PRODUCT-775: support for extensions and PRF on Android, iOS and Windows

packages/corbado_auth_firebase/example/windows/flutter/generated_plugins.cmake

@@ -6,6 +6,7 @@ list(APPEND FLUTTER_PLUGIN_LIST
   firebase_auth
   firebase_core
   flutter_secure_storage_windows
+  passkeys_windows
 )
 
 list(APPEND FLUTTER_FFI_PLUGIN_LIST

packages/passkeys/passkeys/example/lib/pages/base_page.dart

@@ -9,7 +9,6 @@ class BasePage extends StatelessWidget {
 
   @override
   Widget build(BuildContext context) {
-
     SchedulerBinding.instance.addPostFrameCallback((_) {
       if (!context.mounted) return;
       DebugOverlay.show(context);

packages/passkeys/passkeys/example/lib/pages/error_page.dart

@@ -36,7 +36,11 @@ class ErrorPage extends StatelessWidget {
                       fontWeight: FontWeight.bold,
                     ),
                   ),
-                  Text(hint!, textAlign: TextAlign.center, style: TextStyle(fontSize: 12),),
+                  Text(
+                    hint!,
+                    textAlign: TextAlign.center,
+                    style: TextStyle(fontSize: 12),
+                  ),
                 ],
               ),
           ],

packages/passkeys/passkeys/example/lib/providers.dart

@@ -12,7 +12,7 @@ final authServiceProvider = Provider<AuthService>((ref) {
   return AuthService(rps: rps, authenticator: authenticator);
 });
 
-final doctorProvider = StreamProvider<Result>((ref) async*{
+final doctorProvider = StreamProvider<Result>((ref) async* {
   final authService = ref.watch(authServiceProvider);
 
   await for (final value in authService.authenticator.resultStream) {

packages/passkeys/passkeys/example/lib/widgets/debug_overlay.dart

@@ -96,8 +96,10 @@ class _DebugOverlayWidget extends HookConsumerWidget {
                           ),
                         ),
                         const SizedBox(height: 2),
-                        Text(info.description,
-                            style: const TextStyle(fontSize: 12),),
+                        Text(
+                          info.description,
+                          style: const TextStyle(fontSize: 12),
+                        ),
                         if (info.platforms.isNotEmpty) ...[
                           const SizedBox(height: 4),
                           Text(

packages/passkeys/passkeys_android/android/src/main/java/com/corbado/passkeys_android/MessageHandler.java

@@ -89,6 +89,7 @@ public void register(
             @Nullable Long timeout,
             @Nullable String attestation,
             @NonNull List<Messages.ExcludeCredential> excludeCredentials,
+            @Nullable String extensions,
             @NonNull Messages.Result<Messages.RegisterResponse> result) {
         if (android.os.Build.VERSION.SDK_INT < 28) {
             result.error(new Messages.FlutterError("android-passkey-unsupported",
@@ -120,7 +121,8 @@ public void register(
                 timeout,
                 authSelectionType,
                 attestation,
-                excludeCredentialsType);
+                excludeCredentialsType,
+                extensions);
 
         try {
             String options = createCredentialOptions.toJSON().toString();
@@ -164,6 +166,10 @@ public void onResult(CreateCredentialResponse res) {
                                         .setClientDataJSON(response.getString("clientDataJSON"))
                                         .setAttestationObject(response.getString("attestationObject"))
                                         .setTransports(typedTransports)
+                                        .setClientExtensionResults(
+                                                json.has("clientExtensionResults")
+                                                        ? json.getJSONObject("clientExtensionResults").toString()
+                                                        : null)
                                         .build());
                             } catch (JSONException e) {
                                 Log.e(TAG, "Error parsing response: " + resp, e);
@@ -224,6 +230,7 @@ public void onError(CreateCredentialException e) {
     public void authenticate(@NonNull String relyingPartyId, @NonNull String challenge, @Nullable Long timeout,
             @Nullable String userVerification, @Nullable List<Messages.AllowCredential> allowCredentials,
             @Nullable Boolean preferImmediatelyAvailableCredentials,
+            @Nullable String extensions,
             @NonNull Messages.Result<Messages.AuthenticateResponse> result) {
         if (android.os.Build.VERSION.SDK_INT < 28) {
             result.error(new Messages.FlutterError("android-passkey-unsupported",
@@ -238,7 +245,7 @@ public void authenticate(@NonNull String relyingPartyId, @NonNull String challen
                     .collect(Collectors.toList());
         }
         GetCredentialOptions getCredentialOptions = new GetCredentialOptions(challenge, timeout, relyingPartyId,
-                allowCredentialsType, userVerification);
+                allowCredentialsType, userVerification, extensions);
         try {
             String options = getCredentialOptions.toJSON().toString();
 
