Stack Overflow
Stack Overflow

Questions tagged [fido]

FIDO (Fast IDentity Online) is an organization which aims to substitute old password authentication with modern password-less solutions. It tries to achieve that by introducing three main protocols : UAF, U2F, FIDO2. Use this tag for questions referring to the FIDO protocols (UAF, U2F, FIDO2).

144 questions
10
votes
4 answers

What is the status of Webauthn on iOS/Safari?

I am doing a presentation on the FIDO2/Webauthn standard in a few days and I was excited to see this article on Yubico's website stating that Apple has added support for FIDO authentication via NFC like Android has for years. I had a few of my…
Justin
  • 415
  • 2
  • 5
  • 9
9
votes
4 answers

Can multiple Android Applications(same device) share same key-pair for Passwordless Authentication using FIDO 2 Protocol?

Problem Statement: I want to solve the user authentication on Android applications using the FIDO2 protocol(by providing an SDK), without doing multiple registration ceremonies for different applications on the same device. For example, If a user…
Sachit Sharma
  • 332
  • 1
  • 9
8
votes
3 answers

How to implement WebAuthn in an Android App?

I'm intending to use WebAuthn for authentication, as shown at the demo site https://webauthn.io Turns out that Android's WebView (and its iOS counterpart) does not implement this and it is explicitly stated that this won't be happen. One is getting…
Daniel F
  • 13,684
  • 11
  • 87
  • 116
8
votes
1 answer

Does Chrome on Android support User Verification on security key using Webauthn / FIDO2?

I'm building a site that is using Webauthn for passwordless log in. Currently, this is working great on Chrome for Windows and macOS. I'm using a YubiKey 5 to test my implementation which supports using a PIN to provide User Verification instead of…
petschekr
  • 1,293
  • 1
  • 13
  • 19
7
votes
4 answers

Is password still needed when using Passkeys?

Both Apple and Google have demonstrated Passkeys at their developer conferences (Google I/O and Apple WWDC 2022), and Microsoft is also on board. Being able to transfer passkeys from device to device removes a major limitation of FIDO2/WebAuthn and…
Codo
  • 75,595
  • 17
  • 168
  • 206
7
votes
2 answers

Android WebView Support WebAuthn?

I am not an android developer and stuck at an android thing. I hope someone here can help me out. I am implementing WebAuthn/FIDO2 on my website, which is working perfectly fine with the browsers. But when I open my website in my android app…
Priyanka
  • 806
  • 1
  • 9
  • 21
5
votes
2 answers

How to remove WebAuthn credentials on Chrome MacOS?

For example, the one created on this WebAuthn demo page: https://webauthnworks.github.io/FIDO2WebAuthnSeries/WebAuthnIntro/UsernamelessExample.html I found the similar question without answer on apple forum:…
korywka
  • 7,537
  • 2
  • 26
  • 48
5
votes
3 answers

Can I use phone as webauthn security key with Windows 10 Sign-in options

Edit: - Look is it just me or doesn't the W3C spec say this should be happening already: - 1.2.2. Authentication On a laptop or desktop: User pairs their phone with the laptop or desktop via Bluetooth. User navigates to example.com in a browser and…
McMurphy
  • 1,235
  • 1
  • 15
  • 39
4
votes
1 answer

FIDO2 / WebAuthn Heuristic discovery of ambient /pre-authorized user(s) at authentication time

Edit respose to @cody salas Following on from your sensible and detailed break down: - Require Username: Yes this seems well understood. The RP prompts for username/other-id and finds all credentials that are offered up in an array to the…
McMurphy
  • 1,235
  • 1
  • 15
  • 39
4
votes
2 answers

Fido auth with Android SDK. Error from a server: invalid origin

I use a FIDO android SDK https://developers.google.com/android/reference/com/google/android/gms/fido/package-summary and web FIDO lib https://github.com/lbuchs/WebAuthn as a server To complete authentication I send to the server the following…
Никита Яковлев
  • 41
  • 3
4
votes
2 answers

Mobile Authenticator using CTAP2 specifications

I am looking for the use case/scenario for setting up a smart phone as an authenticator using CTAP2 specifications. I am looking for the use case in which a user setup the browser to interact with their smart phone the same way it would when using…
mehak
  • 43
  • 4
3
votes
2 answers

What information does FIDO2 url contain and how can we decode it in Swift?

In WWDC 2022 Apple launched GA for Passkeys which will enable in FIDO2 authentication, the next gen open standards based authentication mechanism to replace passwords. On a Relying Party (RP) server supporting FIDO2 when a user registration is…
letsbondiway
  • 470
  • 3
  • 18
3
votes
2 answers

Using `navigator.credentials.get()` in cross-origin iframe gives error "'publickey-credentials-get' feature is not enabled in this document"

Getting the error while logging into an iframe through webauthn. The 'publickey-credentials-get' feature is not enabled in this document. Permissions Policy may be used to delegate Web Authentication capabilities to cross-origin child frames. Here…
tarun14110
  • 940
  • 5
  • 26
  • 57
3
votes
2 answers

How to retrieve a symmetric key using Webauthn/CTAP HMAC-Secret extension in a web browser?

I am trying to leverage the CTAP hmac-secret extension to retrieve a key for symmetric encryption in a web browser. I have Yubikey5 which implements this extension. I read through the CTAP specs, but I cannot find a reference how to do it once I get…
ucipass
  • 923
  • 1
  • 8
  • 21
3
votes
4 answers

Android FIDO2 throwing vague errors

I am trying to implement FIDO2 on Android. I have the assetlinks.json hosted on my domain (Sorry I don't want and not sure if I'm allowed to reveal the whole url yet). I have the assets_statements string defined and added it to my Manifest and I…
Tooroop
  • 1,824
  • 1
  • 20
  • 31
1
2 3
9 10