yubikey icon indicating copy to clipboard operation
yubikey copied to clipboard

Published 20 hours ago verified publisher icon enygma

Add posibility HTTPS without apikey signature

Open munikes opened this issue 8 years ago • 3 comments

Add the possibility to send otp code without apikey, behind only HTTPS protocol.

munikes avatar Mar 17 '16 13:03 munikes

Just curious, if this removes the API key how does the service verify who is making the request?

enygma avatar Mar 18 '16 10:03 enygma

In this link https://developers.yubico.com/yubikey-val/Getting_Started_Writing_Clients.html, say that if you are using https, its not necessary to verify the request only if you want. I supposed, because you send a request with ssl and response is secure too.

Sorry for my english.

On 18/03/16 11:50, Chris Cornutt wrote:

Just curious, if this removes the API key how does the service verify who is making the request?

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/enygma/yubikey/pull/20#issuecomment-198303332

munikes avatar Mar 18 '16 11:03 munikes

I think, I've already made all the changes you asked.

munikes avatar Mar 21 '16 10:03 munikes