Skip to content

tnokin/webauthn

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
example
example
 
 
packages
packages
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
lerna.json
lerna.json
 
 
package.json
package.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Edit by tnokin

When used this project against Chrome on Android I got an issue: in server/src/registration.js there is a test on some value equals "fido-u2f" and "packed". But instead I received "android-safetynet". I googled for hours for this absurdly complex FIDO protocol (and I find kind of funny that in France FIDO is dog food brand, because it is really what this protocol is) and did many trials and suddenly it started to work - miraculously.

So this code needs to replace the server side of the webauthn lib.

webauthn

Implementation of strong authentication with the webauthn standard and FIDO2. Strong authentication is an authentication method using a physical key.

For a more thorough introduction see these two nice articles:

Installation

npm install @webauthn/client
npm install @webauthn/server

usage

Webauthn is composed of two parts @webauthn/client and @webauthn/server

On the browser

import { 
    solveRegistrationChallenge,
    solveLoginChallenge
} from '@webauthn/client';
  • solveRegistrationChallenge: convert the challenge returned by the server on the register route into the response to be returned
  • solveLoginChallenge: convert the challenge returned by the server on the login route into the response to be returned

See an example in example/front

On the server

import {
    parseRegisterRequest,
    generateRegistrationChallenge,
    parseLoginRequest,
    generateLoginChallenge,
    verifyAuthenticatorAssertion,
} from '@webauthn/server';
  • parseRegisterRequest: Extract challenge and key from the register request body. The challenge allow to retrieve the user, and the key must be stored server side linked to the user.
  • generateRegistrationChallenge: Generate a challenge from a relying party and a user { relyingParty, user } to be sent back to the client, in order to register
  • parseLoginRequest: Extract challenge and KeyId from the login request.
  • generateLoginChallenge: Generate challengeResponse from the key sent by the client during login. challengeResponse.challenge should be stored serverside linked to the corresponding user
  • verifyAuthenticatorAssertion: Take the loginChallenge request body and the key stored with the user, and return true if it passes the authenticator assertion

See an example in example/server

Roadmap

For now only fido-u2f and packed format are implemented

  • Implement android-key format
  • Implement android-safetynet format
  • Implement tpm format

About

node.js webauthn framework

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 99.4%
  • Makefile 0.6%