Comments (3)
Yes, that's the default behaviour.
When someone registers a key, the WebAuthn::register function returns a string which you should store with your user record in your user database. If it's the first time, pass in an empty string as the second parameter of register ($userwebauthn), but if you already have a registration, pass in the existing string from the user record, and once complete, replace it with the new string from the register function. The easiest way to do this is when you first add the user record, set the registration string as an empty string, always pass it in to register, and always save the result back to the user record afterwards.
This works because on return from register() the string actually contains a JSON array of keys and if passed an array to start with it adds to it. The authentication challenge checks against all of them.
If you try to do this in the example, it says 'user already exists', but that's because there's no other authentication in the example, so people could deliberately or inadvertently to each others keys (in real world, your user would usually have to be already authenticated to be able add an additional registration). If you run your own copy of the example, with the check for duplicate user replaced with retrieval of an existing user record, you should find it will allow you to add additional keys for that user, i.e. in the example index.php instead of
if (file_exists(userpath($username))) {
oops("user '{$username}' already exists");
}
/* Create ... /
$user = (object)['name'=> $username,
'id'=> $userid,
'webauthnkeys' => $webauthn->cancel()];
saveuser($user);
put something like
if (file_exists(userpath($username))) {
$user = getuser($username);
} else {
$user = (object)['name'=> $username,
'id'=> $userid,
'webauthnkeys' => $webauthn->cancel()];
saveuser($user);
}
from webauthn.
Thank you for the fast response, but how can I send the user multiple challenges to solve?
from webauthn.
The way I do this in an app that uses the library is the user account gets created with a password initially, then once they are logged in there's a button in the user interface which lets them add a key. They can just use that button on different platforms as often as necessary, for example with FaceID on their iPhone, fingerprint on their iPad and Windows Hello on Windows.
If you want to use it for 2FA rather than the primary authentication method, you'd do much the same - you'd have a button to add 2FA once they are logged in, which they can use as many times as they want on different platforms (perhaps alongside one to add a TOTP 2FA app, or text message as alternatives to a webauthn key).
If you ONLY want to have logins using a key, you're going to have to find a way for them to authenticate on another platform to add a key to their account. You could do it like a password reset - so they can send themselves a temporary, time-limited token to their email, which they then open on the second platform, which logs them in, and they can then add another token by pressing a button.
I hope it is obvious that you have to know for sure who they are before you can add a second or more keys to their account: that's not a limitation of the code, it's fundamental, or other people could add keys to someone's account.
from webauthn.
Related Issues (20)
- Icon in rp
- Bio-metric Authentication HOT 12
- Trim unnecessary stuff HOT 2
- Timeout not implemented? HOT 2
- iphone safari browser is not working HOT 8
- Windows + FIDO + Securitykey return fmt as packed in the attestationobject
- `composer require` fails with InvalidArgumentException HOT 2
- Firefox has started returning an error on registration HOT 1
- Safari: registration failed: Bad Request: cannot decode key response (5) HOT 3
- Setting unknown property: appid for local host HOT 5
- 500 / Couldn't initiate registration HOT 2
- phpseclib3 HOT 4
- couldn't initiate login: SyntaxError: Unexpected end of JSON input: HOT 2
- Add support for discoverable credentials (passkeys) HOT 1
- problem authenticating - abort HOT 5
- aaguid empty HOT 10
- Android 9 fails to offer choice of finger print HOT 1
- iOS 17.4.1
- 1Password passkeys
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn.