microg / GmsCore

Free implementation of Play Services
https://microg.org
Apache License 2.0
8.54k stars 1.72k forks source link

Passkeys/CTAP2 Hybrid Transport support #2150

Open PalanixYT opened 9 months ago

PalanixYT commented 9 months ago

Is your feature request related to a problem? Please describe. Passkeys are meant to be used across devices. This takes the form of either syncing or using the phone as an authenticator. This can happen for example via scanning a QR code

Describe the solution you'd like Implementing CTAP2 hybrid transport and the correspondenting INTENT handler.

Additional context

I'm not even sure if it isn't implemented yet, at least the intent handler isn't. During a quick look through the source code I didn't find anything but I'm not equipped to touch security critical code

alex9099 commented 9 months ago

I've been exploring this topic a bit, I implemented (albeit poorely) the CTAP2 command to get the pinToken (what allows you to get passkeys and pin authentication to work) on my fork. Haven't had much time to play with it, but feel free to take a look (https://github.com/alex9099/GmsCore)

ale5000-git commented 2 months ago

@alex9099 microG now supports FIDO2 authenticators with a PIN. Is there something in your changes that isn't already included in microG?

PalanixYT commented 2 months ago

I believe that this isn't about FIDO2 itself but about CTAP2 which allows the phone to be used as an authenticator on other platforms such as PCs

ale5000-git commented 2 months ago

I think there is a lot of common code shared between them, and looking at the change: Fido: Fix using Chrome on Android as Authenticator for Desktop via USB it can already be used via USB.