In this repo, you can find the demos showed at the Commit Conf 2019. It's a simple web to demonstrate the use of WebAuthn API in the browser, supporting multiplatform authenticators.
The backend is a .Net Core web app using the Fido2 library to implement the cryptography plumbing and some models to communicate with the frontend.
The frontend is just Html and TypeScript (obviously compiled to JS) using the integrated APIs in your browser.
Also, take a look at the slides presented in the talk for a complete reference and a lot of stuff of the protocols, libraries, etc.
Only a few requirements are needed to build and run the project: .Net Core 2.2 SDK (You can download it from https://dotnet.microsoft.com/download) and a modern browser to have fun!
Once installed, just clone the repo, then, in the console of your choice run the following commands:
npm install
It'll install the necessary dependencies to compile the TypeScript files and copy modules.
npm start
This will run the gulp tasks, then the dotnet server locally.
If you want to access the site from the internet, for example, to try the capabilities of your mobile phone regardless of WebAuthn, then you need some kind of tunnel to your host.
In this case, I'll recommend two options: ngrok or localtunnel.me
The first one has some free tier, but https it's a premium feature. It works like a charm.
The second one it's free, even the https redirection to your localhost, but sometimes fails. 😔
Finally, if you go with localtunnel.me, after install the npm package (please refer to the repository), the command to establish the tunnel is:
lt -p 5000 --local-https local-cert .\localhost-demo.p12 --allow-invalid-cert
This will create the tunnel to port 5000 (the one where the demo app is running) enabling https redirect and ignoring invalid certificates.
There are other options out there, take a look and choose whatever you want!
Despite the original demo was made with a set of physical keys, for testing purposes (or even as a backup method), you have software alternatives in the form of a mobile app and browser plugin, Krypton Authenticator is a great app that do the job.
This work is licensed under the MIT License