fido hybrid ctap help

[David Pettey]

Hi guys, still trying to figure this out. 

I have a roaming mobile authenticator application and I'm trying to get the Hybrid CTAP stuff to work. 

Currently I am able to parse the Fido URI from the QR code to get an object:

{ 

0: h'037E2EF7C65FA68E15ED9B9A4CB72234CCCA8F9B84C76252D52796509B3188AB07', 

1: h'49AA2EF2DE617E4CBA2AE2683D3CED08',

2: 2,

3: 1678113678,

4: true, 

5: "mc",

}

Following these docs: https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#hybrid-qr-initiated 

The next step says to emit a bluetooth advert with this uuid 0000fff9-0000-1000-8000-00805f9b34fb

and a 20 byte service data payload. It doesn't say what that data payload is supposed to contain though.. does anyone have an idea? 

And then the next advert is supposed to contain:
A connection nonce (Should this just be randomly generated or generated based on the qr secret)
A routing ID
and a tunnel ID 

I'm kind of at a loss for the last two all together, so if anyone has any pointers I would greatly appreciate it.

[ram awadhesh]

Hi David,

Hybrid transports apparently are supposed to be specifically reserved for platforms and not for third party applications like ours. Specifically on iOS as far as I know, there isnt any documentation or reference about the service data payload that you mentioned.

Best,

Ram

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/31563c1e-d429-40a3-8809-c4ad85b207f5n%40fidoalliance.org.

[Isaiah Inuwa]

This is correct. iOS apps cannot set BLE service data, so the hybrid BLE transport cannot be implemented by applications. Android does allow apps to set service data, but FIDO still intends this to be implemented by the platform, not by applications.

If you want to provide passkeys for users on their devices, it is best to integrate with the platforms APIs for third-party passkey providers. On Android 14+, you can register your app as a passkey provider using the Credential Manager API[1]. I'm not familiar with the iOS/macOS and Windows platform APIs, so someone will have to comment if/when they will have support for third-party passkey providers.

[1]: https://developer.android.com/training/sign-in/credential-provider

[ram awadhesh]

iOS too provides passkey provider support starting iOS 17 using credential provider extension. However, it does not support passing an attestation.  Link to the documentation - https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/4172626-prepareinterface

[Zora Price]

I'll see what I can do

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CABas3SBYst0PQYgcCauDbY3jMDDd4DNpqte7Ga%3DGg5LQSXQQaQ%40mail.gmail.com.

[Zora Price]

 Good afternoon,

    My name is LAKESHIA PRICE. I was reviewing my mother's email. I've completed a couple of task. Please everyone review 

  Please contact me if you have any questions at phone number 602-397-9407 or email me LAKESHI...@GMAIL.COM.

 Thank you for your time.