TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnAuthenticationOptionsRequest
Fires at the start of /authenticate/begin; the application must return the list of credentials registered for the user so the server can build PublicKeyCredentialRequestOptions.
property OnWebAuthnAuthenticationOptionsRequest: TsgcWebAuthnOnAuthenticationOptionsRequest;
// TsgcWebAuthnOnAuthenticationOptionsRequest = procedure(Sender: TObject; const aRequest: TsgcWebAuthn_AuthenticationOptions_Request; var CredentialRecords: TsgcWebAuthn_CredentialRecords; var Accept: Boolean) of object—
First hook of the authentication ceremony (WebAuthn navigator.credentials.get()). aRequest contains the username (or empty for discoverable-credential flows) supplied by the client. The handler should populate CredentialRecords with the credentials previously stored for the user — the server uses them to build the allowCredentials list, to look up the public key during verification and to enforce transport hints. Set Accept to false to deny the ceremony (for example, when the user is locked or unknown).
procedure TForm1.sgcWSAPIServer_WebAuthn1WebAuthnAuthenticationOptionsRequest(
Sender: TObject; const aRequest: TsgcWebAuthn_AuthenticationOptions_Request;
var CredentialRecords: TsgcWebAuthn_CredentialRecords; var Accept: Boolean);
begin
CredentialRecords := LoadUserCredentials(aRequest.User.Name);
Accept := Length(CredentialRecords) > 0;
end;