Questions tagged [webauthn]

Browser API implementing the Web Authentication standard. Credentials are stored on (local) authenticators which use and are accessed using strong cryptography.

See Web Authentication: A Web API for accessing scoped credentials:

This specification defines an API that enables web pages to access WebAuthn compliant strong cryptographic credentials through browser script. Conceptually, one or more credentials are stored on an authenticator, and each credential is scoped to a single Relying Party. Authenticators are responsible for ensuring that no operation is performed without the user’s consent. The user agent mediates access to credentials in order to preserve user privacy. Authenticators use attestation to provide cryptographic proof of their properties to the relying party. This specification also describes a functional model of a WebAuthn compliant authenticator, including its signature and attestation functionality.

303 questions

votes

4 answers

Where does credential management api store webauthn related data

WebAuthn includes an extension of the credential management api that allows you to work with public keys. I can go to the chrome settings and check managed passwords to see which username/passwords i have chosen to store in the browser using the…

google-chrome credentials webauthn

asked Jun 02 '20 at 06:26

noi.m

3,070
5
34
57

votes

3 answers

How to implement FIDO2 (WebAuthn) for Android and IOS

I developed a web app which uses WebAuthn API to authenticate using hardware security keys. It works fine. I am trying to implement it natively using Flutter with compatibility for both IOS and Android. Are there any libraries or starting point for…

flutter flutter-plugin webauthn

asked May 24 '20 at 00:23

tambre

votes

4 answers

How to enable fingerprint WebAuthn on iOS

After reading extensive documentation about the WebAuth API i'm unable to successfully enable platform authentication on iOS. I've tried setting the Authenticator Attachment to both cross-platform and platform, they yielded consistent results apart…

ios webauthn

asked May 19 '20 at 02:22

Nick

votes

2 answers

Mobile Authenticator using CTAP2 specifications

I am looking for the use case/scenario for setting up a smart phone as an authenticator using CTAP2 specifications. I am looking for the use case in which a user setup the browser to interact with their smart phone the same way it would when using…

authentication mobile fido-u2f webauthn fido

asked Aug 06 '19 at 15:33

mehak

votes

2 answers

Testing WebAuthn via REST tool?

Is it possible to test this locally via a rest tool. I've created the backend to generate the challenge etc for Registration of new creds, but without the WebAuthn response I'm at a loss if I have created the correct way to digest the response…

postman webauthn

asked Jun 03 '19 at 23:35

Will

8,246
16
60
92

votes

2 answers

WebAuthn retrieve public key and credential id

I have followed this tutorial https://webauthn.guide/#registration I am working with a yubico nfc key and I nearly managed to enroll the security key. I send a random byte challenge from the server to enroll the key, and other data. When I register…

javascript buffer webauthn

asked Apr 09 '19 at 14:00

Alexi Coard

7,106
12
38
58

votes

2 answers

Angular + webauthn = Property 'credentials' does not exist on type 'Navigator'?

I've been trying to add webauthn to an Angular app. This MDN page outlines the necessary steps: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API The important thing is that using the APIs requires access to…

angular definitelytyped webauthn

asked Apr 06 '19 at 17:51

Matt Thomas

5,279
4
27
59

votes

2 answers

Can't understand WebAuthn API error from JavaScript

I am currently building out an AJAX registration endpoint for Django to allow for FIDO2 authentication (physical hardware key login). This is from following the example/documentation from Yubico's official fido2 python library. The only…

javascript django yubico cbor webauthn

asked Dec 27 '18 at 23:24

Cody

votes

3 answers

How do you implement FIDO U2F using Webauthn APIs?

I am currently using the window.u2f APIs to implement U2F two-factor authentication with my website. These are natively available in Firefox (when the about:config flag is enabled) and through Chromium with the u2f-api.js library. My implementation…

fido-u2f webauthn

asked Dec 05 '18 at 20:41

kspearrin

10,238
9
53
82

votes

2 answers

Verify WebAuthn ECDSA signature in ethers.js

Using the SimpleWebAuthn TypeScript package, I have generated a ECDSA-SHA256 key pair and I used the key pair to sign a challenge. The SimpleWebAuthn package uses crypto.webcrypto.subtle (see this line) to verify the signature. I want to verify the…

typescript ethereum ecdsa ethers.js webauthn

asked Dec 16 '22 at 04:31

Yao

votes

2 answers

Problem of signature with webauthn on django with djoser

I'm working at the moment on an implementation of webauthn on a project. The main point is to give the possibility to user to use FaceId or fingerprint scan on their mobile on the website. I tried the djoser version of webauthn but I wanted to give…

python django django-rest-framework webauthn djoser

asked Nov 29 '22 at 14:47

thelittlewozniak

votes

1 answer

Keycloak login form - default Security Key with Username&Password as alternative

I have configured my Keycloak Authentication Flow with following Executions: WebAuthn Passwordless Authenticator, Cookie, Identity Provider Redirector, Username Password Form as follows: When I want to login I see login form with Username&password…

authentication keycloak webauthn

asked Aug 31 '22 at 14:34

shobull

3,690
1
19
26

votes

2 answers

What information does FIDO2 url contain and how can we decode it in Swift?

In WWDC 2022 Apple launched GA for Passkeys which will enable in FIDO2 authentication, the next gen open standards based authentication mechanism to replace passwords. On a Relying Party (RP) server supporting FIDO2 when a user registration is…

ios swift authentication webauthn fido

asked Aug 03 '22 at 16:43

letsbondiway

votes

0 answers

DOMException: The operation failed for an unknown transient reason when trying webauthn

I want to implement a register/login system with webauthn. My server is running NodeJS(express) and my frontend is React. I am using the fido2-lib library on my backend. The problem is that when I call navigator.credentials.create, I get the error:…

javascript typescript webauthn fido-u2f

asked Apr 05 '22 at 13:37

dlllinks

votes

2 answers

Using `navigator.credentials.get()` in cross-origin iframe gives error "'publickey-credentials-get' feature is not enabled in this document"

Getting the error while logging into an iframe through webauthn. The 'publickey-credentials-get' feature is not enabled in this document. Permissions Policy may be used to delegate Web Authentication capabilities to cross-origin child frames. Here…

iframe response-headers webauthn fido http-permissions-policy

asked Jan 22 '22 at 20:55

tarun14110

Prev 1 2

…

20 21 Next