Merge pull request #20101 from mozilla/FXA-13056

feat(passkey): create server side helper functions

Author: MagentaManifold

libs/accounts/passkey/README.md

@@ -54,6 +54,10 @@ This library follows the layered architecture pattern used across `libs/accounts
    - Validated with class-validator decorators
    - Loaded from Convict config in consuming applications
 
+6. **WebAuthn Adapter** (`webauthn-adapter.ts`)
+   - Thin wrapper around `@simplewebauthn/server` v13.
+   - Transforms between repository data structures and library format
+
 ### Pattern: No Module Export
 
 Unlike `libs/shared/nestjs/*`, this library **does not export a NestJS module**. This is intentional:

libs/accounts/passkey/src/index.ts

@@ -25,3 +25,4 @@ export * from './lib/passkey.manager';
 export * from './lib/passkey.repository';
 export * from './lib/passkey.errors';
 export * from './lib/passkey.config';
+export * from './lib/webauthn-adapter';

libs/accounts/passkey/src/lib/passkey.config.ts

@@ -2,7 +2,19 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-import { IsArray, IsBoolean, IsNumber, IsString } from 'class-validator';
+import {
+  IsArray,
+  IsBoolean,
+  IsIn,
+  IsNumber,
+  IsOptional,
+  IsString,
+} from 'class-validator';
+import type {
+  AuthenticatorAttachment,
+  ResidentKeyRequirement,
+  UserVerificationRequirement,
+} from '@simplewebauthn/server';
 
 /**
  * Configuration for passkey (WebAuthn) functionality.
@@ -59,8 +71,9 @@ export class PasskeyConfig {
    * - 'discouraged': User verification should not occur
    * @example 'required'
    */
-  @IsString()
-  public userVerification?: 'required' | 'preferred' | 'discouraged';
+  @IsOptional()
+  @IsIn(['required', 'preferred', 'discouraged'])
+  public userVerification?: UserVerificationRequirement;
 
   /**
    * Resident key (discoverable credential) requirement.
@@ -72,15 +85,17 @@ export class PasskeyConfig {
    * - 'discouraged': Non-discoverable credential preferred
    * @example 'required'
    */
-  @IsString()
-  public residentKey?: 'required' | 'preferred' | 'discouraged';
+  @IsOptional()
+  @IsIn(['required', 'preferred', 'discouraged'])
+  public residentKey?: ResidentKeyRequirement;
 
   /**
    * Authenticator attachment preference.
    * - 'platform': Platform authenticators (built into device, like Touch ID)
    * - 'cross-platform': Roaming authenticators (USB security keys)
    * - undefined: No preference (allow any)
    */
-  @IsString()
-  public authenticatorAttachment?: string;
+  @IsOptional()
+  @IsIn(['platform', 'cross-platform'])
+  public authenticatorAttachment?: AuthenticatorAttachment;
 }