UNPKG

fido2-server

Version:

A FIDO 2.0 / W3C WebAuthn server

github.com/apowers313/fido2-server

apowers313/fido2-server

119 lines (107 loc) 4.76 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<!DOCTYPE html> <html> <head> <title>Test FIDO Login</title> </head> <body> <script src="/ms-webauth-polyfill.js"></script> <script type="text/javascript"> function getChallenge() { return new Promise (function (resolve, reject) { var fidoAssertionChallengeEndpoint = "http://localhost:61904/assertionChallenge"; var challengeReq = { userId: document.getElementById("userDisplayName").value }; // get challenge from server var xhr = new XMLHttpRequest(); xhr.open("POST", fidoAssertionChallengeEndpoint, true); xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8'); // xhr.send(JSON.stringify(req)); xhr.send(JSON.stringify(challengeReq)); xhr.onload = function() { console.log("XMLHttpRequest.onload got response for challenge:"); console.log(xhr.response); if (xhr.status != 200) { console.log ("Status:", xhr.status); var errorMsg = JSON.parse (xhr.response).error; return reject (xhr.status + ": " + errorMsg); } else { console.log ("Success receiving challenge"); return resolve (xhr.response); } }; }); } function sendResponse(assn) { return new Promise (function (resolve, reject) { var fidoServerLoginEndpoint = "http://localhost:61904/login"; // send login request to server var xhr = new XMLHttpRequest(); xhr.open("POST", fidoServerLoginEndpoint, true); xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8'); // xhr.send(JSON.stringify(req)); xhr.send(JSON.stringify(assn)); xhr.onload = function() { console.log("XMLHttpRequest.onload got response for login:"); console.log(xhr.response); var elem = document.getElementById("success"); if (xhr.status != 200) { console.log ("Status:", xhr.status); var errorMsg = JSON.parse (xhr.response).error; elem.innerHTML = "Error logging in: " + errorMsg; } else { elem.innerHTML = "Successful login! Normally I'd send you to your homepage, but this is a fake website..."; } }; }); } function fidoLogin() { console.log("fidoLogin"); // stop default submit event event.preventDefault(); var challenge = "abc123def456"; // TODO: get challenge from server var whitelist = [{ type: 'ScopedCred', id: "8DD7414D-EE43-474C-A05D-FDDB828B663B" }]; console.log("doing getAssertion"); getChallenge() .then(function (challenge) { console.log ("Doing getAssertino"); // return webauthn.getAssertion(challenge, {}, whitelist, {}) // dummy assertion var assn = { credential: { type: 'ScopedCred', id: '8DD7414D-EE43-474C-A05D-FDDB828B663B' }, clientData: 'ew0KCSJjaGFsbGVuZ2UiIDogImFiYzEyM2RlZjQ1NiINCn0A', authenticatorData: 'AQAAAAA', signature: 'g22nh1Ww-qZAysuizkugZGmEisax3dtoUNzIl2LWOSARzeZxm_-nQoHfKyo8b8_XnxXwuLlW8RXBLAN38D3V2PBugPRloVzE1gn4Vl7Ro124GqPyURNllvNkD3EAl64bHPK-EVIOmI8zk0QK_ZoqfAKY_RfMLNObSn47H_hdA-YZUGEkWtcyUgC65H9xfhFWOQdg-r_pHY5_TxgdSNR8itkBb2xZGKagFnGUtdmOSRROVwK9AalJwsJD1W4lF5_4Jfumsb1YJ6yQwrPhJuYNCCeVHXIahXDUKTdTtWQs0MTj7kGi1j-_lkNpl7rEnSV4wqw8K5SEcHM-mEBYX-fMDw' }; console.log("getAssertion done, got:"); console.log(assn); assn.userId = document.getElementById("userDisplayName").value; return assn; }) .then(function(assn) { console.log ("Doing sendResponse"); return sendResponse (assn); }) .catch(function(err) { console.log("getAssertion error:", err); throw err; }); } </script> <h1>Login</h1> Login to your FIDO-enabled account: <form onsubmit="fidoLogin()"> Username:&nbsp; <input id="userDisplayName" type="text" value="john@paypal.com"></input> <br> <input type="submit" value="FIDO Login"> </form> <div id="success"></div> </body> </html>