WebAuthn: support for platform authenticators

Open Firehed opened this issue 5 years ago • 1 comments

This is inspired mostly by the WWDC20 track on Safari's FaceID/TouchID support. It may be as simple as adding some additional examples and test cases to the WebAuthn branch - theoretically none of the underlying crypto should change, but it needs a bit more research on the JS structure side.

Now that the dust has generally settled on the standard, the list of potential formats is here: https://www.w3.org/TR/webauthn-2/#sctn-defined-attestation-formats

[ ] packed
[ ] tpm
[ ] android-key
[ ] android-safetynet
[x] fido-u2f
[ ] none (probably do not support this for security reasons)
[ ] apple

Jun 30 '20 19:06 Firehed

I'm starting to experiment with this on the support-touchid branch. Predictably, some of the prior assumptions about data format and flow (even ignoring the transition from FIDO to WebAuthn) make this pretty non-trivial.

Oct 29 '21 01:10 Firehed