1

Just started to play around yubikey, my question is based on the following assumptions:

  1. Passwordless doesn't need to know the username based on the following demo
  2. Based on this doc the allowedCredentials can be omitted

I registered the yubikey by using the django package django-fido

I am having problem using navigator.credentials.get(publicKey) to get the credential from yubikey, the publicKey parameter I am passing in as below:

{challenge: Uint8Array(32), rpId: 'localhost'}

It says the yubikey is not registered with this website, but I am pretty sure I did because if I don't use the passwordless approach, by specifying the allowedCredentials, I can find the key:

{challenge: Uint8Array(32), rpId: 'localhost', allowCredentials: Array(1)}
James Lin
  • 25,028
  • 36
  • 133
  • 233

1 Answers1

0

OK, digging into the django-fido package views.py found that I need to specify resident_key=True to store the credential on the key

    def create_fido2_request(self) -> Tuple[Dict, Dict]:
        """Create and return FIDO 2 registration request.

        @raise ValueError: If request can't be created.
        """
        user = self.get_user()
        assert user.is_authenticated, "User must not be anonymous for FIDO 2 requests."
        credentials = self.get_credentials(user)
        return self.server.register_begin(self.get_user_data(user), credentials, user_verification=self.user_verification, resident_key=True)
James Lin
  • 25,028
  • 36
  • 133
  • 233