webauthn-ruby
webauthn-ruby copied to clipboard
cedarcode
WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
Both - `WebAuthn::AuthenticatorAttestationResponse#verify` and - `WebAuthn::AuthenticatorAssertionResponse#verify` accept the parameter `expected_origin`, but the calling methods - `PublicKeyCredentialWithAttestation#verify` and - `PublicKeyCredentialWithAssertion#verify`, respectively, do not. We have a multi-tenant system where each tenant...
After updating several dependencies in 2.5.2 release we need to update dependencies and ruby version and rerun our conformance tests in `spec/conformance`
Bumps [rack](https://github.com/rack/rack) from 2.0.8 to 2.2.3. Changelog Sourced from rack's changelog. [2.2.3] - 2020-06-15 Security [CVE-2020-8184] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
There are certain setups that will try to do loading for us (e.g. Rails, or more specifically, Zeitwerk) which infer that if we have a `webauthn.rb` file, it will define...
As laid out in this article from August 2020: https://hwsecurity.dev/2020/08/webauthn-pin-bypass/ Android 7+ (possibly other phone OS too ?) currently don't have a properly configured NFC system for Yubikeys when it...
## What Add capability of handling internally the extension `App ID` in order for it to replace `RP ID` in cases when user is authenticating with a migrated U2F credential....
Depends on https://github.com/cedarcode/cose-ruby/issues/48.
This fixes #350, which pointed out a bug in certain browser/device combinations that allow bypassing the user's PIN if the `user_verfication: true` flag is not set. https://hwsecurity.dev/2020/08/webauthn-pin-bypass/
## context The correct method for `RelyingParty` is `options_for_registration`, but it's `options_for_create` in the document. This PR fixes the typo
