AttestationTokenValidationOptions

Options used to validate attestation tokens.

typeparam: if provided, specifies the expected issuer of the attestation token.
typeparam: if true, validate the expiration time in the token.
typeparam: if true, validate the "not before" time in the token.
typeparam: if true, validate the token.
typeparam: the validation time slack in the time based validations.
remarks: If validateToken, validateNotBeforeTime, or validateExpirationTime are not provided, they are all assumed to be 'true'.

Hierarchy

AttestationTokenValidationOptions

Index

Properties

Optional expectedIssuer

expectedIssuer: undefined | string

The expected issuer for the AttestationToken. Only checked if validateIssuer is set.

Optional timeValidationSlack

timeValidationSlack: undefined | number

Tolerance time (in seconds) used to accound for clock drift between the local machine and the server creating the token.

Optional validateExpirationTime

validateExpirationTime: undefined | false | true

If true, validate the expiration time for the token.

Optional validateIssuer

validateIssuer: undefined | false | true

If true, validate the issuer of the token.

Optional validateNotBeforeTime

validateNotBeforeTime: undefined | false | true

If true, validate the "not before" time for the token.

Optional validateToken

validateToken: undefined | false | true

If true, validate the attestation token, if false, skip validation.

Optional validationCallback

validationCallback: undefined | ((token: AttestationToken, signer?: AttestationSigner) => void)

Validation Callback which allows customers to provide their own validation functionality for the attestation token. This can be used to validate the signing certificate in AttestationSigner.

remarks: If there is a problem with token validation, the validaitonCallback is expected to throw an exception.