Skip to content

Commit

Permalink
WindowsClient fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
dainnilsson committed Nov 6, 2024
1 parent 5eead78 commit 4ec857a
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 11 deletions.
8 changes: 6 additions & 2 deletions examples/large_blobs.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
client = get_client(lambda client: "largeBlobKey" in client.info.extensions)


# LargeBlob requires UV if is it configured
# LargeBlob requires UV if it is configured
uv = "discouraged"
if client.info.options.get("clientPin"):
uv = "required"
Expand Down Expand Up @@ -74,14 +74,18 @@
)
credentials = [auth_data.credential_data]

if auth_data.is_user_verified():
# The WindowsClient doesn't know about authenticator config until now
uv = "required"

if not result.extension_results.get("largeBlob", {}).get("supported"):
print("Credential does not support largeBlob, failure!")
sys.exit(1)

print("Credential created! Writing a blob...")

# Prepare parameters for getAssertion
request_options, state = server.authenticate_begin(user_verification=uv)
request_options, state = server.authenticate_begin(credentials, user_verification=uv)

# Authenticate the credential
selection = client.get_assertion(
Expand Down
8 changes: 2 additions & 6 deletions examples/prf.py
Original file line number Diff line number Diff line change
Expand Up @@ -65,29 +65,25 @@
auth_data = server.register_complete(
state, result.client_data, result.attestation_object
)
credentials = [auth_data.credential_data]
credential = auth_data.credential_data

# PRF result:
if not result.extension_results.get("prf", {}).get("enabled"):
print("Failed to create credential with PRF", result.extension_results)
sys.exit(1)

credential = result.attestation_object.auth_data.credential_data
print("New credential created, with the PRF extension.")

# If created with UV, keep using UV
if result.attestation_object.auth_data.is_user_verified():
uv = "required"

# Prepare parameters for getAssertion
allow_list = [{"type": "public-key", "id": credential.credential_id}]

# Generate a salt for PRF:
salt = os.urandom(32)
print("Authenticate with salt:", salt.hex())


# Prepare parameters for getAssertion
credentials = [credential]
request_options, state = server.authenticate_begin(credentials, user_verification=uv)

# Authenticate the credential
Expand Down
12 changes: 10 additions & 2 deletions examples/resident_key.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,12 @@
)

# Create a credential
result = client.make_credential(create_options["publicKey"])

result = client.make_credential(
{
**create_options["publicKey"],
"extensions": {"credProps": True},
}
)

# Complete registration
auth_data = server.register_complete(
Expand All @@ -73,6 +77,10 @@
print()
print("CREDENTIAL DATA:", auth_data.credential_data)

# credProps:
cred_props = result.extension_results.get("credProps")
print("CredProps", cred_props)


# Prepare parameters for getAssertion
request_options, state = server.authenticate_begin(user_verification=uv)
Expand Down
4 changes: 3 additions & 1 deletion fido2/client.py
Original file line number Diff line number Diff line change
Expand Up @@ -1109,7 +1109,9 @@ def make_credential(self, options, event=None):
client_data,
options.timeout or 0,
selection.resident_key,
attestation,
WebAuthNAuthenticatorAttachment.from_string(
selection.authenticator_attachment or "any"
),
WebAuthNUserVerificationRequirement.from_string(
selection.user_verification or "discouraged"
),
Expand Down
2 changes: 2 additions & 0 deletions fido2/win_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -1046,6 +1046,8 @@ def make_credential(
elif "hmacCreateSecret" in extensions and self._allow_hmac_secret:
resident_key = True # Windows requires resident key for hmac-secret
win_extensions.append(WebAuthNExtension("hmac-secret", BOOL(True)))
else:
extensions = {}

if event:
t = CancelThread(event)
Expand Down

0 comments on commit 4ec857a

Please sign in to comment.