gitea/vendor/github.com/tstranex/u2f/README.md
Jonas Franz 951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00

2.5 KiB

Go FIDO U2F Library

This Go package implements the parts of the FIDO U2F specification required on
the server side of an application.

Build Status

Features

  • Native Go implementation
  • No dependancies other than the Go standard library
  • Token attestation certificate verification

Usage

Please visit http://godoc.org/github.com/tstranex/u2f for the full
documentation.

How to enrol a new token

app_id := "http://localhost"

// Send registration request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.RegisterRequest()

// Read response from the browser.
var resp RegisterResponse
reg, err := Register(resp, c, nil)
if err != nil {
    // Registration failed.
}

// Store registration in the database.

How to perform an authentication

// Fetch registration and counter from the database.
var reg Registration
var counter uint32

// Send authentication request to the browser.
c, _ := NewChallenge(app_id, []string{app_id})
req, _ := c.SignRequest(reg)

// Read response from the browser.
var resp SignResponse
newCounter, err := reg.Authenticate(resp, c, counter)
if err != nil {
    // Authentication failed.
}

// Store updated counter in the database.

Installation

$ go get github.com/tstranex/u2f

Example

See u2fdemo/main.go for an full example server. To run it:

$ go install github.com/tstranex/u2f/u2fdemo
$ ./bin/u2fdemo

Open https://localhost:3483 in Chrome.
Ignore the SSL warning (due to the self-signed certificate for localhost).
You can then test registering and authenticating using your token.

Changelog

  • 2016-12-18: The package has been updated to work with the new
    U2F Javascript 1.1 API specification. This causes some breaking changes.

    SignRequest has been replaced by WebSignRequest which now includes
    multiple registrations. This is useful when the user has multiple devices
    registered since you can now authenticate against any of them with a single
    request.

    WebRegisterRequest has been introduced, which should generally be used
    instead of using RegisterRequest directly. It includes the list of existing
    registrations with the new registration request. If the user's device already
    matches one of the existing registrations, it will refuse to re-register.

    Challenge.RegisterRequest has been replaced by NewWebRegisterRequest.

License

The Go FIDO U2F Library is licensed under the MIT License.