search

google / u2f-ref-code

U2F reference implementations
BSD 3-Clause "New" or "Revised" License
588 stars 182 forks source link

Multi-facet endpoint not working with JS API & Chrome 59 #161

Open kspearrin opened 7 years ago

kspearrin commented 7 years ago

Using Chrome 59.0.3071.109. No extension.

Navigating to https://localhost:44377/app-id.json resolves the following JSON:

{"trustedFacets":[{"version":{"major":1,"minor":0},"ids":["https://localhost:4001"]}]}

Content-type is set to application/fido.trusted-apps+json

Screenshot:

image

image

My website invoking this is at https://localhost:4001/...

Code:

// Works as expected and I get response data in callback
doRegister({
   appId: 'https://localhost:4001',
   challenge: 'YEo8uW-0QfYrSudu1B_iLurfp7kG9ECbVuCE-GVNkmc'
   version: 'U2F_V2'
});

// Does NOT work. errorCode: 2 (bad request) in callback
doRegister({
   appId: 'https://localhost:44377/app-id.json',
   challenge: 'YEo8uW-0QfYrSudu1B_iLurfp7kG9ECbVuCE-GVNkmc'
   version: 'U2F_V2'
});

function doRegister(myChallenge) {
    window.u2f.register(myChallenge.appId, [{
        version: myChallenge.version,
        challenge: myChallenge.challenge
    }], [], function (data) {
        if (data.errorCode) {
            console.log('errorCode: ' + data.errorCode);
            return;
        }
        console.log('Response: ');
        console.log(JSON.stringify(data));
        return '';
    });
}

I am using the latest (as of today) api from https://github.com/google/u2f-ref-code/blob/master/u2f-gae-demo/war/js/u2f-api.js

Any ideas?

kspearrin commented 7 years ago

Looks like this question on SO is having the same problem: https://stackoverflow.com/questions/33610042/u2f-integration-with-multiple-facetids-without-chrome-extension-but-u2f-api-js

One of the answers suggests:

I guess you have different origins in your appId json, the origin of facetID must be the same as AppID, for example: all facetID in https://example.com/app-id.json must have the same origin of https://*.example.com

so in your case your trustFaceID should all belong to https://localhost:44300

Is this the case? I do not see that mentioned anywhere in the spec, however, the examples shown in the spec do follow that logic.

yackermann commented 6 years ago

@kspearrin Add your localhost CA cert into the browser

xuwei2014 commented 6 years ago

@kspearrin Do you have solved this issue? I have the same problem with you.