40437c3aed
Add BSD 2-clause license in LICENSE.md
2021-11-18 15:01:45 +01:00
6770bc4300
Merge pull request 'Unvendor ocaml-cbor' ( #3 ) from unvendor-cbor into main
...
Reviewed-on: https://git.robur.io/robur/webauthn/pulls/3
2021-11-18 13:55:22 +00:00
5920e0f58b
Unvendor ocaml-cbor
...
Upstream supports `decode_partial` now.
2021-11-18 13:40:45 +01:00
ec499c2e68
Add version constraint on Dream
2021-10-14 13:45:20 +02:00
c825a21b19
Error: Authenticator has already been registered
2021-10-13 12:59:33 +02:00
Robur
00c1b4cf93
dune-project: disable formatting
2021-10-07 10:02:03 +00:00
Robur
44efdb1bae
support U2F transport extension extraction from certificate
...
webauthn-demo: use base64js for decoding
display certificate pretty printed, and the transports
2021-10-07 09:57:51 +00:00
89703fe795
Show device certificate on successful register
2021-10-07 08:45:06 +00:00
55067c6741
Merge branch 'clientExtensions-optional' into main
2021-10-06 15:27:50 +00:00
defc231491
Do not require clientExtensions in clientDataJSON
...
It is not included in the output from Firefox 92.1.1 on Android. It *is*
included when using the same key on Firefox 78.14.0esr on Linux.
2021-10-06 17:13:41 +02:00
Robur
78be1d42df
documentation
2021-10-06 11:57:42 +00:00
Robur
d926cf90b2
create may fail, validates origin
2021-10-06 10:12:47 +00:00
Robur
f1f0fe3229
Better errors
2021-10-06 09:48:19 +00:00
Robur
b6f99bfb16
provide a webauthn.mli, adapt the demo application
2021-10-05 15:56:20 +00:00
Robur
8bf98cf42b
demo-app: use userid instead of username as keys into hashtables
...
pass challenge as output of Webauthn instead of input (to support multiple challenges)
2021-10-05 13:09:35 +00:00
Robur
ddebe8b804
Attestation type, rework session variables
...
* Allow the user to select attestation type
* Rework session variables and challenge tracking
2021-10-04 15:19:34 +00:00
Robur
a5af696428
error: remove unused constructor '`None'
2021-10-04 14:36:32 +00:00
Robur
3436722505
cleanup authentication flow, similar to registration flow
2021-10-04 14:36:00 +00:00
1587e76169
Rework registration flow
...
The registration page comes with a form where the user selects a
username. When the user clicks "register" a javascript function is
called that reads the user form input value and makes a GET request to
/challenge/:user where it receives a challenge and a user object as
JSON. The WebAuthn registration process continues using those challenge
parameters.
The user then receives an alert() with a string explaining the
registration status and is then redirected to the front page where a
flash message is displayed as well.
2021-10-04 10:43:32 +02:00
4eb1298af7
Display credential IDs as base64
2021-10-04 10:42:04 +02:00
aa65c0546b
Adapt terminology to WebAuthn
...
It is not called application id in WebAuthn
2021-10-01 13:48:47 +02:00
Robur
9837815a5a
works as initial version
2021-09-29 14:34:09 +00:00
Robur
55bb364b72
WIP
2021-09-28 11:30:14 +00:00