mirror of https://github.com/Yubico/python-fido2
Compare commits
4 Commits
Author | SHA1 | Date |
---|---|---|
Dain Nilsson | edcb00bc32 | |
Joost van Dijk | 8b979313e9 | |
Dain Nilsson | ee9bf59783 | |
Dain Nilsson | cfffe17e18 |
|
@ -17,11 +17,13 @@ Once the environment has been created, you can run the server by running:
|
|||
$ poetry run server
|
||||
|
||||
When the server is running, use a browser supporting WebAuthn and open
|
||||
https://localhost:5000 to access the website.
|
||||
http://localhost:5000 to access the website.
|
||||
|
||||
NOTE: As this server uses a self-signed certificate, you will get warnings in
|
||||
your browser about the connection not being secure. This is expected, and you
|
||||
can safely proceed to the site.
|
||||
NOTE: Webauthn requires a secure context (HTTPS), which involves
|
||||
obtaining a valid TLS certificate. However, most browsers also treat
|
||||
http://localhost as a secure context. This example runs without TLS
|
||||
as a demo, but otherwise you should always use HTTPS with a valid
|
||||
certificate when using Webauthn.
|
||||
|
||||
=== Using the website
|
||||
The site allows you to register a WebAuthn credential, and to authenticate it.
|
||||
|
|
|
@ -31,7 +31,7 @@ to register and use a credential.
|
|||
|
||||
See the file README.adoc in this directory for details.
|
||||
|
||||
Navigate to https://localhost:5000 in a supported web browser.
|
||||
Navigate to http://localhost:5000 in a supported web browser.
|
||||
"""
|
||||
from fido2.webauthn import PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity
|
||||
from fido2.server import Fido2Server
|
||||
|
@ -121,7 +121,10 @@ def authenticate_complete():
|
|||
|
||||
def main():
|
||||
print(__doc__)
|
||||
app.run(ssl_context="adhoc", debug=False)
|
||||
# Note: using localhost without TLS, as some browsers do
|
||||
# not allow Webauthn in case of TLS certificate errors.
|
||||
# See https://lists.w3.org/Archives/Public/public-webauthn/2022Nov/0135.html
|
||||
app.run(host="localhost", debug=False)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
@ -26,4 +26,4 @@
|
|||
# POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
__version__ = "1.1.3"
|
||||
__version__ = "1.1.4-dev.0"
|
||||
|
|
|
@ -61,9 +61,12 @@ def verify_rp_id(rp_id: str, origin: str) -> bool:
|
|||
return False
|
||||
|
||||
url = urlparse(origin)
|
||||
if url.scheme != "https":
|
||||
return False
|
||||
host = url.hostname
|
||||
# Note that Webauthn requires a secure context, i.e. an origin with https scheme.
|
||||
# However, most browsers also treat http://localhost as a secure context. See
|
||||
# https://groups.google.com/a/chromium.org/g/blink-dev/c/RC9dSw-O3fE/m/E3_0XaT0BAAJ
|
||||
if url.scheme != "https" and (url.scheme, host) != ("http", "localhost"):
|
||||
return False
|
||||
if host == rp_id:
|
||||
return True
|
||||
if host and host.endswith("." + rp_id) and rp_id not in suffixes:
|
||||
|
|
|
@ -450,9 +450,12 @@ def verify_app_id(app_id: str, origin: str) -> bool:
|
|||
:return: True if the App ID is usable by the origin, False if not.
|
||||
"""
|
||||
url = urlparse(app_id)
|
||||
if url.scheme != "https":
|
||||
return False
|
||||
hostname = url.hostname
|
||||
# Note that FIDO U2F requires a secure context, i.e. an origin with https scheme.
|
||||
# However, most browsers also treat http://localhost as a secure context. See
|
||||
# https://groups.google.com/a/chromium.org/g/blink-dev/c/RC9dSw-O3fE/m/E3_0XaT0BAAJ
|
||||
if url.scheme != "https" and (url.scheme, hostname) != ("http", "localhost"):
|
||||
return False
|
||||
if not hostname:
|
||||
return False
|
||||
return verify_rp_id(hostname, origin)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[tool.poetry]
|
||||
name = "fido2"
|
||||
version = "1.1.3"
|
||||
version = "1.1.4-dev.0"
|
||||
description = "FIDO2/WebAuthn library for implementing clients and servers."
|
||||
authors = ["Dain Nilsson <dain@yubico.com>"]
|
||||
homepage = "https://github.com/Yubico/python-fido2"
|
||||
|
|
Loading…
Reference in New Issue