Questions tagged [webauthn]

Browser API implementing the Web Authentication standard. Credentials are stored on (local) authenticators which use and are accessed using strong cryptography.

See Web Authentication: A Web API for accessing scoped credentials:

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality.

303 questions

votes

1 answer

Is android safety net nonce equivalent to web authnn's challenge?

How similar is android SafetyNet to Web Authnn? Is the challenge passed to the WebAutnn's authenticator to generate an attestation object equivalent to the nonce that is passed to Android SafetyNet? Can I use a nonce with WebAuthnn as the challenge?

asked May 13 '20 at 14:10

Lucas Vieira

votes

1 answer

how to use webauthn-json to encode

I am trying to implement webauthn in a rails application, I'm trying to follow along with this github repo: https://github.com/cedarcode/webauthn-ruby I have the server challenge working great, it gets sent to the browser: options =…

webauthn

asked May 10 '20 at 23:08

user1130176

1,772
1
23
33

votes

1 answer

Web Authentication: Can't Authenticate using fingerprint

I have implemented WebAuthn registration for android-safetynet. Where I can register using my fingerprint. However, I am not given an option to authenticate using a fingerprint. What can be the reason behind this? This is the Object provided to…

android android-fingerprint-api webauthn safetynet

asked Apr 07 '20 at 14:53

Rahul Rathod

votes

1 answer

WebView Class (Windows.UI.Xaml.Controls) does not support WebAuthn in WPF

I have a WPF application using WebView class to launch browser. My need is to load a url that invokes WebAuthn functionality. Target URL is https://demo.yubico.com. But I get the error as browser not supported? Is there any work around for the…

c# wpf webauthn

asked Apr 02 '20 at 15:19

ganesh

votes

1 answer

Webauthn credential verifiation with fido2.dll fro Yubico

I started to interface yubicos fido2.dll in Delphi and was able to interface it according to the provided examples. Now I want to go a step further and use the dll on an e.g. apache server to handle credential creation and assertion. So.. for this…

delphi webauthn yubico cbor

asked Mar 06 '20 at 15:55

mrabat

votes

1 answer

Why would a phishing website ask user to go through webauthn, instead it can plainly ask for username/password?

I understand that FIDO webauthn protocol is phishing proof, but why would a phishing website ask user to go through webauthn, instead it can plainly ask for username/password. What im trying to imply is that FIDO is phishing proof for a service only…

webauthn fido-u2f fido

asked Mar 04 '20 at 06:09

sunnyX

votes

1 answer

Using the navigator credentials api with phone touch id

I'm trying to create a hobby project for the webauthn api. I have a page which creates a credential and it (correctly) prompts us to use security key. I'd like to use my touchid (on the samsung s9) or touchid on my mac to create the credential…

public-key-encryption webauthn

asked Feb 25 '20 at 07:35

noi.m

3,070
5
34
57

votes

0 answers

Occasional NotSupportedError exception using WebAuthn

We use WebAuthn. Although, some devices throw exceptions NotSupportedError: The user agent does not support public key credentials. Here is how we check if platform auth feature is available: async function isWebAuthn() { return Boolean( …

javascript google-chrome webauthn

asked Jan 27 '20 at 22:17

Vasyl Boroviak

5,959
5
51
70

votes

1 answer

WebAuthn, getting the credentialPublicKey length

After parsing the CBOR attestationObject, and I'm now trying to parse the authData. This contains: https://w3c.github.io/webauthn/#authenticator-data 32 bytes, rpIdHash 1 byte, flags (includes the AT and ED flags) 4 bytes, signCount ? bytes,…

webauthn

asked Jan 18 '20 at 10:41

Craig Francis

1,855
3
22
35

votes

1 answer

WebAuthN and BouncyCastle in .Net

I am working on a proof of concept for YubiKey and webAuthN; I think I have the basic steps down, but I'm having some issues verifying the signature; there are a couple of places where this may be going wrong for me: 1) When I do a…

.net bouncycastle ecdsa webauthn

asked Jan 03 '20 at 18:29

Jonathan VanLeuvan

votes

0 answers

credentials on publicKey needs for a USB Key everytime

When i try to login using WebAuthn on navigator.credentials.get(). I need to push some values on property allowCredentials because Chrome Mobile it does not allow empty allowCredentials. The hard part is inside the transports property, because…

javascript webauthn

asked Dec 27 '19 at 21:24

Isaías Orozco Toledo

1,919
5
19
35

votes

1 answer

How to use FIDO credentials with WebAuthn on mobile

I have implemented desktop browser based U2F using the firefox-built-in and chrome-with-javascript U2F API. I've followed the basic recipe here: https://github.com/castle/ruby-u2f For each physical device, I have 4…

javascript nfc fido-u2f webauthn

asked Dec 17 '19 at 12:29

user1130176

1,772
1
23
33

votes

1 answer

Identity Server 4 with WebAuthN - using GrantType (FIDO 2.0)

I'm using Identity Server 4 to authenticate users with WebAuthN (https://w3c.github.io/webauthn/). I have multiple clients that that hit an api client. My api client is responsible for deciding which auth provider to use, passing data (server to…

identityserver4 webauthn fido

asked Oct 21 '19 at 00:18

garethb

3,951
6
32
52

votes

1 answer

Webauthn extension HMACSecret with yubikey

I'm having trouble understanding how to use webauthn extension HMAC Secret with a yubikey 4 or 5 on a browser. According to mozilla, webauthn extension HMAC secret is now available on Firefox 69. But if I go to Webauthn test app, add a new…

webauthn yubico

asked Oct 20 '19 at 17:49

Babelouest

votes

1 answer

iOS Fido2 BLE authenticator register response issue

I'm building an iOS ble fido2 authenticator. After receiving the register request sending the below register response (NONE attestation) as 3 chunks (chunksize 101). Also made sure chunks are received successfully But webauthn client is not sending…

ios webauthn fido

asked Sep 23 '19 at 07:57

SaRaVaNaN DM

4,390
4
22
30

Prev 1 2 3

…

20 21 Next