{
"next_url":"/account/settings",
...
"foo":"bar"
}
Web Authentication API: FIDO CTAP2 PIN support
This feature extends Chrome's implementation of the Web Authentication API to support local user authorization of security key operations via a user-defined PIN for keys that implement the FIDO CTAP2 protocol. Web sites using web authentication can request or require such authorization via the API's user verification mechanisms.
Interop result with WebAuthnKit and WebAuthnLite. parameters is from https://github.com/lyokato/WebAuthnKit/blob/develop/utils/interop/go_koesie10_webauthn/main.go
iex(1)> origin = "https://example.org"
"https://example.org"
iex(2)> challenge = "rtnHiVQ7"
"rtnHiVQ7"
iex(3)> encoded_registration_client_data_json = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<title>Google+ Sign-in button demo</title> | |
<style type="text/css"> | |
html, body { margin: 0; padding:0;} | |
#signin-button { | |
padding: 5px; | |
} | |
#oauth2-results pre { margin: 0; padding:0;} |
# JOSE.JWK を用いて鍵を作成
iex(1)> jwk = JOSE.JWK.generate_key(:secp256r1)
%JOSE.JWK{
fields: %{},
keys: :undefined,
kty: {:jose_jwk_kty_ec,
{:ECPrivateKey, 1,
<<37, 161, 110, 23, 211, 111, 64, 142, 98, 207, 153, 90, 139, 91, 212, 33,
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cat test.pl | |
use strict; | |
use warnings; | |
use Authen::OATH; | |
use Data::Dumper; | |
my $oath = Authen::OATH->new(); | |
my $totp = $oath->totp( "1234567890", 1332083784 ); | |
print Dumper($totp); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env perl | |
use strict; | |
use warnings; | |
use Data::Password qw(:all); | |
$DICTIONARY = 8; | |
$FOLLOWING = 0; | |
$FOLLOWING_KEYBOARD = 0; |
medyでログインしてるサービス
http://med.astrazeneca.co.jp/login/relogin.asp
ボタン押した後に送られるリクエスト
https://medy-id.jp/openid/endpoint.html?
openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&
これの話です。 http://togetter.com/li/463503
(追記 : この考察ではiframeでTwitterの認可URL指定してもX-Frame-Options設定されてるやんけ問題が未解決と思ったらなにやら更新されてたのでもう様子見)
あくまでこれ前提で考えてます。間違ってたらごめんなさいね。