Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wip: support previously registered U2F factors as WebAuthN factors. #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

wip: support previously registered U2F factors as WebAuthN factors. #8

wants to merge 1 commit into from

Conversation

marshallbrekka
Copy link
Contributor

Okta transitioned all of our u2f factors to webauthn. This change does the bare
minimum to support them, but probably does not properly support true webauthn
factors.

wip: support previously registered U2F factors as WebAuthN factors.
d8601d1 
Okta transitioned all of our u2f factors to webauthn. This change does the bare
minimum to support them, but probably does not properly support true webauthn
factors.
Xeroday
Xeroday reviewed Nov 15, 2019
View reviewed changes
authenticate.go
authData := make([]byte, 37)
rpid := sha256.Sum256([]byte(c.domain))
copy(authData[0:32], rpid[0:32])
authData[32] = 0x80
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When logging into Okta through a browser, this is set to 0x05, which sets the user verified and user present flags.

https://w3c.github.io/webauthn/#authenticator-data

alsmola
alsmola reviewed Dec 6, 2019
View reviewed changes
authenticate.go
timeoutSeconds := 30
ctx, _ := context.WithTimeout(context.Background(), time.Second*time.Duration(timeoutSeconds))

authResp, err := c.prompts.VerifyU2F(ctx, VerifyU2FRequest{
Copy link

@alsmola alsmola Dec 6, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is VerifyU2FRequest implemented? I'm trying to get webauthn with Okta to work in Go with code very similar to segmentio/aws-okta#201 using https://github.com/marshallbrekka/go-u2fhost under the hood. I'm getting a "The provided key handle is not present on the device, or was created with a different application parameter" error.

If you have a Go implementation of U2F that works with the new Okta webauthn factors, I'd love to know about it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alsmola alsmola alsmola left review comments

@Xeroday Xeroday Xeroday left review comments

@fheydrich fheydrich fheydrich approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marshallbrekka @alsmola @Xeroday @fheydrich