Stack Overflow
Stack Overflow

Questions tagged [webauthn]

Browser API implementing the Web Authentication standard. Credentials are stored on (local) authenticators which use and are accessed using strong cryptography.

See Web Authentication: A Web API for accessing scoped credentials:

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality.

303 questions
0
votes
0 answers

Time out issue while sending MAKE_CREDENTIAL(0x01) response

I am developing Android Authenticator. I am getting the following exception while sending MAKE_CREDENTIAL response. I got this issue while debugging with webauthn.io site. Also tried with https://webauthn.me/debugger# The operation either timed out…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
0 answers

FIDO2 MAKE_CREDENTIAL response issue

I am developing FIDO2 Android authenticator. I just received MAKE_CREDENTIAL request from webauthn client. And then Created Credential Data which includes AAGUID, credential length, credentialId,Public key. Public key will contain curve name,…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
1 answer

WebAuthn / FIDO2 Attestation Object and Client Data JSON Examples

I'm currently building a server library for WebAuthn / FIDO2 registration and authentication. What I have found is that there are a LOT of permutations of what kind of attestation objects that can be sent. I want to be sure that the tests I'm…
Samuel Hawksby-Robinson
  • 2,652
  • 4
  • 24
  • 25
0
votes
2 answers

BLE is not detecting in Chrome browser

I am trying to connect my Android application with web via Bluetooth. But Chrome browser is not detecting my Bluetooth enabled smartphone. I am using Google-FIDO2-Android API. I am working on Chrome Browser 74.0.3729.157 (64-bit), Nexus Phone,…
Chella M
  • 392
  • 1
  • 2
  • 15
0
votes
2 answers

How to parse the attestationObject in Node.js

I have mocked up the response from the front end in Node.js as seen below. the attestationObject parameter is what is returned once the Yubikey has signed the challenge and its been converted to base64 for transport to the node server. What i'm…
Bill
  • 4,614
  • 13
  • 77
  • 132
0
votes
1 answer

Why Fido blocked in web bluetooth but not USB

FIDO is blocked in web-bluetooth due to system-wide pairing poses security risks [source], which I can understand but not entirely sure why the extend to block it. A good ble token design can possible overcome the issue (button on token...etc). But…
Konsy
  • 49
  • 1
  • 8
0
votes
1 answer

webauthn: how can I link my phone to my computer browser

The web authn standard is coming and it works great on my phone. However when trying on my browser on computer I get I would assume we should somehow be able to link our phone with the browser so the phone gets prompted... How can we do this? A…
John
  • 4,786
  • 8
  • 35
  • 44
0
votes
3 answers

Yubikey 5 NFC: get a "packed" attestation statement

With the following javascript request: navigator.credentials.create({ publicKey: { // random, cryptographically secure, at least 16 bytes challenge: new Uint8Array(16), // relying party rp: { id: 'localhost', name: 'My…
Tangui
  • 3,626
  • 2
  • 26
  • 28
0
votes
1 answer

Automatic authentication in desktop browser with WebAuthn

At the Google I/O '18 a demo was shown in which a user authenticates at PayPal by just providing a fingerprint (see YouTube 24:40). This was done in a browser running on a Smartphone which has a fingerprint sensor and requires the browser to…
DeStOv
  • 158
  • 7
0
votes
0 answers

Why won't Google ask user to grant permissions before redirecting to this URL?

I have setup a Google OAuth client application and obtained client_ID and secret key. See the screenshot below. Now, visitors to my website are sent to this URL when they click the "Login with Google" badge:…
Saqib Ali
  • 11,931
  • 41
  • 133
  • 272
0
votes
1 answer

Is there a way to get a stable unique identifier for a U2F device using the Web Authentication API (WebAuthn)?

I would like to build an authentication system where a user can not provide any information (no username, email, etc.) and simply use their U2F device to identify themselves as well as authenticate. From what I can tell from looking at the Web…
David Barratt
  • 546
  • 1
  • 6
  • 24
-1
votes
0 answers

Why can't I log in with a QR code in webauthn?

There is a site https://webauthn.io/ when you click the registration button, a window is displayed: Although I expect this window, which gives the option to choose auto-authentication via qr or other methods: I want to understand why they let me…
Андрей Гордеев
  • 1
  • 2
-1
votes
1 answer

Is this login form with possible with WebAuthn?

I'm trying to plan a rewrite of my website and I want to make it that I can login passwordless with just Windows Hello, TouchID, or FaceID using WebAuthn. All the examples online have a whole popup situation but I want it done like my mockup. I…
Ephraim Becker
  • 87
  • 1
  • 10
-1
votes
2 answers

WebAuthn Issue Due to Split Architecture

I am currently developing in a standalone (Not .Net Core Hosted) Blazor WebAssembly app in .Net 5.0. I have been trying to convert a couple Asp.Net MVC WebAuthn examples over into my Blazor app for Passwordless Authentication. The issue I am…
Anthony Griggs
  • 1,469
  • 2
  • 17
  • 39
-2
votes
1 answer

failed to read publicKey property in navigator.credentials.create

I have following java script code which is called from html page when I receive data from server as part of test code to check my understanding is right. // sample arguments for registration const createCredentialDefaultArgs = { publicKey: { …
venkysmarty
  • 11,099
  • 25
  • 101
  • 184
1 2 3
20
21