authenticator-rs icon indicating copy to clipboard operation
authenticator-rs copied to clipboard

Published 20 hours ago verified publisher icon mozilla

Support CTAP 2.0

Open jcjones opened this issue 7 years ago • 17 comments

Review Draft: https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido-client-to-authenticator-protocol-v2.0-rd-20161004.html

jcjones avatar Aug 10 '17 04:08 jcjones

...also that implies maybe we'll want to rename this lib to something like "authtoken-hid-rs" ? 😀

jcjones avatar Aug 28 '17 21:08 jcjones

Note that for CTAP, we'll probably be calling OS-specific libraries that abstract away from HID, so more like how FIDO looks on Android now.

jcjones avatar Sep 19 '17 03:09 jcjones

Work has begun in the CTAP2 branch: https://github.com/jcjones/authenticator-rs/tree/ctap2

jcjones avatar May 02 '19 18:05 jcjones

Is this in a usable/stable state? Firefox doesn't seem support this yet and the last commit in the ctap2 branch is from 2019. @jcjones

Erik1000 avatar Jun 03 '21 20:06 Erik1000

It is not, no. I'm unsure of the status overall

jcjones avatar Jun 03 '21 22:06 jcjones

Well it would be nice to see progress since this is a breaking bug for password less login and normal second factor authentication with user verification set to required. It is also discussed on bugzilla (I mean you created the bug report there). It's really bad for Firefox users on Mac OS and especially linux. Guess it would be good to reopen the issue at least. Also there's a branch called ctap-2021? What's that about?

Erik1000 avatar Jun 03 '21 22:06 Erik1000

While I see that branch has my commits on it, I don't know the state of it (I haven't been with Mozilla since 2020). I completely agree about getting CTAP2 support, though.

I'm afraid I can't reopen this issue, but I also have to admit not remembering why I closed it when it hadn't merged, so bad on 2019-me.

jcjones avatar Jun 04 '21 15:06 jcjones

Well I'm gonna open an issue about opening this issue again then 😂

Erik1000 avatar Jun 04 '21 16:06 Erik1000

@jcjones It seems like there's no other maintainer for this project. What now?

Erik1000 avatar Jun 08 '21 17:06 Erik1000

I was wondering if the work done by @msirringhaus in https://github.com/mozilla/authenticator-rs/pull/150 (recently merged by @dveditz ) fully resolves this issue and only partially? If this is now resolved, what is the path towards merging the mozilla:ctap2-2021 branch into master for inclusion in Firefox? If not, then what aspects are still missing?

I must admit I'm not much of a Rust programmer, but support for CTAP2 is relevant to me in Firefox, which is bound to support within authenticator-rs.

bertvandepoel avatar Jun 11 '21 16:06 bertvandepoel

Unfortunately this was only the very first step in a rather long journey ahead. I have already more on my personal fork, but it still is not yet operational. The spec is a lot more elaborate than CTAP1 (and CTAP2.1 will be even more so). But I'm still actively working on it, as I need this functionality as well.

msirringhaus avatar Jun 11 '21 17:06 msirringhaus

Thank you very much for making the effort, @msirringhaus ! It's much appreciated. I would offer my help, but I'm not sure really how I could exactly be helpful here. You can be sure however, that many people both on reports here and on the Firefox bug tracker are really looking forward to this feature and very happy and thankful you are picking up where others left off!

bertvandepoel avatar Jun 11 '21 18:06 bertvandepoel

@msirringhaus If there is any need for testing or help to implement parts of the spec, feel free to contact me. I've familiarized myself with the code yesterday and should now be able to help.

theSuess avatar Jun 12 '21 08:06 theSuess

For those of us following at home here's a related Bugzilla entry: https://bugzilla.mozilla.org/show_bug.cgi?id=1530370

MasterKale avatar Nov 29 '21 18:11 MasterKale

Now it looks like just need to merge https://github.com/mozilla/authenticator-rs/tree/ctap2-2021 branch to main branch.

CoelacanthusHex avatar Jan 26 '22 03:01 CoelacanthusHex

Now it looks like just need to merge https://github.com/mozilla/authenticator-rs/tree/ctap2-2021 branch to main branch.

No, not necessarily. Firefox can vendor branches just fine. In the end, it is up to the Mozilla team of course, but a possible approach would be to first use the ctap2-2021 branch on nightly and test it out there. If / Once it works as expected, then this branch can be merged into main. Even though I already have a rough working prototype of the C++ - integration, I'm guessing a few more commits here will be in order, anyways.

msirringhaus avatar Jan 26 '22 06:01 msirringhaus

No, not necessarily. Firefox can vendor branches just fine. In the end, it is up to the Mozilla team of course, but a possible approach would be to first use the ctap2-2021 branch on nightly and test it out there. If / Once it works as expected, then this branch can be merged into main. Even though I already have a rough working prototype of the C++ - integration, I'm guessing a few more commits here will be in order, anyways.

Ok, I will wait for it included in Firefox Nightly, I'm glad to help to test it!

CoelacanthusHex avatar Jan 26 '22 06:01 CoelacanthusHex

Is there anything that can possibly be done to aid the development of this feature to finally get full CTAP 2 support in Firefox (on Linux)? If there is testing or donations required please speak up and I will try my best to help with this. Currently Firefox is the only major browser to not fully support WebAuthn with UserVerification and I hope we can still change that with this project.

devnull09 avatar Oct 19 '22 06:10 devnull09

Just wanted to pop in and make people aware of @AlfioEmanueleFresta's project of trying to make something similar to Windows Hello for Linux: https://github.com/AlfioEmanueleFresta/xdg-credentials-portal

huaracheguarache avatar Oct 23 '22 13:10 huaracheguarache