Commit graph

12 commits

Author SHA1 Message Date
Robur
d926cf90b2 create may fail, validates origin 2021-10-06 10:12:47 +00:00
Robur
f1f0fe3229 Better errors 2021-10-06 09:48:19 +00:00
Robur
b6f99bfb16 provide a webauthn.mli, adapt the demo application 2021-10-05 15:56:20 +00:00
Robur
8bf98cf42b demo-app: use userid instead of username as keys into hashtables
pass challenge as output of Webauthn instead of input (to support multiple challenges)
2021-10-05 13:09:35 +00:00
Robur
ddebe8b804 Attestation type, rework session variables
* Allow the user to select attestation type
* Rework session variables and challenge tracking
2021-10-04 15:19:34 +00:00
Robur
a5af696428 error: remove unused constructor '`None' 2021-10-04 14:36:32 +00:00
Robur
3436722505 cleanup authentication flow, similar to registration flow 2021-10-04 14:36:00 +00:00
1587e76169 Rework registration flow
The registration page comes with a form where the user selects a
username. When the user clicks "register" a javascript function is
called that reads the user form input value and makes a GET request to
/challenge/:user where it receives a challenge and a user object as
JSON. The WebAuthn registration process continues using those challenge
parameters.

The user then receives an alert() with a string explaining the
registration status and is then redirected to the front page where a
flash message is displayed as well.
2021-10-04 10:43:32 +02:00
4eb1298af7 Display credential IDs as base64 2021-10-04 10:42:04 +02:00
aa65c0546b Adapt terminology to WebAuthn
It is not called application id in WebAuthn
2021-10-01 13:48:47 +02:00
Robur
9837815a5a works as initial version 2021-09-29 14:34:09 +00:00
Robur
55bb364b72 WIP 2021-09-28 11:30:14 +00:00