jkunz
e9eb9b4172
Enforce geofenced location evidence for passport challenges and extend admin alerting so mobile devices can review, dismiss, and act on real org and security events.
81 lines
2.0 KiB
TypeScript
81 lines
2.0 KiB
TypeScript
import type { IPassportCapabilities } from './passportdevice.js';
|
|
|
|
export type TPassportChallengeType =
|
|
| 'device_enrollment'
|
|
| 'authentication'
|
|
| 'step_up'
|
|
| 'physical_access';
|
|
|
|
export type TPassportChallengeStatus = 'pending' | 'approved' | 'expired' | 'rejected';
|
|
|
|
export type TPassportChallengeDeliveryStatus = 'pending' | 'sent' | 'failed' | 'seen';
|
|
|
|
export type TPassportSignatureFormat = 'raw' | 'der';
|
|
|
|
export interface IPassportLocationEvidence {
|
|
latitude: number;
|
|
longitude: number;
|
|
accuracyMeters: number;
|
|
capturedAt: number;
|
|
}
|
|
|
|
export interface IPassportNfcEvidence {
|
|
tagId?: string;
|
|
readerId?: string;
|
|
}
|
|
|
|
export interface IPassportLocationPolicy {
|
|
mode: 'geofence';
|
|
label?: string;
|
|
latitude: number;
|
|
longitude: number;
|
|
radiusMeters: number;
|
|
maxAccuracyMeters?: number;
|
|
}
|
|
|
|
export interface IPassportChallenge {
|
|
id: string;
|
|
data: {
|
|
userId: string;
|
|
deviceId?: string | null;
|
|
type: TPassportChallengeType;
|
|
status: TPassportChallengeStatus;
|
|
tokenHash?: string | null;
|
|
challenge: string;
|
|
metadata: {
|
|
originHost?: string;
|
|
audience?: string;
|
|
notificationTitle?: string;
|
|
deviceLabel?: string;
|
|
requireLocation: boolean;
|
|
requireNfc: boolean;
|
|
locationPolicy?: IPassportLocationPolicy;
|
|
requestedCapabilities?: Partial<IPassportCapabilities>;
|
|
};
|
|
evidence?: {
|
|
signatureFormat?: TPassportSignatureFormat;
|
|
location?: IPassportLocationEvidence;
|
|
locationEvaluation?: {
|
|
matched: boolean;
|
|
distanceMeters?: number;
|
|
accuracyAccepted?: boolean;
|
|
evaluatedAt: number;
|
|
reason?: string;
|
|
};
|
|
nfc?: IPassportNfcEvidence;
|
|
};
|
|
notification?: {
|
|
hintId: string;
|
|
status: TPassportChallengeDeliveryStatus;
|
|
attemptCount: number;
|
|
createdAt: number;
|
|
deliveredAt?: number | null;
|
|
seenAt?: number | null;
|
|
lastError?: string | null;
|
|
};
|
|
createdAt: number;
|
|
expiresAt: number;
|
|
completedAt?: number | null;
|
|
};
|
|
}
|