ritou / elixir-web_authn_lite Goto Github PK
View Code? Open in Web Editor NEWW3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Elixir
License: MIT License
W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Elixir
License: MIT License
WebAuthnLite.Operation.Register
WebAuthnLite.Opration.Authenticate
HI ritou.
When updating OTP to 24 series, it is necessary to update jose due to the influence of changes around crypto.
But web_authn_lite does not work when jose v1.10.0.
defp deps do
[
{:jose, "1.10.0"}, # Successes when 1.9
...
]
end
stacktrace example.
** (CaseClauseError) no case clause matching: 43
stacktrace:
(jose 1.10.0) src/base/jose_base64url.erl:205: :jose_base64url."-decode!/2-lbc$^0/2-0-"/2
(jose 1.10.0) src/base/jose_base64url.erl:205: :jose_base64url.decode!/2
(jose 1.10.0) src/jwk/jose_jwk_kty_rsa.erl:462: :jose_jwk_kty_rsa.from_map_rsa_public_key/2
(jose 1.10.0) src/jwk/jose_jwk.erl:300: :jose_jwk.from_map/1
(jose 1.10.0) lib/jose/jwk.ex:135: JOSE.JWK.from_map/1
(web_authn_lite 0.1.4) lib/web_authn_lite/credential_public_key/rs256.ex:20: WebAuthnLite.CredentialPublicKey.RS256.from_cbor_map/1
test/lib/web_authn_lite/credential_public_key_test.exs:52: (test)
AttestationObject
-> Format
-> AuthenticatorData
-> AttestationStatement
In strict terms, the current code does not allow attested_credential_data to be obtained when the ED flag is True.
If ED=true, the following implementation is required.
Check the flag to see if it is a passkey that can be synchronized.
- Bit 3: [Backup Eligibility](https://www.w3.org/TR/webauthn-3/#backup-eligibility) (BE).
1 means the [public key credential source](https://www.w3.org/TR/webauthn-3/#public-key-credential-source) is [backup eligible](https://www.w3.org/TR/webauthn-3/#backup-eligible).
0 means the [public key credential source](https://www.w3.org/TR/webauthn-3/#public-key-credential-source) is not [backup eligible](https://www.w3.org/TR/webauthn-3/#backup-eligible).
- Bit 4: [Backup State](https://www.w3.org/TR/webauthn-3/#backup-state) (BS).
1 means the [public key credential source](https://www.w3.org/TR/webauthn-3/#public-key-credential-source) is currently [backed up](https://www.w3.org/TR/webauthn-3/#backed-up).
0 means the [public key credential source](https://www.w3.org/TR/webauthn-3/#public-key-credential-source) is not currently [backed up](https://www.w3.org/TR/webauthn-3/#backed-up).
Bit 5: Reserved for future use (RFU2).
Update the function so that FIDO Server can be implemented using this library.
Server Requirements and Transport Binding Profile Review Draft, July 02, 2018
$ mix deps.clean --all
$ mix deps.get
* Getting cbor (https://github.com/yjh0502/cbor-erlang.git)
remote: Enumerating objects: 42, done.
remote: Total 42 (delta 0), reused 0 (delta 0), pack-reused 42
Resolving Hex dependencies...
Dependency resolution completed:
Unchanged:
base64url 0.0.1
jason 1.1.2
jose 1.8.4
* Getting jose (Hex package)
* Getting jason (Hex package)
* Getting base64url (Hex package)
$ mix test
==> base64url (compile)
Compiled src/base64url.erl
==> jose
Compiling 89 files (.erl)
Compiling 8 files (.ex)
Generated jose app
==> jason
Compiling 8 files (.ex)
Generated jason app
===> Compiling cbor
==> web_authn_lite
Compiling 14 files (.ex)
Generated web_authn_lite app
..................
Finished in 0.2 seconds
3 doctests, 15 tests, 0 failures
Randomized with seed 619071
$ mix hex.build
** (UndefinedFunctionError) function :cbor.app/1 is undefined (module :cbor is not available)
:cbor.app({:cbor, nil, [github: "yjh0502/cbor-erlang"]})
(elixir) lib/enum.ex:1294: Enum."-map/2-lists^map/1-0-"/2
(hex) lib/mix/tasks/hex.build.ex:251: Mix.Tasks.Hex.Build.dependencies/0
(hex) lib/mix/tasks/hex.build.ex:130: Mix.Tasks.Hex.Build.prepare_package/0
(hex) lib/mix/tasks/hex.build.ex:91: Mix.Tasks.Hex.Build.run/1
(mix) lib/mix/task.ex:314: Mix.Task.run_task/3
(mix) lib/mix/cli.ex:80: Mix.CLI.run_task/2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.