exBankID icon indicating copy to clipboard operation
exBankID copied to clipboard

Published 20 hours ago verified publisher icon anfly0

Support for animated QR code

Open anfly0 opened this issue 5 years ago • 7 comments

Add support for generating animated QR-codes. 4.2

  • Add timestamp to authentication and sign responses to keep track of "the number of seconds since the response from auth or sign was returned"
  • For now, only generate the binary needed to create the QR-code.

anfly0 avatar Aug 16 '20 07:08 anfly0

And do something like this to generate the QR-code?

qrStartSecret = "d28db9a7-4cde-429e-a983-359be676944c"
time = "t=0"
:crypto.hmac(:sha256, qrStartSecret, time) |> Base.encode16(case: :lower)

Preen avatar Dec 11 '20 13:12 Preen

I'm not sure that I understand your example 100%, but yes qrAuthCode would have to be computed, and the correct binary would have to be constructed. Feel free to take a crack at implementing this!

anfly0 avatar Dec 11 '20 13:12 anfly0

I'm referring to this:

time is the number of seconds since the result from auth or sign was returned qrAuthCode is computed as HMACSHA256(qrStartSecret, time) where • time is the number of seconds since the response from auth or sign was returned • qrStartSecret is from the auth or sign response.

Screenshot 2020-12-11 at 14 44 20

It's a nice library you've built, will see if I get the time to do this :)

Preen avatar Dec 11 '20 13:12 Preen

Great, we are on the same page! :+1:

anfly0 avatar Dec 12 '20 21:12 anfly0

Hi, I want to integrate swedish bankid with wordpress, so that anyone can signup, signin, show interest in custom post using bankid authorization. Could you please help me or tell me the way of solve this issue.

Thanks in advance.

Regares

Ineedsolution avatar Jul 25 '22 07:07 Ineedsolution

Hej! I would like to help out on this issue. Will get back to you with a PR.

Great job with this library. I would like to offer more support in development and maintenance going forward, if you don't mind.

Kind regards, Carl

carlgleisner avatar Jul 17 '23 10:07 carlgleisner

Hey again 👋🏻

@Preen, I looked into this a while ago (judging by my comment above) and there is no longer a :crypto.hmac/3 function defined. One has to use :crypto.mac/4 instead.

** (UndefinedFunctionError) function :crypto.hmac/3 is undefined or private, use crypto:mac/4 instead
    (crypto 5.3) :crypto.hmac(:sha256, "d28db9a7-4cde-429e-a983-359be676944c", "t=0")

I think that the below would work.

defmodule QRTestModule do
  def generate_qr(qr_start_token, qr_start_secret, time) do
    digest =
      :crypto.mac(:hmac, :sha256, String.to_charlist(qr_start_secret), String.to_charlist(time))
      |> Base.encode16(case: :lower)

    "bankid." <> qr_start_token <> "." <> time <> "." <> digest
  end
end

It would then be used like this using the same numbers as in the documentation that you posted a screenshot of (a few years ago 🙃).

result =
  QRTestModule.generate_qr(
    "67df3917-fa0d-44e5-b327-edcc928297f8",
    "d28db9a7-4cde-429e-a983-359be676944c",
    "0"
  )

expected =
  "bankid.67df3917-fa0d-44e5-b327-edcc928297f8.0.dc69358e712458a66a7525beef148ae8526b1c71610eff2c16cdffb4cdac9bf8"

result == expected

Aaand it works on my machine 😇

true

carlgleisner avatar Oct 29 '23 04:10 carlgleisner