Support FIDO2 authentication with devices that don’t have a PIN code #655
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey, thanks for this! I went and created a release v0.1.3 for LibFido2Swift with support for PIN-less assertions |
- This has the new functionality for checking if a device is attached.
- This object was being kept around after being created and as we need it in some other functions it made sense to make it lazy and keep it around that way. - Arguably the FIDO2 instance could be removed after each time it’s been used, but as the FIDO2 class doesn’t have any state stored in it, it seems benign keeping it about for now.
- The Xcode “Run Time Issue” breakpoint was being hit whenever an error was being set, complaining about this being set outside of the main thread.
- We now check if in the handling of two factor option, the option to be used is a SecurityKey. If so, check if a FIDO2 device is attached and if it needs a PIN. - When a PIN is not required, we can just move straight onto assertation, the code for which will present the touch key UI. - Otherwise we fallback to the original flow.
|
@MattKiazyk heya, just wanted to see if we could get this merged in please? Would be nice to use this feature from the main project's build 😁 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for FIDO2 authentication with devices that don’t have a PIN code set.
This depends on a newer release of the
LibFido2Swiftlibrary.At the time of writingLibFido2Swiftonly supports pin-less assertation on the main branch. As such this PR will have to wait until @kinoroy creates a new release on his side.The updated version has now been released and the PR has been updated to reflect this.Some further updates were made on the
LibFido2Swiftlibrary to make PIN-less assertation easier. This PR was updated in turn to improve the UX of the PIN-less authentication flow.The flow now is that when a user tries to log in, if the request needs 2FA - where the second factor is a security key we check:
.securityKeyTouchToConfirmsheet..twoFactorsheet is displayed like before..twoFactorsheet.The button for submitting without a pin was added to be inline with the other buttons on the PIN screen.
Ohh and I addressed a couple of issue that were being caught by the "Run Time Issue" breakpoint. Namely assigning the
authErroroutside of the main thread.