Current Reference Implementation for a Mobile Authenticator
749 views
Skip to first unread message
Michael
May 11, 2019, 5:17:10 PM5/11/19
to FIDO Dev (fido-dev)
Given all the changes in the past few weeks, does anyone have a link to a current reference implementation for WebAuthn using a mobile authenticor?
I have spent hours searching. Please help! :)
Emanuele Cesena
May 11, 2019, 5:28:16 PM5/11/19
to Michael, FIDO Dev (fido-dev)
Can you clarify what do you mean?
Depending how do you define things, there’s no such thing like a mobile authenticator, meaning that in the context of webauthn the authenticator (i.e. the security key) should be able to directly talk to the browser via usb, nfc or ble. Today you can use an android phone (so a mobile device) as a security key, talking to chrome via ble (though I’m unclear if this is ctap2-ble or a custom protocol).
Again, maybe I’m misled by definitions, but to the best of my knowledge there’s currently no reference implementation of an authenticator.
Best,
On May 11, 2019, at 2:17 PM, Michael <mduf...@gmail.com> wrote:
Given all the changes in the past few weeks, does anyone have a link to a current reference implementation for WebAuthn using a mobile authenticor?I have spent hours searching. Please help! :)
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ba24b31a-a204-42da-ace9-d72ecc7de547%40fidoalliance.org.
James Barclay
May 11, 2019, 5:34:04 PM5/11/19
to Emanuele Cesena, Michael, FIDO Dev (fido-dev)
Hi Michael and Emanuele,
If you’re referring to a reference implementation of an Android application that functions as an authenticator, we (Duo Labs) have an Android library for this, which abstracts quite a bit of the WebAuthn authenticator operations and can be used to implement your own authenticator app.
Hope this helps.
--
James Barclay
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5702647A-1B01-4D43-8C9B-B3A5C019D3C9%40gmail.com.
Michael
May 12, 2019, 2:14:06 PM5/12/19
to FIDO Dev (fido-dev), emanuel...@gmail.com, mduf...@gmail.com
Thx. This is exactly what I am looking for: "a reference implementation of an Android application that functions as an authenticator".
This is really good information, especially https://webauthn.guide/.
Is there a really good process flow diagram for WebAuth using an Android application as an authenticator?
On Saturday, May 11, 2019 at 4:34:04 PM UTC-5, James Barclay wrote:
Hi Michael and Emanuele,If you’re referring to a reference implementation of an Android application that functions as an authenticator, we (Duo Labs) have an Android library for this, which abstracts quite a bit of the WebAuthn authenticator operations and can be used to implement your own authenticator app.
Hope this helps.--James Barclay
Can you clarify what do you mean?Depending how do you define things, there’s no such thing like a mobile authenticator, meaning that in the context of webauthn the authenticator (i.e. the security key) should be able to directly talk to the browser via usb, nfc or ble. Today you can use an android phone (so a mobile device) as a security key, talking to chrome via ble (though I’m unclear if this is ctap2-ble or a custom protocol).Again, maybe I’m misled by definitions, but to the best of my knowledge there’s currently no reference implementation of an authenticator.Best,
On May 11, 2019, at 2:17 PM, Michael <mduf...@gmail.com> wrote:
Given all the changes in the past few weeks, does anyone have a link to a current reference implementation for WebAuthn using a mobile authenticor?I have spent hours searching. Please help! :)--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/ba24b31a-a204-42da-ace9-d72ecc7de547%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido...@fidoalliance.org.
Michael Duffy
May 27, 2019, 2:13:20 PM5/27/19
to FIDO Dev (fido-dev)
Actually, what I am looking for is a roaming authenticator that is implemented over BLE to an Android smart phone.
Does anyone have a working example?
Marcus Henriksbø
Jun 12, 2019, 6:26:08 AM6/12/19
to FIDO Dev (fido-dev)
Hi, have you found a solution?
Sravz
Jun 14, 2019, 1:28:25 AM6/14/19
to FIDO Dev (fido-dev)
Hi Michael,
Use https://github.com/freeu2f/freeu2f-android as a reference for BLE.
This is implemented for u2f but BLE implementation might be useful for you.
mehak zahra
Aug 2, 2019, 8:47:55 AM8/2/19
to FIDO Dev (fido-dev)
Hi Members,
Does anyone here have a link to any demo implemented in android using CTAP2 specifications?
John Bradley
Aug 2, 2019, 12:46:15 PM8/2/19
to fido...@fidoalliance.org
I think you need to be clearer on your use case.
Are you looking for a app on Android that uses the Android WebAuthn API, like Firefox and some other apps are doing?
Or are you looking for a way to provide a CTAP2 API over some transport?
The latter you probably wont find as people are waiting for the announced caBLE functionality in Android to be opened up to third parties, rather than just for Google login as it is now.
John B.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/1e62c7d0-12e7-4376-9a6e-d3efee21ae34%40fidoalliance.org.
SABIR ALI
Sep 4, 2019, 3:00:42 AM9/4/19
to FIDO Dev (fido-dev)
Maybe this is what you're looking for.
Although this is for U2F, but might be a good start for someone looking for CTAP2 roaming authenticator.
-Sabir,
Sravz
Sep 23, 2019, 5:00:45 AM9/23/19
to FIDO Dev (fido-dev)
use the below links for the android authenticator implementation:
Tanmay Sawant
Sep 14, 2022, 7:51:04 PM9/14/22
to FIDO Dev (fido-dev), Michael
Hi Michael,
Were you able to develop the mobile authenticator? Can you share any insights or useful resources?
Thanks!
Richard Maher
Sep 15, 2022, 10:36:44 PM9/15/22
to Tanmay Sawant, FIDO Dev (fido-dev), Michael
Not sure that I understand the question but Tim gave this answer to the How do I use mobile phone over bluetooth question: -
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f6bc28b3-a966-467e-9b8f-e30c7b369041n%40fidoalliance.org.
Rick
Sep 16, 2022, 5:46:25 AM9/16/22
to FIDO Dev (fido-dev), mah...@googlemail.com, FIDO Dev (fido-dev), Michael, tanmay...@gmail.com
I'm not sure this applies but I have successfully implemented a FIDO2 authenticator app. The Android build is working well, I think. The Apple build still awaits the BLE interface, a result of a small tiff over eligibility. I'll be finishing that after my current project adding FIDO2 push to the app. The app, AffirmID Auth, is beta test from respective stores. The FIDO2 part of dev was a snap, the BLE part, well not so much. Firebase Push is progressing well with Oct beta date target.
Reply all
Reply to author
Forward
0 new messages