Stack Overflow
Stack Overflow

Questions tagged [fido]

FIDO (Fast IDentity Online) is an organization which aims to substitute old password authentication with modern password-less solutions. It tries to achieve that by introducing three main protocols : UAF, U2F, FIDO2. Use this tag for questions referring to the FIDO protocols (UAF, U2F, FIDO2).

144 questions
0
votes
1 answer

Few open questions around FIDO2 webauthn and U2F

I've read in multiple places that since U2F doesn’t have a concept of a user it can be used as one of the factors for login (in MFA) but not ideal for passwordless whereas webauthn has the concept of users which could help with passwordless. My…
noi.m
  • 3,070
  • 5
  • 34
  • 57
0
votes
2 answers

Is assetlinks.json file hosting mandatory for FIDO?

I have a question regarding FIDO2. Little background: My company has decided to go with FIDO2 for user account management. So we've created a FIDO Server wrapper which mainly uses yubico webauthn library.   In Android side, we are using…
albeee
  • 1,452
  • 1
  • 12
  • 20
0
votes
1 answer

Do we really need to host assetlinks.json file for an Android App?

According to Google FIDO Documentation, Only websites require digital asset link file for interoperability. https://developers.google.com/identity/fido/android/native-apps#interoperability_with_your_website Do we really need to host…
albeee
  • 1,452
  • 1
  • 12
  • 20
0
votes
1 answer

AAD - FIDO implementation

On our existing AAD, we are trying to integrate with FIDO2 authentication. As part of this integration b/w AAD & FIDO, in azure portal under "Security Authentication methods | Authentication method policy (Preview)" AD Admin have been provided UI…
191180rk
  • 735
  • 2
  • 12
  • 37
0
votes
1 answer

Why would a phishing website ask user to go through webauthn, instead it can plainly ask for username/password?

I understand that FIDO webauthn protocol is phishing proof, but why would a phishing website ask user to go through webauthn, instead it can plainly ask for username/password. What im trying to imply is that FIDO is phishing proof for a service only…
sunnyX
  • 87
  • 2
  • 12
0
votes
1 answer

Identity Server 4 with WebAuthN - using GrantType (FIDO 2.0)

I'm using Identity Server 4 to authenticate users with WebAuthN (https://w3c.github.io/webauthn/). I have multiple clients that that hit an api client. My api client is responsible for deciding which auth provider to use, passing data (server to…
garethb
  • 3,951
  • 6
  • 32
  • 52
0
votes
1 answer

iOS Fido2 BLE authenticator register response issue

I'm building an iOS ble fido2 authenticator. After receiving the register request sending the below register response (NONE attestation) as 3 chunks (chunksize 101). Also made sure chunks are received successfully But webauthn client is not sending…
SaRaVaNaN DM
  • 4,390
  • 4
  • 22
  • 30
0
votes
1 answer

U2F - TypeError | not able to register key

I've recently started looking at U2F in Node.js and Javascript. I get the error: TypeError: Cannot read property 'registerResponse' of undefined Before receiving the error on the server i get the following returned: {errorCode: 5, errorMessage:…
Stian Instebo
  • 653
  • 1
  • 12
  • 31
0
votes
1 answer

FIDO Authentication using windows hello and webauth

Would like to implement FIDO authentication for our web application using 'windows hello' as authenticator & 'WebAuthn' protocol. Please let me know the steps involved. Which windows OS version & its build version supports windows hello ? How to…
191180rk
  • 735
  • 2
  • 12
  • 37
0
votes
0 answers

Time out issue while sending MAKE_CREDENTIAL(0x01) response

I am developing Android Authenticator. I am getting the following exception while sending MAKE_CREDENTIAL response. I got this issue while debugging with webauthn.io site. Also tried with https://webauthn.me/debugger# The operation either timed out…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
0 answers

FIDO2 MAKE_CREDENTIAL response issue

I am developing FIDO2 Android authenticator. I just received MAKE_CREDENTIAL request from webauthn client. And then Created Credential Data which includes AAGUID, credential length, credentialId,Public key. Public key will contain curve name,…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
2 answers

BLE is not detecting in Chrome browser

I am trying to connect my Android application with web via Bluetooth. But Chrome browser is not detecting my Bluetooth enabled smartphone. I am using Google-FIDO2-Android API. I am working on Chrome Browser 74.0.3729.157 (64-bit), Nexus Phone,…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
1 answer

Why Fido blocked in web bluetooth but not USB

FIDO is blocked in web-bluetooth due to system-wide pairing poses security risks [source], which I can understand but not entirely sure why the extend to block it. A good ble token design can possible overcome the issue (button on token...etc). But…
Konsy
  • 49
  • 1
  • 8
0
votes
1 answer

Yocto CI Build number ? PR Service do not increment ${PR}

I'm trying to use the PR Service of Yocto (fido) but each time I launch bitbake on my recipe the package get the ${PR}=r0. local.conf INHERIT += "buildhistory" BUILDHISTORY_COMMIT = "1" PRSERV_HOST = "localhost:0" recipe.bb SRCREV =…
erakis
  • 60
  • 3
  • 12
0
votes
1 answer

BluetoothPairingStateProvider: getUuids() returns null for device

Context: I am working on a FIDO-U2F bluetooth authenticator with a nRF52 BLE SoC. and want it to test with google example. So far I have implemented the FIDO Bluetooth specification and I have a device that advertises as a FIDO-compatible…
n0p
  • 3,399
  • 2
  • 29
  • 50
1 2 3
9
10