@@ -283,7 +290,12 @@ public void onResult(GetCredentialResponse res) {
                                     final Messages.AuthenticateResponse msg = new Messages.AuthenticateResponse.Builder()
                                             .setId(id).setRawId(rawId).setClientDataJSON(clientDataJSON)
                                             .setAuthenticatorData(authenticatorData).setSignature(signature)
-                                            .setUserHandle(userHandle).build();
+                                            .setUserHandle(userHandle)
+                                            .setClientExtensionResults(
+                                                    json.has("clientExtensionResults")
+                                                            ? json.getJSONObject("clientExtensionResults").toString()
+                                                            : null)
+                                            .build();
 
                                     result.success(msg);
                                 } catch (JSONException e) {

packages/passkeys/passkeys_android/android/src/main/java/com/corbado/passkeys_android/Messages.java

@@ -722,6 +722,17 @@ public void setTransports(@NonNull List<String> setterArg) {
       this.transports = setterArg;
     }
 
+    /** JSON-encoded client extension results */
+    private @Nullable String clientExtensionResults;
+
+    public @Nullable String getClientExtensionResults() {
+      return clientExtensionResults;
+    }
+
+    public void setClientExtensionResults(@Nullable String setterArg) {
+      this.clientExtensionResults = setterArg;
+    }
+
     /** Constructor is non-public to enforce null safety; use Builder. */
     RegisterResponse() {}
 
@@ -762,25 +773,34 @@ public static final class Builder {
         return this;
       }
 
+      private @Nullable String clientExtensionResults;
+
+      public @NonNull Builder setClientExtensionResults(@Nullable String setterArg) {
+        this.clientExtensionResults = setterArg;
+        return this;
+      }
+
       public @NonNull RegisterResponse build() {
         RegisterResponse pigeonReturn = new RegisterResponse();
         pigeonReturn.setId(id);
         pigeonReturn.setRawId(rawId);
         pigeonReturn.setClientDataJSON(clientDataJSON);
         pigeonReturn.setAttestationObject(attestationObject);
         pigeonReturn.setTransports(transports);
+        pigeonReturn.setClientExtensionResults(clientExtensionResults);
         return pigeonReturn;
       }
     }
 
     @NonNull
     ArrayList<Object> toList() {
-      ArrayList<Object> toListResult = new ArrayList<Object>(5);
+      ArrayList<Object> toListResult = new ArrayList<Object>(6);
       toListResult.add(id);
       toListResult.add(rawId);
       toListResult.add(clientDataJSON);
       toListResult.add(attestationObject);
       toListResult.add(transports);
+      toListResult.add(clientExtensionResults);
       return toListResult;
     }
 
@@ -796,6 +816,8 @@ ArrayList<Object> toList() {
       pigeonResult.setAttestationObject((String) attestationObject);
       Object transports = list.get(4);
       pigeonResult.setTransports((List<String>) transports);
+      Object clientExtensionResults = list.get(5);
+      pigeonResult.setClientExtensionResults((String) clientExtensionResults);
       return pigeonResult;
     }
   }
@@ -889,6 +911,17 @@ public void setUserHandle(@NonNull String setterArg) {
       this.userHandle = setterArg;
     }
 
+    /** JSON-encoded client extension results */
+    private @Nullable String clientExtensionResults;
+
+    public @Nullable String getClientExtensionResults() {
+      return clientExtensionResults;
+    }
+
+    public void setClientExtensionResults(@Nullable String setterArg) {
+      this.clientExtensionResults = setterArg;
+    }
+
     /** Constructor is non-public to enforce null safety; use Builder. */
     AuthenticateResponse() {}
 
