TsgcWSAPIServer_WebAuthn › Events
Events you can handle, grouped by purpose, followed by the full alphabetical list.
| Name | Description |
|---|---|
| OnWebAuthnHTTPRequest | Fires before a WebAuthn endpoint processes an incoming HTTP request; lets the application inspect headers, apply rate limits, or reject the call. |
| OnWebAuthnHTTPResponse | Fires after the server has built the HTTP response for a WebAuthn endpoint but before it is sent; useful to audit or decorate the outgoing payload and headers. |
| OnWebAuthnException | Fires when an unhandled exception is raised while processing a WebAuthn request; lets the application log the error and override the HTTP response code. |
| OnWebAuthnUnauthorized | Fires when a WebSocket connection attempts to use a WebAuthn-protected resource without a valid token; lets the application decide whether to disconnect. |
| OnWebAuthnMetadata | Fires when the server needs authenticator metadata for an AAGUID; lets the application return a cached or custom FIDO MDS BLOB entry. |
| Name | Description |
|---|---|
| OnWebAuthnRegistrationOptionsRequest | Fires at the start of /register/begin when a client asks for PublicKeyCredentialCreationOptions; lets the application validate the user and approve or reject the ceremony. |
| OnWebAuthnRegistrationOptionsResponse | Fires after the server has built the PublicKeyCredentialCreationOptions response for /register/begin; lets the application inspect or persist the generated challenge. |
| OnWebAuthnRegistrationValidateCredentialId | Fires during /register/verify to let the application check that the new credential id is unique in its user store. |
| OnWebAuthnRegistrationValidateCertificate | Fires during /register/verify to let the application validate the attestation certificate chain (for example against a cached FIDO MDS) and override the built-in check. |
| OnWebAuthnRegistrationSuccessful | Fires at the end of /register/verify when attestation has been accepted; this is where the application must persist the new credential record for the user. |
| OnWebAuthnRegistrationError | Fires when /register/verify rejects the attestation; exposes the failing request and the textual reason so the application can log or alert on it. |
| Name | Description |
|---|---|
| OnWebAuthnAuthenticationOptionsRequest | Fires at the start of /authenticate/begin; the application must return the list of credentials registered for the user so the server can build PublicKeyCredentialRequestOptions. |
| OnWebAuthnAuthenticationOptionsResponse | Fires after the server has built the PublicKeyCredentialRequestOptions response for /authenticate/begin; lets the application inspect or persist the generated challenge. |
| OnWebAuthnAuthenticationSuccessful | Fires at the end of /authenticate/verify when the assertion signature is valid; the application should update the sign counter and establish the session. |
| OnWebAuthnAuthenticationError | Fires when /authenticate/verify rejects the assertion; exposes the failing request and the textual reason so the application can log or alert on it. |
| Name | Description |
|---|---|
| OnWebAuthnAuthenticationError | Fires when /authenticate/verify rejects the assertion; exposes the failing request and the textual reason so the application can log or alert on it. |
| OnWebAuthnAuthenticationOptionsRequest | Fires at the start of /authenticate/begin; the application must return the list of credentials registered for the user so the server can build PublicKeyCredentialRequestOptions. |
| OnWebAuthnAuthenticationOptionsResponse | Fires after the server has built the PublicKeyCredentialRequestOptions response for /authenticate/begin; lets the application inspect or persist the generated challenge. |
| OnWebAuthnAuthenticationSuccessful | Fires at the end of /authenticate/verify when the assertion signature is valid; the application should update the sign counter and establish the session. |
| OnWebAuthnException | Fires when an unhandled exception is raised while processing a WebAuthn request; lets the application log the error and override the HTTP response code. |
| OnWebAuthnHTTPRequest | Fires before a WebAuthn endpoint processes an incoming HTTP request; lets the application inspect headers, apply rate limits, or reject the call. |
| OnWebAuthnHTTPResponse | Fires after the server has built the HTTP response for a WebAuthn endpoint but before it is sent; useful to audit or decorate the outgoing payload and headers. |
| OnWebAuthnMetadata | Fires when the server needs authenticator metadata for an AAGUID; lets the application return a cached or custom FIDO MDS BLOB entry. |
| OnWebAuthnRegistrationError | Fires when /register/verify rejects the attestation; exposes the failing request and the textual reason so the application can log or alert on it. |
| OnWebAuthnRegistrationOptionsRequest | Fires at the start of /register/begin when a client asks for PublicKeyCredentialCreationOptions; lets the application validate the user and approve or reject the ceremony. |
| OnWebAuthnRegistrationOptionsResponse | Fires after the server has built the PublicKeyCredentialCreationOptions response for /register/begin; lets the application inspect or persist the generated challenge. |
| OnWebAuthnRegistrationSuccessful | Fires at the end of /register/verify when attestation has been accepted; this is where the application must persist the new credential record for the user. |
| OnWebAuthnRegistrationValidateCertificate | Fires during /register/verify to let the application validate the attestation certificate chain (for example against a cached FIDO MDS) and override the built-in check. |
| OnWebAuthnRegistrationValidateCredentialId | Fires during /register/verify to let the application check that the new credential id is unique in its user store. |
| OnWebAuthnUnauthorized | Fires when a WebSocket connection attempts to use a WebAuthn-protected resource without a valid token; lets the application decide whether to disconnect. |