Transaction API - Githubissues

teamhanko / passkeys

FIDO2-certified passkey server and SDKs for adding passkey support to any auth system

https://hanko.io/passkey-api

GNU Affero General Public License v3.0

125 stars 10 forks source link

Transaction API #23

Closed shentschel closed 11 months ago

shentschel commented 11 months ago

Make it possible to use the webauthn api for storing and authorization of transactional data.

To Dos:

Introduce new endpoints /transaction/initialize and /transaction/finalize
secure endpoints with API Keys
Store transactional data in database
link transactional data to a webauthn-user and audit-logs

shentschel commented 11 months ago

I am currently working on the /transaction/initialize endpoint and the user will be able to send the following struct

type InitTransactionDto struct {
    UserId          string      `json:"user_id" validate:"required"`
    TransactionId   string      `json:"transaction_id" validate:"required"`
    TransactionData interface{} `json:"transaction_data" validate:"required"`
}

@FreddyDevelop @FlxMgdnz: Would you only hash the TransactionData or a combination of TransactionId and TransactionData?

FreddyDevelop commented 11 months ago

I would hah the combination of the TransactionId and TransactionId because the TransactionId should be a unique identifier from the relying party. There might be situations where the TransactionData is not unique and this way it is stronger binding of a transaction to an assertion.