Skip to content

Instantly share code, notes, and snippets.

@daisukenishino2

daisukenishino2/1. Response from makeCredentialOptions WebAPI.json

Last active April 15, 2019 03:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daisukenishino2/d50bfcfa415902abfdee0e27ed48a715 to your computer and use it in GitHub Desktop.
Save daisukenishino2/d50bfcfa415902abfdee0e27ed48a715 to your computer and use it in GitHub Desktop.
Download ZIP
fido2-net-lib https://github.com/abergs/fido2-net-lib を分析している (2018/08/29) 。
Raw
1. Response from makeCredentialOptions WebAPI.json
{
"status": "ok",
"errorMessage": "",
"rp": {
"id": "localhost",
"name": "Fido2 test"
},
"user": {
"name": "aaa@example.com",
"id": "YWFhQGV4YW1wbGUuY29t",
"displayName": "Display aaa@example.com"
},
"challenge": "8P0YAYk-sxYVM0Xmt7Irow",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
},
{
"type": "public-key",
"alg": -257
}
],
"timeout": 60000,
"attestation": "none",
"authenticatorSelection": null,
"excludeCredentials": []
}
Raw
2. Parameter of navigator.credentials.create()
{
"status": "ok",
"errorMessage": "",
"rp": {
"id": "localhost",
"name": "Fido2 test"
},
"user": {
"name": "aaa@example.com",
"id": "ArrayBuffer(15)",
"displayName": "Display aaa@example.com"
},
"challenge": "ArrayBuffer(16)",
"pubKeyCredParams(Array(2))": {
"0": {
"type": "public-key",
"alg": "-7"
},
"1": {
"type": "public-key",
"alg": "-257"
}
},
"timeout": "60000",
"attestation": "none",
"authenticatorSelection": "null",
"excludeCredentials": "[]",
"__proto__": "Object"
}
Raw
3. Return of navigator.credentials.create()
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "ArrayBuffer(64)",
"response(AuthenticatorAttestationResponse)": {
"attestationObject": "ArrayBuffer(226)",
"clientDataJSON": "ArrayBuffer(98)"
},
"type": "public-key",
"__proto__": "PublicKeyCredential"
}
Raw
4. Request to makeCredential WebAPI.json
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"type": "public-key",
"response": {
"AttestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOBfhSeT1gdjLJwWAvagTqPQ40iMhzxnqMjSZUdQnNyzsjsoErtBxinbweZZ_u4SD_AsqOrOZK7CpIg8TWkbtwSlAQIDJiABIVggjXJiXxbIKez0-7iKeN9BLn9WSRUjGuBZT2KAzxuzvdYiWCAgv0KMHPO69DiXQntyKfueL2Fb9DpaEQrene0hZoaTsQ",
"clientDataJson": "eyJjaGFsbGVuZ2UiOiI4UDBZQVlrLXN4WVZNMFhtdDdJcm93Iiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMjkiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0"
}
}
Raw
5. Response from makeCredential WebAPI.json
{
"status": "ok",
"errorMessage": "",
"result": {
"publicKey": "pQECAyYgASFYII1yYl8WyCns9Pu4injfQS5_VkkVIxrgWU9igM8bs73WIlggIL9CjBzzuvQ4l0J7cin7ni9hW_Q6WhEK3p3tIWaGk7E",
"credentialId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"user": {
"name": "aaa@example.com",
"id": "YWFhQGV4YW1wbGUuY29t",
"displayName": "Display aaa@example.com"
}
}
}
Raw
7. Response from assertionOptions WebAPI.json
{
"status": "ok",
"errorMessage": "",
"challenge": "TDmWbzrQ9gIHkbs6dw78mA",
"timeout": 60000,
"rpId": "localhost",
"allowCredentials": [
{
"type": "public-key",
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"transports": []
}
],
"userVerification": "discouraged"
}
Raw
8. Parameter of navigator.credentials.get()
{
"status": "ok",
"errorMessage": "",
"challenge": {
"0": 76,
"1": 57,
"2": 150,
"3": 111,
"4": 58,
"5": 208,
"6": 246,
"7": 2,
"8": 7,
"9": 145,
"10": 187,
"11": 58,
"12": 119,
"13": 14,
"14": 252,
"15": 152
},
"timeout": 60000,
"rpId": "localhost",
"allowCredentials": [
{
"type": "public-key",
"id": {
"0": 224,
"1": 95,
"2": 133,
"3": 39,
"4": 147,
"5": 214,
"6": 7,
"7": 99,
"8": 44,
"9": 156,
"10": 22,
"11": 2,
"12": 246,
"13": 160,
"14": 78,
"15": 163,
"16": 208,
"17": 227,
"18": 72,
"19": 140,
"20": 135,
"21": 60,
"22": 103,
"23": 168,
"24": 200,
"25": 210,
"26": 101,
"27": 71,
"28": 80,
"29": 156,
"30": 220,
"31": 179,
"32": 178,
"33": 59,
"34": 40,
"35": 18,
"36": 187,
"37": 65,
"38": 198,
"39": 41,
"40": 219,
"41": 193,
"42": 230,
"43": 89,
"44": 254,
"45": 238,
"46": 18,
"47": 15,
"48": 240,
"49": 44,
"50": 168,
"51": 234,
"52": 206,
"53": 100,
"54": 174,
"55": 194,
"56": 164,
"57": 136,
"58": 60,
"59": 77,
"60": 105,
"61": 27,
"62": 183,
"63": 4
},
"transports": []
}
],
"userVerification": "discouraged"
}
Raw
9. Return of navigator.credentials.get()
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "ArrayBuffer(64) {}",
"response(AuthenticatorAssertionResponse)": {
"authenticatorData": "ArrayBuffer(37) {}",
"clientDataJSON": "ArrayBuffer(95) {}",
"signature": "ArrayBuffer(71) {}",
"userHandle": "ArrayBuffer(0) {}",
"__proto__": "AuthenticatorAssertionResponse"
},
"type": "public-key",
"__proto__": "PublicKeyCredential"
}
Raw
A. Request to makeAssertion WebAPI.json
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"type": "public-key",
"response": {
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAEw",
"clientDataJson": "eyJjaGFsbGVuZ2UiOiJURG1XYnpyUTlnSUhrYnM2ZHc3OG1BIiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMjkiLCJ0eXBlIjoid2ViYXV0aG4uZ2V0In0",
"signature": "MEUCIQDHjPF36rA_5LIXfUs8ZBI-HbQ68YRWa2z3tNVAWWqOPwIgMr_aeefHsqJJrCWkZwYO1h5ciU83dKGlQW8qOcbsJcU"
}
}
Raw
B. Response to makeAssertion WebAPI.json
{
"CredentialId": "qD7spwzSO7q1W3F7r84aUud9yHq37aufS72jHaeckZfIbHHl9LNNzZwRohJjs9v7MjaiW/FiI/IImg1kZ9lGIQ==",
"Counter": 21
}
@daisukenishino2
Copy link
Author

