Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can register with phone fingerprint but no login with fingerprint. #9

Closed
CloakformGit opened this issue Mar 17, 2019 · 8 comments
Closed

Can register with phone fingerprint but no login with fingerprint. #9

CloakformGit opened this issue Mar 17, 2019 · 8 comments

Comments

@CloakformGit
Copy link

CloakformGit commented Mar 17, 2019
edited
Loading

Hi, great work! Found a bug though: registering works, chrome prompts for 3 types of hard keys and fingerprint option. When try to login, the fingerprint option is missing... Tried to add internal to transport options but no effect. On webauthn.io it works very smooth because it saves the device type so you can immediatly use fingerprint for login instead of having to selecting it first. Maybe a good addition? Try webauthn.io on mobile to see what i mean ;)
@geraldkrug
Copy link

http://g-d-k.com/authn/example/index.php

This is the way to use webauthn in production.

@CloakformGit
Copy link
Author

http://g-d-k.com/authn/example/index.php

This is the way to use webauthn in production.

Hi, sorry but I don't think so. Your script doesn't work at all on my Samsung S7 or Chrome on Windows. No hardware key/fingerprint prompt at all..

The solution at webauthn.io is by far the best UX (they also remember the device so when login you get the prompt for the key type you registrered with. However, their code is in Go and Java.

Yes, David's solution might need some polishing (like storing the data in a database, but I understand the use of files is just for demo purposes) but comes a long way. @davidearl Hope you read this and can update the login (incl. saving the type of used hard/soft key) part ;)

@geraldkrug
Copy link

geraldkrug commented Mar 18, 2019
edited
Loading

Thank you, I aim to not use fingerprint, gestures or eyes. Seems the webauthn challenge is the best part of this so a registration to login without email is the future. I connected webauthn to a pastebin and it's perfect ;)

http://g-d-k.com/php-pastebin-v3-master/index.php

@geraldkrug
Copy link

I added auto complete to the form

@geraldkrug
Copy link

And I found an android app. "LoginPlus" that populates the focused web form.

@geraldkrug
Copy link

geraldkrug commented Mar 21, 2019
edited
Loading

Ok image checking added to login form as an added challenge.

@CloakformGit
Copy link
Author

CloakformGit commented Mar 21, 2019
edited
Loading

Hi Gerald, i only submitted a bug to david... I personally don't like your solution(s) (not what were looking for) and find it strange/kind of disrespectful that you keep "advertising" your scripts in someone elses script issue tracker. Nice to see that you're so passionate, but please post notifications on your own github page :)

@davidearl
Copy link
Owner

I added some notes to the code about using with fingerprint, and a longer discussion in similar issue #6 . Note that for Android Pie, there appears to need to be one change which doesn't conform to the spec, though I think it would be safe in practice. Closing this one now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidearl @geraldkrug @CloakformGit