Open fcorneli opened 8 months ago
Hi! Note that you can do this by modifying the AssertionRequest
object before sending it to the client, as long as those changes are preserved when the AssertionRequest
is passed into finishAssertion()
. Like this:
AssertionRequest request = rp.finishAssertion(...);
request =
request.toBuilder()
.publicKeyCredentialRequestOptions(
request.getPublicKeyCredentialRequestOptions().toBuilder()
.allowCredentials(
request
.getPublicKeyCredentialRequestOptions()
.getAllowCredentials()
.map(
allowCredentials ->
allowCredentials.stream()
.filter(pkcDescriptor -> true)
.collect(Collectors.toList())))
.build())
.build();
It's a bit verbose, but if it's any consolation it's at least only a single expression. Does that work for you?
Will try this out (internal ticket 12668).
RelyingParty.startAssertion
constructs a list ofallowCredentials
based on thecredentialRepository
, which makes sense. However, it would be handy if you could also restrict the allowed credential via someStartAssertionOptions
option. Two use cases I have for this: