U2F authentication library
This is a simple library to register and check signatures provided by U2F clients/devices. It's intended to be used in Relying Parties - websites that want to add U2F 2-factor authentication for their users.
To use U2F, it is recommended to familiarize yourself with FIDO Alliance Specifications, although basic usage is shown below.
- U2F provides hardware-based 2-nd factor authentication system. Public/private key infrastructure is used to ensure good security.
- Provides proof of posession of hardware key, plus user presence flag.
- Public/private key pairs are specific to website origin and 'application id'. Keys are useless if used from other origins.
- Needs to be stored on server for each user: Key handle and public key (both strings).
- Cannot be used as main authentication system because server needs to provide unique key handle to the user to get the signature.
User Registration Flow
const registrationRequest = ... // Retrieve this from hitting the registration challenge endpointwindowu2f;
User Authentication Flow
const authRequest = ...; // Retrieve this from hitting the authentication challenge endpointwindowu2f;
- Provide instructions for client-side. How to get the 'u2f' namespace, what browsers are supported.
- Change API to enable multiple keyhandle/publickey pairs for a single user.
- Unpack registration certificate and check its own signature and time constraints.