nginxwebauthn icon indicating copy to clipboard operation
nginxwebauthn copied to clipboard

Published 20 hours ago verified publisher icon newhouseb

redirect to origin URI and support for multiple credentials

Open ferdinandkeil opened this issue 4 years ago • 9 comments

Thank you for this awesome project!

I recently implemented a fix for #1 as well a support for multiple credentials. I guess the solution for mutiple credentials won't scale well, but it should be fine for a handful.

ferdinandkeil avatar Sep 23 '21 10:09 ferdinandkeil

Thanks @ferdinandkeil I tried to use this PR and I am getting error:

Traceback (most recent call last):
  File "main.py", line 13, in <module>
    from fido2.webauthn import PublicKeyCredentialRpEntity
ModuleNotFoundError: No module named 'fido2.webauthn'

That could be fixed by updating version number in requirements.txt:

fido2>=0.8.1

And then the requirements.txt is missing a line for daemon. Appears that pip3 install python-daemon fixes this problem.

leg0 avatar Dec 17 '21 01:12 leg0

Thank you @leg0 :+1: I obviously forgot to update the requirements. Should be fixed now.

ferdinandkeil avatar Dec 17 '21 22:12 ferdinandkeil

Thanks for your work on this PR. Would it be better for the -d switch to be inverted since -d tends to imply the use of a daemon and not the opposite? And maybe a note in the README could save people diving through the code to find this out

rhld16 avatar Apr 10 '22 10:04 rhld16

@ferdinandkeil Did you test your changes with a fresh install? Currently .lastchallenge will not be generated on the first setup and you have to lock fido2 to 0.9.3 because yubico did a big change since 1.0.

bin101 avatar Nov 24 '22 10:11 bin101

it seems running it as a daemon will cause the issues...

bin101 avatar Nov 24 '22 11:11 bin101

Nope the issue was systemd.

You have to specify the WorkingDirectory i.e. WorkingDirectory=/home/webauthn/nginxwebauthn otherwise .credentials and .lastchallenge will be saved inside the home dir of the webauthn user but the main.py is searching it inside the execution dir

bin101 avatar Nov 24 '22 11:11 bin101

I get it running when strictly following your README and using miniconda (python3.7 webserver doesnt support the samesite attribute in cookies) but it seems to not work with subdomains. I could register my YubiKey with one subdomain, but when trying to access another one it says this key is not registered with this site.

bin101 avatar Nov 24 '22 13:11 bin101

Strangely when I dismiss the first fido dialog from chrome and then push the button on my key it works for further subdomains.

bin101 avatar Nov 24 '22 14:11 bin101

Strangely when I dismiss the first fido dialog from chrome and then push the button on my key it works for further subdomains.

I've had a quick glance at the code and couldn't find a reference to the domain name, so I don't think it cares about that. The issues you mention are likely caused by nginx. Maybe its the log file can help.

ferdinandkeil avatar Nov 27 '22 14:11 ferdinandkeil