PasskeyCredentialStore
Component Detail
Description
Persists passkey credential records including public keys, credential IDs, and authenticator counters for each registered device. Provides CRUD operations used by PasskeyAuthService to look up and update credentials during authentication ceremonies. Enforces data integrity constraints to prevent counter replay attacks.
passkey-credential-store
Sources & reasoning
Passkeys are not mentioned in the source document. The feature appears in the authoritative blueprint with target_release v1.1. No phase evidence exists in source docs, so blueprint assignment is used directly. v1.1 aligns with Phase 3 ordinal position. The feature is a logical evolution of the biometric-login foundation and industry direction for passwordless auth on iOS/Android.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Store newly registered credential public keys, IDs, and associated user IDs
- Retrieve credentials by credential ID or user ID for authentication verification
- Update the authenticator sign counter after each successful assertion
- List all passkey credentials registered to a given user for device management UI
- Delete credential records on revocation or user account deletion
Interfaces
saveCredential(credential: PasskeyCredentialRecord): Promise<void>
findByCredentialId(credentialId: string): Promise<PasskeyCredentialRecord | null>
findAllByUserId(userId: string): Promise<PasskeyCredentialRecord[]>
updateCounter(credentialId: string, newCounter: number): Promise<void>
deleteCredential(credentialId: string): Promise<void>