U2F-Client: Access U2F/USB keys directly, without browser
For a general description, please see Universal Second Factor authentication. This module provides FIDO client functionality: it provides access to available USB/HID hardware keys (role that usually filled by a web browser).
Using this module, you can build a hardware security system with U2F keys authentication, or provide U2F interface in browser emulation.
To create and check register/sign requests, please see other module: u2f.
Features
- Straightforward, node.js style API: callbacks & events.
- Supports all OS-es via excellent node-hid module.
- Supports standard U2F Javascript API for browsers, checking facetId etc.
Usage
var u2fc = ; // High-level API // registerRequest and signRequest, as well as returned values are specified in U2F documentationu2fc // Register U2F device, requires user presenceu2fc // Signs with U2F device, requires user presenceu2fc // Check if signRequest is acceptable, doesn't require user presence. Returns true or false.u2fc // Returns array of connected deviceInfo-s. // Eventsu2fcon 'waiting-for-device' // Request user to insert a U2F device, as there's no devices foundu2fcon 'user-presence-required' // Request user to touch the U2F device (issued after register or sign requests) // U2F Javascript API for Web Browsers // Careful, the callback convention is different - both error and result come as first and only argument.// Origin of the requesting party must be provided and will be checked according to the spec rules.browserU2F = u2fcbrowserU2FbrowserU2F // Optionsu2fcwaitForDevicesTimeout = 10000 // How much time should we wait if no device present.u2fcuserPresenceTimeout = 10000 // How much time to wait for pressing the button on device.
Examples
TODO
- it seems linux doesn't provide usage & usagePage information -> use hardcoded vendorId/productId table?
- provide more consistency with respect to concurrent usage at the driver level (login+insert key fails), + don't close device every time.
- provide 'disconnected' event on client.
- test U2FClient, browser api.
- comprehensive timeouts: low-level and BrowserAPI
- command-line interface? (u2f sign, u2f register) maybe another module?
License: MIT