@@ -936,6 +969,13 @@ public static final class Builder {
         return this;
       }
 
+      private @Nullable String clientExtensionResults;
+
+      public @NonNull Builder setClientExtensionResults(@Nullable String setterArg) {
+        this.clientExtensionResults = setterArg;
+        return this;
+      }
+
       public @NonNull AuthenticateResponse build() {
         AuthenticateResponse pigeonReturn = new AuthenticateResponse();
         pigeonReturn.setId(id);
@@ -944,19 +984,21 @@ public static final class Builder {
         pigeonReturn.setAuthenticatorData(authenticatorData);
         pigeonReturn.setSignature(signature);
         pigeonReturn.setUserHandle(userHandle);
+        pigeonReturn.setClientExtensionResults(clientExtensionResults);
         return pigeonReturn;
       }
     }
 
     @NonNull
     ArrayList<Object> toList() {
-      ArrayList<Object> toListResult = new ArrayList<Object>(6);
+      ArrayList<Object> toListResult = new ArrayList<Object>(7);
       toListResult.add(id);
       toListResult.add(rawId);
       toListResult.add(clientDataJSON);
       toListResult.add(authenticatorData);
       toListResult.add(signature);
       toListResult.add(userHandle);
+      toListResult.add(clientExtensionResults);
       return toListResult;
     }
 
@@ -974,6 +1016,8 @@ ArrayList<Object> toList() {
       pigeonResult.setSignature((String) signature);
       Object userHandle = list.get(5);
       pigeonResult.setUserHandle((String) userHandle);
+      Object clientExtensionResults = list.get(6);
+      pigeonResult.setClientExtensionResults((String) clientExtensionResults);
       return pigeonResult;
     }
   }
@@ -1053,9 +1097,9 @@ public interface PasskeysApi {
 
     void hasPasskeySupport(@NonNull Result<Boolean> result);
 
-    void register(@NonNull String challenge, @NonNull RelyingParty relyingParty, @NonNull User user, @Nullable AuthenticatorSelection authenticatorSelection, @Nullable List<PubKeyCredParam> pubKeyCredParams, @Nullable Long timeout, @Nullable String attestation, @NonNull List<ExcludeCredential> excludeCredentials, @NonNull Result<RegisterResponse> result);
+    void register(@NonNull String challenge, @NonNull RelyingParty relyingParty, @NonNull User user, @Nullable AuthenticatorSelection authenticatorSelection, @Nullable List<PubKeyCredParam> pubKeyCredParams, @Nullable Long timeout, @Nullable String attestation, @NonNull List<ExcludeCredential> excludeCredentials, @Nullable String extensions, @NonNull Result<RegisterResponse> result);
 
-    void authenticate(@NonNull String relyingPartyId, @NonNull String challenge, @Nullable Long timeout, @Nullable String userVerification, @Nullable List<AllowCredential> allowCredentials, @Nullable Boolean preferImmediatelyAvailableCredentials, @NonNull Result<AuthenticateResponse> result);
+    void authenticate(@NonNull String relyingPartyId, @NonNull String challenge, @Nullable Long timeout, @Nullable String userVerification, @Nullable List<AllowCredential> allowCredentials, @Nullable Boolean preferImmediatelyAvailableCredentials, @Nullable String extensions, @NonNull Result<AuthenticateResponse> result);
 
     void cancelCurrentAuthenticatorOperation(@NonNull Result<Void> result);
 
@@ -1136,6 +1180,7 @@ public void error(Throwable error) {
                 Number timeoutArg = (Number) args.get(5);
                 String attestationArg = (String) args.get(6);
                 List<ExcludeCredential> excludeCredentialsArg = (List<ExcludeCredential>) args.get(7);
+                String extensionsArg = (String) args.get(8);
                 Result<RegisterResponse> resultCallback =
                     new Result<RegisterResponse>() {
                       public void success(RegisterResponse result) {
@@ -1149,7 +1194,7 @@ public void error(Throwable error) {
                       }
                     };
 
