How to save credentials on server

Yubico / python-fido2

Provides library functionality for FIDO 2.0, including communication with a device over USB.

BSD 2-Clause "Simplified" License

432 stars 109 forks source link

How to save credentials on server #168

Closed the2nd closed 1 year ago

the2nd commented 1 year ago

Hi,

currently i am trying to migrate my authentication server from u2f to fido.

I found examples/credential.py which works on my test setup. With u2f there was the key handle to be saved on server side. How does this work with fido? What part must be saved on server side after token registration?

Thanks a lot for any help.

the2nd commented 1 year ago

Hi,

currently i am trying to migrate my authentication server from u2f to fido.

I found examples/credential.py which works on my test setup. With u2f there was the key handle to be saved on server side. How does this work with fido? What part must be saved on server side after token registration?

Thanks a lot for any help.

Okay after some investigation was able to export credential data as hex: hex_dump = auth_data.credential_data.hex()

and load it with: credential_data = AttestedCredentialData(bytes.fromhex(hex_dump))

dainnilsson commented 1 year ago

Many of the data types used in WebAuthn are binary types (bytes in Python) and can be stored either as blobs in a database, or serialized to string in some way, like hex for instance as you are doing. Either of these approaches are fine, and depend on what is convenient for your purposes. I'm glad you found a solution that works!