W3C Web Authentication API (a.k.a. WebAuthN / FIDO 2.0) RP library in Elixir
If available in Hex, the package can be installed
by adding web_authn_lite
to your list of dependencies in mix.exs
:
def deps do
[
{:web_authn_lite, "~> 0.1.0"}
]
end
Documentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/web_authn_lite.
challenge = WebAuthnLite.Challenge.generate_base64_url_encoded_challenge()
conn
|> put_session(:webauthn_register_challenge, challenge) # for phenix etc...
...
Set Base64 URL decoded challenge and call navigator.credentials.create()
Encode following params and send them to server-side.
clientDataJSON
attestationObject
challenge = conn |> get_session(:webauthn_register_challenge)
{:ok, client_data_json} =
WebAuthnLite.Operation.Register.validate_client_data_json(
%{client_data_json: encoded_client_data_json,
origin: origin,
challenge: challenge
}
)
{:ok, storable_public_key, attestation_object} =
WebAuthnLite.Operation.Register.validate_attestation_object(
%{attestation_object: encoded_attestation_object,
client_data_json: encoded_client_data_json,
rp_id: rp_id,
up_required: up_required,
uv_required: uv_required})
pubkey = attestation_object.auth_data.attested_credential_data.credential_public_key
# identifier
pubkey_id = attestation_object.auth_data.attested_credential_data.credential_id
# key params
pubkey_map = pubkey.map
pubkey_json = pubkey.json
challenge = WebAuthnLite.Challenge.generate_base64_url_encoded_challenge()
conn
|> put_session(:webauthn_authn_challenge, challenge) # for phenix etc...
...
Set Base64 URL decoded challenge and call navigator.credentials.get()
Encode following params and send them to server-side.
clientDataJSON
authenticatorData
signature
challenge = conn |> get_session(:webauthn_authn_challenge)
{:ok, client_data_json} =
WebAuthnLite.Operation.Authenticate.validate_client_data_json(
%{client_data_json: encoded_client_data_json,
origin: origin,
challenge: challenge
}
)
{:ok, updated_storable_public_key, authenticator_data} =
WebAuthnLite.Operation.Authenticate.validate_authenticator_assertion(
%{credential_id: credential_id,
signature: encoded_signature,
authenticator_data: encoded_authenticator_data,
client_data_json: encoded_client_data_json,
public_keys: [storable_public_key],
rp_id: rp_id,
up_required: up_required,
uv_required: uv_required})