Stack Overflow
Stack Overflow

Questions tagged [fido]

FIDO (Fast IDentity Online) is an organization which aims to substitute old password authentication with modern password-less solutions. It tries to achieve that by introducing three main protocols : UAF, U2F, FIDO2. Use this tag for questions referring to the FIDO protocols (UAF, U2F, FIDO2).

144 questions
3
votes
2 answers

WebAuthn authenticator attestation response id and rawId

I would like to ask a question regarding id and rawId. When implementing webauthn, in the authenticator attestation response, I see that we have both id and rawId . Reading the spec (https://www.w3.org/TR/webauthn-1/#dom-publickeycredential-rawid) ,…
truongnm
  • 2,311
  • 2
  • 31
  • 48
3
votes
0 answers

Does Keycloak expose WebAuthn APIs or can Webauthn flow be managed programmatically

We are currently evaluating Keycloak Passwordless login feature which is called Webauthn and follows FIDO2 specification. I am able to customize authentication flow (through admin console of keycloak) and login with fido2 device (platform…
Samir
  • 655
  • 5
  • 14
3
votes
1 answer

How to disallow the FIDO Webauthn key registration from virtual authenticator browser extension

The virtual authenticator extension provided in Chrome (virtual authenticators tab) is used for testing / debugging the FIDO2 Webauthn authentication mechanism without using physical authenticator keys. This is useful in automated testing e.g. via…
PJW
  • 344
  • 2
  • 9
3
votes
1 answer

Can FIDO 2.0 WebAuthn library be used to communicate with FIDO 1.0 UAF?

I am attempting to add FIDO support to an existing ASP.NET web application, the FIDO server I am attempting to communicate with is based on the FIDO 1.0 UAF spec. I have tried to handle the FIDO 1.0 UAF operations in .NET, but thus far have had…
Kunal
  • 33
  • 4
3
votes
0 answers

Hosting digital asset link json file in a path instead of domain root?

Has anyone tried hosting assetlinks.json file in a query path instead of domain root? Background: We are currently working on Android FIDO Client implementation which interacts with custom FIDO server application. Here is the codelab if you're…
albeee
  • 1,452
  • 1
  • 12
  • 20
3
votes
1 answer

FIDO2 compatibility with U2F/CTAP1

There are many sources that say FIDO2/CTAP2 is backward compatible with U2F: ...all previously certified FIDO U2F Security Keys and YubiKeys will continue to work as a second-factor authentication login experience with web browsers and online…
Robert Quattlebaum
  • 388
  • 2
  • 10
3
votes
1 answer

Usernames exposed by login attempt?

I'm trying to expand my application to support WebAuthn login. So far, I have successfully set up a test application (using this https://github.com/lbuchs/WebAuthn PHP implementation) on my local server. I think I mostly understood the process now,…
LeRainieur
  • 59
  • 4
3
votes
1 answer

How to fix "DOMException" error in Web Bluetooth API?

I'm setting up a Bluetooth LE GATT Server in Android, and want to use Web Bluetooth API in Chrome as a GATT client to check if it properly works. Actually, this is my first step to build a FIDO Authenticator in Android later on. Firstly, I tried to…
Huong
  • 107
  • 2
  • 10
3
votes
0 answers

Chrome and Firefox return different error when click cancel button on browsers popup during FIDO2 credentai get

When I click cancel on dialog Chrome returns NotAllowedError, But Firefox returns AbortError In W3C Webauthn document, It says following thing 18. While lifetimeTimer has not expired, perform the following actions depending upon lifetimeTimer,…
Daichi
  • 198
  • 2
  • 13
2
votes
1 answer

Determine passkey supported devices/browsers visiting my website

I am trying to log the support for Webauthn and Passkeys of the devices/browsers visiting my webapp. I am checking webauthn support this way: window.PublicKeyCredential?.isUserVerifyingPlatformAuthenticatorAvailable().then((e: boolean)=> e) and…
Manoj Amalraj
  • 535
  • 1
  • 5
  • 14
2
votes
2 answers

How to make a browsers recognize my FIDO2 authenticator?

Hi I'm writing my own FIDO2 authenticator implementation. The firmware runs on a SAM E51 Curiosity Nano. I use tinyusb for the communication with the client (raw usb) and can successfully create new credentials and get/verify assertions using the…
r4gus
  • 115
  • 1
  • 11
2
votes
0 answers

Android Fido2ApiClient Custom UI to unlock device

Using com.google.android.gms.fido.fido2.Fido2ApiClient#getSignPendingIntent, and start the intent with androidx.fragment.app.Fragment#startIntentSenderForResult, FIDO2 API for Android handles the biometric authentication with standard UI as…
Andy Witrisna
  • 81
  • 4
2
votes
4 answers

WebauthN and Yubikey to generate keys for symmetric encryption in a browser. Is this hack secure?

I understand that WebauthN is designed to perform authentication, but I'd like to use my Yubikey to create symmetric encryption keys to encrypt content on my web browser without relying on a backend server. Here's my approach: During the assertion…
ucipass
  • 923
  • 1
  • 8
  • 21
2
votes
1 answer

what is extension, user verification, ctap on fido?

I'm studying on FIDO2 these days. There are three questions. In registration process, what is the extension field? purpose, usages What means user verification? I think that user verification is local verification. example, fingerprint on…
Hammmmaaa
  • 21
  • 1
2
votes
1 answer

Difference between key handle and credential id

What is the difference between a key handle and a credential id for WebAuthN? I see mention of the two here in the spec which states that allowCredentials MAY contain a mixture of both WebAuthn credential IDs and U2F key handles but I don't fully…
adoyon23
  • 321
  • 1
  • 5
  • 16
1
2
3
9 10