Web Authentication (WebAuthn)

TOC

• Web Authentication API navigator.credentials
• WebAuthn 硬體
  • SoloKeys - The first open source FIDO2 security key.
• WebAuthn 參考專案
  • Google
  • Pretix 票務
  • Okta SignIn widget 身份識別
  • Cryptovote
• FIDO2/WebAuthn Resources
• TODO
  • 201909

Web Authentication API navigator.credentials

• navigator.credentials.create() - Web Authentication: An API for accessing Public Key Credentials Level 1
• navigator.credentials.get({publicKey:..., ...}) - Web Authentication: An API for accessing Public Key Credentials Level 1
• CBOR Object Signing and Encryption (COSE)

Guide to Web Authentication

const publicKeyCredentialCreationOptions = {
    challenge: Uint8Array.from(randomStringFromServer, c => c.charCodeAt(0)),
    rp: {
        name: "Duo Security",
        id: "duosecurity.com",
    },
    user: {
        id: Uint8Array.from("UZSL85T9AFC", c => c.charCodeAt(0)),
        name: "lee@webauthn.guide",
        displayName: "Lee",
    },
    pubKeyCredParams: [{alg: -7, type: "public-key"}],
    authenticatorSelection: {
        authenticatorAttachment: "cross-platform",
    },
    timeout: 60000,
    attestation: "direct"
};

const credential = await navigator.credentials.create({
    publicKey: publicKeyCredentialCreationOptions
});

WebAuthn 硬體

SoloKeys - The first open source FIDO2 security key.

• Solo – SoloKeys
• solokeys/solo: Solo: open security key supporting FIDO2 & U2F over USB + NFC
• FIDO2 Implementation - Solo Technical Documentation
• Somu | Crowd Supply

WebAuthn 參考專案

Google

• google/webauthndemo: An example Java Relying Party implementation of the WebAuthn specification
• googlecodelabs/fido2-codelab

Pretix 票務

pretix/pretix: Ticket shop application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, barcamps, etc.

Release 3.1.0 of pretix – pretix – Reinventing ticket sales for conferences, festivals, exhibitions, ...

WebAuthn We ported our two-factor authentication to support hardware tokens via WebAuthn instead of U2F. All your keys are still working, but they now work in Microsoft Edge, many more Firefox versions, as well as most mobile browsers, too.

pretix/webauthn.js at master · pretix/pretix

Okta SignIn widget 身份識別

• Okta, Auth0, & the Goblet of Identity
• okta/okta-signin-widget: Okta SignIn widget that renders the new login/auth/recovery flows
• okta-signin-widget/EnrollWebauthnController.js at 3.2 · okta/okta-signin-widget

Cryptovote

cryptovote/webauthn.js at master · cryptovoting/cryptovote

FIDO2/WebAuthn Resources

• WebAuthn Web Authentication with YubiKey 5
• Building FIDO2 server in Go
• 一起來了解 Web Authentication
• WebAuthn Basic Web Client/Server
• StrongKey/fido2
• WebAuthn (FIDO2) server library written in Go
• Integrate YubiKey 5Ci into Metamask Mobile #1011
• Learning WebAuthn nerocrux/webauthn

TODO

201909

• 圖 username/password - public-key
• 圖 Introduction to Web Authentication: The New W3C Spec
• caniuse Web Authentication API 69% , WebAssembly is 87%