webauthn
Implementation of strong authentication with the webauthn standard and FIDO2.
Strong authentication is an authentication method using a physical key.
For a more thorough introduction see these two nice articles:
Installation
npm install @shankarmorwal/webauth-client
npm install @shankarmorwal/webauth-server
usage
Webauthn
is composed of two parts @shankarmorwal/webauth-client
and @shankarmorwal/webauth-server
On the browser
import {
solveRegistrationChallenge,
solveLoginChallenge
} from '@shankarmorwal/webauth-client';
solveRegistrationChallenge
:
convert the challenge returned by the server on the register route into the response to be returnedsolveLoginChallenge
:
convert the challenge returned by the server on the login route into the response to be returned
See an example in example/front
On the server
import {
parseRegisterRequest,
generateRegistrationChallenge,
parseLoginRequest,
generateLoginChallenge,
verifyAuthenticatorAssertion,
} from '@shankarmorwal/webauth-server';
parseRegisterRequest
:
Extract challenge and key from the register request body. The challenge allow to retrieve the user, and the key must be stored server side linked to the user.generateRegistrationChallenge
:
Generate a challenge from a relying party and a user { relyingParty, user }
to be sent back to the client, in order to registerparseLoginRequest
:
Extract challenge and KeyId from the login request.generateLoginChallenge
:
Generate challengeResponse from the key sent by the client during login. challengeResponse.challenge should be stored serverside linked to the corresponding userverifyAuthenticatorAssertion
:
Take the loginChallenge request body and the key stored with the user, and return true if it passes the authenticator assertion
See an example in example/server
Roadmap
For now only fido-u2f and packed format are implemented
- Implement android-key format
- Implement android-safetynet format
- Implement tpm format