Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for QR codes in FIDO #70

Open
carlos22 opened this issue Nov 15, 2023 · 9 comments
Open

Support for QR codes in FIDO #70

carlos22 opened this issue Nov 15, 2023 · 9 comments

Comments

@carlos22
Copy link

Hi,

I'm pretty new to this thingy, it looks all well and I think the Bluetooth FIDO is implemented in #54. I tried to use it with okta.com but my chromium presents me a QR code that I should scan and it contains a FIDO:/ url, i'm not sure how to proceed with that. Any help? I think its not yet implemented to use QR codes with FIDO?! It also asks me to register over Bluetooth but when I press "Accept" nothing happens.
@tejado
Copy link
Owner

tejado commented Nov 16, 2023

Hi carlos22
Thanks a lot for the feedback. QR codes in FIDO is interessting - I have to check this.
But as you get already the Buetooth registration, there might be some issue with the App: what is the other device where you run Okta in thw web browser? Windows, Linux, iOS, macOS, Android as well?

@harhitosw
Copy link

harhitosw commented Nov 16, 2023
edited
Loading

Hi @tejado I too wanted to try out the app , but same issue here when I try to register into any WebAuthN supported website on Google Chrome or Edge it asks to scan for QR code , after that I used the Google Authenticator Android Mobile app to scan the QR code . Hereafter the passkeys were created I was asked some permissions and than I got registered . While this I observed that Google Play services coming into foreground and doing all things , maybe you can try it here on this website in any browser https://webauthn.io/ . You can register/authenticate without Authorizer here

@carlos22
Copy link
Author

carlos22 commented Nov 16, 2023
edited
Loading

Hi carlos22 Thanks a lot for the feedback. QR codes in FIDO is interessting - I have to check this. But as you get already the Buetooth registration, there might be some issue with the App: what is the other device where you run Okta in thw web browser? Windows, Linux, iOS, macOS, Android as well?

The web browser was Chromium on Arch Linux.

Yes the google play services offer that API apparently. Not sure if this is something that could also be picked up by micro-g (which is what I use https://github.com/microg - and is baked into a lot of custom roms like CalyxOS).

EDIT: As it seems they also implement some parts of it at least, not sure if its use able or not need to test that... See: microg/GmsCore@b3032b9 But only USB as it seems: https://github.com/microg/GmsCore/wiki/Implementation-Status

@tejado
Copy link
Owner

tejado commented Nov 16, 2023
edited
Loading

Ah yeah, I forgot. The FIDO QR codes are there for caBLE. So basically over the QR code, the link to the device is created. Unfortunately, this is only device-proximity and no FIDO registration will take place over this channel. The actual FIDO registration is done over usual network (-> Internet). As Authorizer is designed to run on devices without any network connectivity, this is not planned to be implemented.

But this doesnt mean you can't use FIDO with Authorizer over Bluetooth:
If you register a new account (e.g. on https://webauthn.io/) you have to choose "Security key" and not "iPhone, iPad, or Android device". Can you test this, @harhitosw ?

@carlos22
I will try Chromium on Arch on the weekend.
I also pushed few updates to the repo which fixed some bugs but I didn't released a new version yet for this. I will do this on the weekend as well so it would be great if you can then test this out.

Regarding FIDO over USB: I got a PoC running but have to do some additional work before this gets released.
EDIT: The FIDO USB topic at GmsCore is for connecting FIDO devices to it, not implementing one on Android (like Authorizer is doing)

@tejado
Copy link
Owner

tejado commented Nov 19, 2023

@carlos22
I installed arch + chromium and could not reporudce your issue with my latest version. So Authorizer was full functional and I could register & authenticate on https://webauthn.io. Could you check this site as well?
I will provide the new apks tomorrow.

@harhitosw
Copy link

harhitosw commented Nov 21, 2023
edited
Loading

@tejado I tried out this on a couple of more websites like https://webauthnworks.github.io/FIDO2WebAuthnSeries/ and also https://webauthn.me/ it works fine as we select security key . For record this works fine in both the browsers Edge as well as Chrome in Windows 11 workstation. Moreover I would be happy to contribute in Authorizer !

@tejado
Copy link
Owner

tejado commented Nov 26, 2023

@harhitosw
thats great! Every contribution is more than welcome! If you have any questiona how to contribute or where to start, you can create a new discussion.

@carlos22
How is it looking for you?

@harhitosw
Copy link

@tejado can I get source code implementation details , as I am new to the code I find it tough to go through the code and understand flow of the app !

@carlos22
Copy link
Author

@tejado it is working with webauthn.io, but still not with the original app, I was able to use a different method for the app. Thanks four your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@carlos22 @tejado @harhitosw