Passkey Challenge Service - Meander Platform - Likeperson App

Service Layer high complexity backend

Dependencies

Dependents

Entities

Integrations

Description

Backend service responsible for issuing and validating single-use cryptographic challenges for FIDO2 registration and authentication flows. Prevents replay attacks by enforcing nonce expiry and single-use semantics.

Feature: Authentication Methods (Passkeys)

passkey-challenge-service

Responsibilities

Generate cryptographically random challenge nonces for registration and assertion
Store challenges server-side with short TTL (e.g., 5 minutes)
Validate that a presented challenge was issued, is unexpired, and has not been consumed
Invalidate challenges after successful or failed use

Interfaces

generateRegistrationChallenge(userId: string) -> Challenge

generateAuthenticationChallenge(userId: string) -> Challenge

validateChallenge(challengeId: string, clientData: string) -> boolean

expireChallenge(challengeId: string) -> void

Relationships

Dependencies (1)

Components this component depends on

data Passkey Credentials Repository

Dependents (1)

Components that depend on this component

service Passkey Service