Resident Key / UserHandle Authentication?

Yubico / python-fido2

Provides library functionality for FIDO 2.0, including communication with a device over USB.

BSD 2-Clause "Simplified" License

432 stars 109 forks source link

Resident Key / UserHandle Authentication? #81

Closed p-ryan closed 4 years ago

p-ryan commented 4 years ago

Follow-up from issue #75:

I was able to get resident keys to work with 0.8.1, thanks! In order to get it to work, I had to delete 'allowCredentials' from public_key (it was an empty list) before calling client.get_assertion.

I have the following code in place but it doesn't seem ideal:

if not public_key['allowCredentials']:
    del public_key['allowCredentials']

Otherwise it works!

Thanks, Patrick

dainnilsson commented 4 years ago

Is there a reason that public_key["allowCredentials"] is an empty list to start with rather than None?

Regardless, I think it would be more helpful if the Fido2Client strips the empty list instead of passing it to the Authenticator (so that you can pass either an empty list or None), so I'll go ahead and implement that change for the next release.

dainnilsson commented 4 years ago

Closing as this was implemented in c4e4e6b.