mirror of https://github.com/Yubico/python-fido2
8b979313e9
|
||
|---|---|---|
| .. | ||
| server | ||
| README.adoc | ||
| poetry.lock | ||
| pyproject.toml | ||
README.adoc
== WebAuthn Server Example This example shows a minimal website that uses python-fido2 to implement WebAuthn credential registration, and use. === Running To run this sample, you will need `poetry`. For instructions on installing `poetry`, see https://python-poetry.org/. Run the following command in the `examples/server` directory to set up the example: $ poetry install Once the environment has been created, you can run the server by running: $ poetry run server When the server is running, use a browser supporting WebAuthn and open http://localhost:5000 to access the website. NOTE: Webauthn requires a secure context (HTTPS), which involves obtaining a valid TLS certificate. However, most browsers also treat http://localhost as a secure context. This example runs without TLS as a demo, but otherwise you should always use HTTPS with a valid certificate when using Webauthn. === Using the website The site allows you to register a WebAuthn credential, and to authenticate it. Credentials are only stored in memory, and stopping the server will cause it to "forget" any registered credentials. ==== Registration 1. Click on the `Register` link to begin credential registration. 2. If not already inserted, insert your U2F/FIDO2 Authenticator now. 3. Touch the button to activate the Authenticator. 4. A popup will indicate whether the registration was successful. Click `OK`. ==== Authentication NOTE: You must register a credential prior to authentication. 1. Click on the `Authenticate` link to begin authentication. 2. If not already inserted, insert your U2F/FIDO2 Authenticator now. 3. Touch the button to activate the Authenticator. 4. A popup will indicate whether the authentication was successful. Click `OK`. === Supporting existing U2F credentials If you have existing U2F credentials that you wish to support, this library offers a U2FFido2Server class which can help with this. This directory includes a slightly altered version of the example server which uses this class to authenticate U2F credentials as well as WebAuthn credentials. To run this version of the server, run: $ poetry run server-u2f This version allows registration both using the newer WebAuthn APIs and by using the legacy U2F APIs, so that you can test authentication using both credential types. The source code for this version of the server is in `server/server_u2f.py`. NOTE: There should be no need to support registration of new U2F credentials as new registrations should be using the WebAuthn APIs, even for existing users.