This repository implements a register and authenticate endpoint and provides frontend (JavaScript) code that demonstrates a simplified registration and authentication workflow.
The portion of U2F auth that is implemented here is reduced to the absolute minimum and does not include device attestation or any other advanced features.
You can find a simple register and auth demo application at index.html that utilizes u2f-api-1.1.js to interface with U2F keys.
The following API endpoints are implemented:
/auth/register/beginInitiate registration of a new U2F key, retrieve requested key handle from server./auth/register/completeComplete the registration of a new U2F key by providing the backend with an ecdsa key that is signed with the device certificate for the requested key handle./auth/authenticate/beginInitiate user authentication via U2F, provide user credentials, retrieve challenge from server./auth/authenticate/completeComplete the authentication by submitting the ecdsa signed challenge back to the server.
Use u2f.NewU2FApi with a http.HTTPServer to integrate the authentication endpoints into your web application. The
HTTP server must serve content via HTTPS for U2F to work.
You must also provide a database that stores key handles and public keys associated with key identifiers. See db_interface.go.
For a complete demo server application have a look at u2f-demo-server.
The /auth/authenticate/begin API sets a cookie named U2FTID that stores the key identifier for the duration of the
authentication process.
You may want to read at least FIDO-U2F-CHEAT-SHEET.pdf before using this code.
This code may be used under the BSD-3-Clause License