-                api.register(challengeArg, relyingPartyArg, userArg, authenticatorSelectionArg, pubKeyCredParamsArg, (timeoutArg == null) ? null : timeoutArg.longValue(), attestationArg, excludeCredentialsArg, resultCallback);
+                api.register(challengeArg, relyingPartyArg, userArg, authenticatorSelectionArg, pubKeyCredParamsArg, (timeoutArg == null) ? null : timeoutArg.longValue(), attestationArg, excludeCredentialsArg, extensionsArg, resultCallback);
               });
         } else {
           channel.setMessageHandler(null);
@@ -1170,6 +1215,7 @@ public void error(Throwable error) {
                 String userVerificationArg = (String) args.get(3);
                 List<AllowCredential> allowCredentialsArg = (List<AllowCredential>) args.get(4);
                 Boolean preferImmediatelyAvailableCredentialsArg = (Boolean) args.get(5);
+                String extensionsArg = (String) args.get(6);
                 Result<AuthenticateResponse> resultCallback =
                     new Result<AuthenticateResponse>() {
                       public void success(AuthenticateResponse result) {
@@ -1183,7 +1229,7 @@ public void error(Throwable error) {
                       }
                     };
 
-                api.authenticate(relyingPartyIdArg, challengeArg, (timeoutArg == null) ? null : timeoutArg.longValue(), userVerificationArg, allowCredentialsArg, preferImmediatelyAvailableCredentialsArg, resultCallback);
+                api.authenticate(relyingPartyIdArg, challengeArg, (timeoutArg == null) ? null : timeoutArg.longValue(), userVerificationArg, allowCredentialsArg, preferImmediatelyAvailableCredentialsArg, extensionsArg, resultCallback);
               });
         } else {
           channel.setMessageHandler(null);

packages/passkeys/passkeys_android/android/src/main/java/com/corbado/passkeys_android/models/login/GetCredentialOptions.java

@@ -17,13 +17,15 @@ public class GetCredentialOptions {
     private String rpId;
     private List<AllowCredentialType> allowCredentials;
     private String userVerification;
+    private String extensions;
 
-    public GetCredentialOptions(String challenge, Long timeout, String rpId, List<AllowCredentialType> allowCredentials, String userVerification) {
+    public GetCredentialOptions(String challenge, Long timeout, String rpId, List<AllowCredentialType> allowCredentials, String userVerification, String extensions) {
         this.challenge = challenge;
         this.timeout = timeout;
         this.rpId = rpId;
         this.allowCredentials = allowCredentials;
         this.userVerification = userVerification;
+        this.extensions = extensions;
     }
 
     public JSONObject toJSON() throws JSONException {
@@ -42,6 +44,9 @@ public JSONObject toJSON() throws JSONException {
                 }
             }).toArray()));
         }
+        if (extensions != null) {
+            json.put("extensions", new JSONObject(extensions));
+        }
 
         return json;
     }

packages/passkeys/passkeys_android/android/src/main/java/com/corbado/passkeys_android/models/signup/CreateCredentialOptions.java

@@ -21,6 +21,8 @@ public class CreateCredentialOptions {
 
     private List<ExcludeCredentialType> excludeCredentials;
 
+    private String extensions;
+
     public CreateCredentialOptions(
             String challenge,
             RelyingPartyType rp,
@@ -29,7 +31,8 @@ public CreateCredentialOptions(
             Long timeout,
             AuthenticatorSelectionType authenticatorSelection,
             String attestation,
-            List<ExcludeCredentialType> excludeCredentials
+            List<ExcludeCredentialType> excludeCredentials,
+            String extensions
     ) {
         this.challenge = challenge;
         this.rp = rp;
@@ -39,6 +42,7 @@ public CreateCredentialOptions(
         this.authenticatorSelection = authenticatorSelection;
         this.attestation = attestation;
         this.excludeCredentials = excludeCredentials;
+        this.extensions = extensions;
     }
 
     public JSONObject toJSON() throws JSONException {
@@ -54,6 +58,8 @@ public JSONObject toJSON() throws JSONException {
             json.put("authenticatorSelection", authenticatorSelection.toJSON());
         if (excludeCredentials != null)
             json.put("excludeCredentials", new JSONArray(excludeCredentials.stream().map(ExcludeCredentialType::toJSON).toArray()));
+        if (extensions != null)
+            json.put("extensions", new JSONObject(extensions));
 
         return json;
     }