Integrate FIDO2 step by step ?

[Jesús A. Mata Armendáriz]

Hi, FIDO Devs

I need build a web site with FIDO2, but, what are the steps? I know that It's needed a FIDO Server first but, which is the way to implement it?

Regards

[Jedri Visser]

Here are four open source websites/servers, hope it helps

https://webauthn.io/

https://webauthn.org/

https://webauthn.bin.coffee/
https://webauthndemo.appspot.com/

[Arshad Noor]

Hi Jesus,

You can try our open-source FIDO2 server, which just received FIDO
Alliance certification (as recently as yesterday) at:
https://github.com/StrongKey/FIDO-Server.  You will also find a trivial
web-application - with source - on how to use the WebAuthn APIs to use
this FIDO2 server.

Enjoy!

Arshad Noor
StrongKey

[Bảo Hoa Quốc]

You can do these things:
1. Find a FIDO Server open source to build your own FIDO server
2. Develop your own Relying Party (RP) which you can apply any business:
2.1. Using WebAuthn to develop FIDO Client (FIDO Client can be Browser or Mobile App, your expectation is Browser so you can use WebAuthn)
2.2. Develop your own RP server
3. Buy a FIDO Authenticator (Yubico key, Feitian key or some FIDO key) to test your development

More explain:
- FIDO Authenticator will communicate with FIDO Client (WebAuthn in Browser), the protocol is FIDO2, the messages are CBOR syntax
- FIDO Client will communicate with FIDO Server, but not directly. Actually, FIDO Client will communicate with RP, RP can proceed any logic before forward the message to FIDO Server. So FIDO Server should be a stand alone server which talks with RP by APIs.
- When you complete such a system, you can get certified from FIDO, of course, we need to learn about process of FIDO certification.

More information:
We can actually develop our own FIDO Authenticator as a product, it can be a mobile app. I am also trying to make Mobile FIDO Authenticator.

[Manikanta Bojanki]

Hey Bảo Hoa Quốc,

I have seen that you are trying to make Mobile FIDO authenticator.

I have few questions regarding this. it will be much helpful if you can answer these for me.

Suppose i have made FIDO Authenticator android app, how can I use it to login to a Relying Party web app running in a computer's browser?

i know if i need to log in using mobile browser or mobile app, the communication between FIDO client and FIDO authenticator app is done using Intents.

but how can the web app running in a computer browser can make use of this mobile app authenticator?

One way can be using BLE, but can we connect to the authenticator via Internet or push messages can help?

[Kris Vandermast]

Hi all,

Let me jump in on this. We actually made an SDK and POC app allowing WebAuthn requests between a browser and an Android mobile app. When we analyzed the FIDO2 CTAP2 BLE spec, we found that the primary service should be FIDO’s 0x0FFFD UUID. But as far as I can see, this is only for privileged applications. How do you circumvent this? Or am I missing something here?

Kind regards,

Kris

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/97162a37-5b2b-4646-bed3-d9a23110c9c6%40fidoalliance.org.

[Manikanta Bojanki]

From the specifications mentioned here https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-reg-v1.0-ps-20141208.html

the ATTACHMENT_HINT which describes the method an authenticator uses to communicate with the FIDO User Device, can be ATTACHMENT_HINT_NETWORK, which means the authenticator app can be connected to the client over internet?




The Nok-Nok, who is FIDO partner, has this concept called Out Of Band(OOB) authentication https://www.noknok.com/oob-fido2-authentication/ which uses QR/Push for the communication between the client and the authenticator app. Is this FIDO certified?


On Monday, April 1, 2019 at 2:10:41 PM UTC+5:30, Bảo Hoa Quốc wrote: