Comments (3)
Pin auth on windows 10 curently requires RS256. Currently, this lib doesn't support RS256 due to the difference in creating the public key
https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/windows-integration/web-authentication
There has recently been a commit to enable internal authenticators for authenticating, try updating your package and see if that helps?
a825098
from webauthn.
As of yesterday, Windows 10 has finally allowed me to update to 1903 which this functionality is in, and I have also acquired a USB fingerprint reader for it, which works with Windows Hello and does indeed work with webauthn.io. @benajamindoe is correct, the alg setting in the public key creation is different. Windows Hello seems to use -257, which apparently is RSA with SHA256 v1.5 for the fingerpirnt reader. Since the Yubico key still works with Windows Hello (it definitely now goes through it), my assumption is alg depends on the device (or driver) rather than Windows Hello itself.
I looked at the code for webauthn.io, and I can see what it is doing. It wouldn't be enormously hard, I think, to translate it into PHP for the same PK algorithms they support. The project is in Go, so we can't use it directly. Maybe there's a case for wrapping that in e.g. a REST interface for local use on the server as an alternative to re-coding in PHP, otherwise there will be constant catch-up needed. I am assuming the authors of webauthn.io are close to the webauthn project.
The github code in Go is here: https://github.com/duo-labs/webauthn and the critical file is https://github.com/duo-labs/webauthn/blob/master/protocol/webauthncose/webauthncose.go
They also seem to have separate code for Android. Though in earlier reports, it seems others have some success in using this library with an Android Pi fingerprint reader.
from webauthn.
my assumption is alg depends on the device (or driver) rather than Windows Hello itself.
So according to the spec you list the algs you want in priority order. However, the browser can chose which alg it wants to use. As browsers all go through Windows Security, it will be that which determines the alg used. From my tests, Windows Security will always favour Windows Hello above external authenticators
from webauthn.
Related Issues (20)
- Icon in rp
- Bio-metric Authentication HOT 12
- Trim unnecessary stuff HOT 2
- Timeout not implemented? HOT 2
- iphone safari browser is not working HOT 8
- Windows + FIDO + Securitykey return fmt as packed in the attestationobject
- `composer require` fails with InvalidArgumentException HOT 2
- Firefox has started returning an error on registration HOT 1
- Safari: registration failed: Bad Request: cannot decode key response (5) HOT 3
- Setting unknown property: appid for local host HOT 5
- 500 / Couldn't initiate registration HOT 2
- phpseclib3 HOT 4
- Multiple Keys per user HOT 3
- couldn't initiate login: SyntaxError: Unexpected end of JSON input: HOT 2
- Add support for discoverable credentials (passkeys) HOT 1
- problem authenticating - abort HOT 5
- aaguid empty HOT 10
- Android 9 fails to offer choice of finger print HOT 1
- iOS 17.4.1
- 1Password passkeys
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn.