can't connect to "cable.ua5v.com" from my authenticator

152 views
Skip to first unread message

Levi

unread,
Aug 23, 2023, 10:56:38 AM8/23/23
to FIDO Dev (fido-dev)
hello everybody.
I'm trying to build a mobile authenticator using fido2.2.
the protocol list 2 optional relays to communicate with the client platform.
but when im trying to connect through a websocket it says that the connection is not upgraded to websocket.
i tried to use the code from the docs (image attached) and im getting "bad handshake". is there anyone who tried it and can help me?

thanks in advance!
ws-connect.jpg

Tim Cappalli

unread,
Aug 23, 2023, 11:11:08 AM8/23/23
to Levi, FIDO Dev (fido-dev)
Hybrid transport (and CTAP in general) is implemented by the mobile platform and not something you implement in your application. If you are trying to build a software-based passkey authenticator on mobile, you need to create a passkey provider app that interfaces with the platform using the appropriate system APIs (Android | iOS


--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/79952135-b723-427d-a193-3a250e9e3304n%40fidoalliance.org.

Adam Langley

unread,
Aug 25, 2023, 9:27:31 AM8/25/23
to FIDO Dev (fido-dev), Tim Cappalli, Levi
On Wednesday, August 23, 2023 at 8:11:08 AM UTC-7 Tim Cappalli wrote:
Hybrid transport (and CTAP in general) is implemented by the mobile platform and not something you implement in your application. If you are trying to build a software-based passkey authenticator on mobile, you need to create a passkey provider app that interfaces with the platform using the appropriate system APIs (Android | iOS

Tim is correct, but also note that an authenticator owns its tunnel service. So cable.ua5v.com is specific to the hybrid implementation in Chrome on Android and Play Services. Apple devices use a different tunnel service and, if there was a different mobile OS that wanted to be an authenticator,  it would need its own tunnel service.


Cheers

AGL 
Reply all
Reply to author
Forward
0 new messages