0

I am trying to use passkeys to perform webauthn registration and authentication. I have an extension to the website that access the native message host program. The native message host is written in swift. When I access websites like webauthn.io, this extension routes the message to my native message host program and which handles talking with the passkeys/yubikeys and getting the authentication.

What I have tried so far is -

  • Using libfido library to create registration and authentication. This works however in osx, it doesn't provide a prompt for touching the key and no prompts for PIN.
  • Using passkeys api. This however needs registering the app with associated domain. My use case is that the extension can be used to route any webauthn requests to this native message host, hence I cannot register my application with all the websites, none of which owned by me.

My question is - how can I prompt the user for using their passkeys or yubikeys without associating my app to the domain? Libfido almost does this but it doesn't provide prompt for users to touch their keys or input pin. Should I use IOHid kit that libfido uses and create my own windows with prompts?

Webauthn - https://webauthn.io/ libfido (osx) - https://github.com/Yubico/libfido2/blob/main/src/hid_osx.c

Let me know if you need more info. TIA

hyoyin_Kyuoma
  • 643
  • 1
  • 6
  • 16

1 Answers1

0

macOS allows direct access to security keys and so you can communicate with them (e.g. using libfido) but will have to provide your own UI. You may have to replace or edit libfido in order to provide such an experience.

Using the native macOS APIs, as you've found, requires that the website allow the app so isn't going to work for sites in general.

(I'll also note that, as described, what you're seeking to do is what browsers support by default and will work fine without an extension if the site just uses the WebAuthn Javascript API.)

agl
  • 1,129
  • 5
  • 6