daisukenishino2 commented Aug 28, 2018
edited

登録(Attestation)

makeCredentialOptions WebAPI

  • 引数:POST(username, attType)
  • 戻り値:navigator.credentials.create()メソッドへの引数を生成して返す。
  • JavaScript
    • 戻り値の一部のメンバがJavaScriptで、base64urlからArrayBufferに変換される(base64url -> base64 -> Uint8Array)。
      • challenge
      • user.id
      • excludeCredentials ??
    • navigator.credentials.create()メソッドの引数に渡されて戻り値を受け取る。
    • 戻り値の一部のメンバは、ArrayBufferからbase64urlに変換される(Uint8Array -> base64 -> base64url)。
      • id: 変換無し
      • rawId: base64enc (よくよく見ると、id = rawId)
      • type: 変換無し
      • response
        • attestationObject: base64enc
        • clientDataJSON: base64enc

makeCredential WebAPI

  • 引数:POST(JSON)
  • 処理内容:navigator.credentials.create()メソッドの戻り値を加工して以下のプロパティを生成・登録する。
    • UserId
    • CredentialId
    • PublicKey
  • 戻り値:JSONを生成してはいるが、
  • JavaScript
    戻り値は、そのまま捨てられている。

@daisukenishino2
Copy link
Author

daisukenishino2 commented Aug 28, 2018
edited

認証(Assertion)

assertionOptions WebAPI

  • 引数:POST(username)
  • 戻り値:navigator.credentials.get()メソッドへの引数を生成して返す。
  • JavaScript
    • 戻り値の一部のメンバがJavaScriptで以下のように変換される。
      Uint8Array.from(atob(string.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0))
      • challenge
      • allowCredentials.id
    • navigator.credentials.get()メソッドの引数に渡されて戻り値を受け取る。
    • 戻り値の一部のメンバは、JavaScriptで変換される。
      • id: 変換無し
      • rawId: base64enc
      • type: 変換無し
      • response
        • authenticatorData: base64enc
        • clientDataJson: base64enc
        • signature: base64enc

makeAssertion WebAPI

  • 引数:POST(JSON)
  • 処理内容:navigator.credentials.get()メソッドの戻り値の署名を公開鍵で検証して認証する。
  • 戻り値:JSONを生成してはいるが、
  • JavaScript
    戻り値は、そのまま捨てられている。

@daisukenishino2
Copy link
Author

daisukenishino2 commented Aug 29, 2018
edited

参考

コミュニティとのやり取り

passwordless-lib/fido2-net-lib#26

W3Cの仕様の分析

@daisukenishino2
Copy link
Author

daisukenishino2 commented Mar 3, 2019
edited

2019/03/03

Preview版の再分析
https://gist.github.com/daisukenishino2/f09fb400fa2186aead4b6f8cad59ab38

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment