github
/
python-fido2
mirror of https://github.com/Yubico/python-fido2
1
Fork 0
Code Releases Activity
486 Commits 41 Branches 24 Tags 2.6 MiB
Commit Graph

55 Commits

Author SHA1 Message Date
Dain Nilsson 0436ab9026
Add more type hints. 2022-04-15 13:14:33 +02:00
Dain Nilsson d2a0d71be6
Fix logging when allowList is None. 2022-04-15 11:43:17 +02:00
Dain Nilsson fd30409b03
Improve type safety. 2022-03-23 17:41:37 +01:00
Dain Nilsson 15d3107c5e
AttestationVerifier.ca_lookup now returns single certificate. 2022-03-02 13:08:13 +01:00
Dain Nilsson 7c46413675
Handle logging of register_begin with no creds. 2022-02-28 15:39:19 +01:00
Dain Nilsson 9926168e76
More logging to client, server and ctap2 classes. 2022-02-28 15:39:18 +01:00
Dain Nilsson 0b51e8e687
Fix typo. 2021-11-09 09:15:20 +01:00
Dain Nilsson ad373825ea
Remove unneeded params to super(). 2021-08-20 10:51:26 +02:00
Dain Nilsson 11e0a8dd2f
Fix/cleanup examples. 2021-08-19 14:10:28 +02:00
Dain Nilsson fed257922c
More mypy checks/fixes. 2021-08-19 10:31:20 +02:00
Dain Nilsson 9c0d468419
Refactor webauthn classes. 
- More dataclasses.
- Move binary data classes from ctap2 to webauthn.
- Separate (ctap) AttestationResponse from AttestationObject.
 2021-02-03 08:36:28 +01:00
Dain Nilsson d697287e6b
Some Python 3 improvements. 
- Remove (object): from classes.
 - Use dataclasses instead of namedtuple.
 - Add some types.
 2021-01-31 20:59:34 +01:00
Dain Nilsson 1c45c611fb
Remove __future__ imports. 2021-01-31 16:36:26 +01:00
Dain Nilsson 1fe7864317
Make attestation verification behavior pluggable. 2021-01-11 14:42:32 +01:00
Dain Nilsson 14c26da980
Server: Don't specify timeout in requests by default. 2020-02-10 15:56:29 +01:00
Dain Nilsson b1c6ebfd6c
Fido2Server credentials now allow descriptors. 
register_begin/authenticate_begin can take the list of credentials as
PublicKeyCredentialDescriptors, in addition to AttestedCredentialData.
A new function, to_descriptor, has been added to fido2.server to make
conversion easier.
 2019-11-22 10:56:02 +01:00
Dain Nilsson 1c8ba7f0e0
Don't verify attestation if preference is omitted. 2019-11-21 19:02:53 +01:00
Dain Nilsson 7040c1c9a4
Fix Fido2Server constructor. 2019-11-21 15:34:59 +01:00
Dain Nilsson 6035ac02ea
Omit optional values in data classes. 2019-11-21 15:25:45 +01:00
Dain Nilsson 06de9ac562
Add examples/resident_key.py example and fix bugs. 
- Fix determining UV option in some cases, and handing no
allow_credentials in server.
 2019-11-18 15:40:49 +01:00
Dain Nilsson 4c48977173
Implement event-based cancellation of requests. 
- Remove timeout functionality and default timeout.
- Use options.timeout in Fido2Client and WindowsClient.
 2019-11-17 19:52:08 +01:00
Dain Nilsson f3238e44c5
Remove metaclass and use ._wrap/._wrap_list methods instead. 2019-11-13 15:05:13 +01:00
Dain Nilsson fc3c56fc8b
Add WebAuthn data classes (breaking changes). 
- New fido2.webauthn classes modeled after the W3C WebAuthn spec introduced.
- Method signatures for client and server classes changed.
- Fido2Client:
  - make_credential/get_assertion now take WebAuthn options objects.
- Fido2Server:
  - ATTESTATION, USER_VERIFICATION, and AUTHENTICATOR_ATTACHMENT enums
    have been replaced with fido2.webauthn classes.
  - RelyingParty has been replaced with PublicKeyCredentialRpEntity, and
    name is no longer optional.
  - Fido2Server.allowed_algorithms now contains a list of
    PublicKeyCredentialParameters instead of algorithm identifiers.
 2019-11-13 13:22:47 +01:00
Craig Milam 2d8a2e7e1d moving webathn_type back to client 2019-11-06 13:30:53 -05:00
Craig Milam 290529a71b refacotring, fixed some issues 2019-11-05 15:27:31 -05:00
Dain Nilsson cdac6a3cf6
Merge PR #70. 2019-10-15 09:43:46 +02:00
Dain Nilsson fba27d4479
Add custom challenge argument to register_begin. 2019-10-15 09:41:04 +02:00
Dain Nilsson a603b2a2b1
Include 'fmt' in UnsupportedType exception. 2019-10-10 15:48:16 +02:00
CJ Kataki aeb3fdff10 Fixed formatting issues for black 2019-10-08 16:36:32 -07:00
CJ Kataki 5d54ff7997 Added custom challenge option to Fido2Server 2019-10-08 16:15:53 -07:00
Dain Nilsson 226b0021f1
Reformat with Black. 2019-10-01 09:25:29 +02:00
Arthur Gautier 48270cdf30 a consumer can override the u2f_origin verification 
This allows a consumer to implement origin verification when using u2f
facets.

Signed-off-by: Arthur Gautier <baloo@gandi.net>
 2019-09-05 16:01:52 +00:00
Dain Nilsson 68df3d04b1
Verify UP flag in server.register_complete. 2019-08-16 17:49:20 +02:00
Dain Nilsson 9553b06c38
Merge PR #58. 2019-08-12 13:46:41 +02:00
Arthur Gautier 1630aa18aa implement FIDO AppID Exclusion Extension 
introduced in the spec on 2019/07/31

see: https://github.com/w3c/webauthn/pull/1244
see: https://github.com/w3c/webauthn/issues/1235

Signed-off-by: Arthur Gautier <baloo@gandi.net>
 2019-08-09 21:45:18 +00:00
Arthur Gautier 530192e3f5 U2FFido2Server should return the token used for authentication 
Signed-off-by: Arthur Gautier <baloo@gandi.net>
 2019-08-01 20:20:35 +00:00
Dain Nilsson 6230c6a83a
Allow all supported key algorithms by default. 2019-05-09 14:54:01 +02:00
Vlastimil Zíma bbb41ff2c3 Wrap invalid signature in authentication 2019-05-07 10:37:15 +02:00
Alessandro Carlo Chirico 34ca6c96ef
Add AuthenticatorAttachment support 2019-02-06 19:12:56 +01:00
Dain Nilsson 2886081796
Only check attestation if it's requested. 2018-12-21 12:56:59 +01:00
Dain Nilsson 566fd53de5
Make state JSON serializable. 2018-12-20 17:20:52 +01:00
Dain Nilsson 1c7ab07480
Fix incorrect description in docstring. 2018-12-20 16:28:29 +01:00
Dain Nilsson 273ccdab75
Remove unused variable. 2018-12-20 13:55:05 +01:00
Dain Nilsson 65d8f8dfe8
Add U2FFido2Server with updated example. 
This new server class allows authentication of existing U2F credentials.
 2018-12-20 13:19:43 +01:00
Dain Nilsson da0670ec6a
More docstrings. 2018-12-12 13:12:54 +01:00
Dain Nilsson 9ac0ced8c9
Remove AttestationObject.verify(). 
This makes it more explicit as to what type of attestation you are
verifying. Attestation.for_type() is still available to make it easier
to not care, but it becomes explicit rather than implicit.
 2018-12-12 13:12:54 +01:00
Alessandro Carlo Chirico 432ab8c27b
Always require the list of credentials for authenticate_complete 
Cannot store the list of credentials in the state; for passwordless login the
list of credentials passed to `authenticate_begin` is empty, but in
`authenticate_complete` we need to match against the registered credentials.
 2018-12-03 14:53:18 +01:00
Alessandro Carlo Chirico 8a0e07e68c
Let the user change user_verification for each registration/authentication 2018-11-30 13:57:46 +01:00
Vlastimil Zíma 4441deaa30 Define relying party object 2018-09-19 11:10:43 +02:00
Alessandro Carlo Chirico e4ccd0fa23
Optionally allow requesting a resident credential during registration 2018-09-17 15:58:39 +02:00