaque byte sequence with a maximum size of 64 bytes. User handles are not meant to be displayed to users. The user handle SHOULD NOT contain personally identifying information about the user, such as a username or e-mail address; see §14.9 User Handle Contents for details.

To ensure secure operation, authentication and authorization decisions MUST be made on the basis of this id member, not the displayName nor name members. See Section 6.1 of RFC 8266.

An authenticator will never contain more than one credential for a given Relying Party under the same user handle.

equals

public boolean equals(java.lang.Object o)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

getName

@NonNull
public @NonNull java.lang.String getName()

A human-palatable identifier for a user account. It is intended only for display, i.e., aiding the user in determining the difference between user accounts with similar displayNames.

For example: "alexm", "alex.p.mueller@example.com" or "+14255551234".

Specified by:

getName in interface PublicKeyCredentialEntity

See Also:

RFC 8264, RFC 8265