Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Pass] Custom Authenticator for WebAuthn #13

Closed
pandres95 opened this issue May 31, 2024 · 0 comments · Fixed by virto-network/webauthn#1
Closed

[Pass] Custom Authenticator for WebAuthn #13

pandres95 opened this issue May 31, 2024 · 0 comments · Fixed by virto-network/webauthn#1
Assignees
@pandres95 @jgutierrezre

Comments

@pandres95
Copy link
Member

Motivation

Based on #5, the Authenticator trait was released on fc-traits-authn. In order to provide integrations with usable authentication mechanisms for pallet-pass, it's suggested to implement an authenticator that validates

Design

Define a structure that implements the required methods by the Authenticator trait.

pub trait Authenticator {
    fn get_device_id(&self, device: Vec<u8>) -> Option<DeviceId>;
    fn authenticate(
        &self,
        device: Vec<u8>,
        challenge: &[u8],
        payload: &[u8],
    ) -> Result<(), AuthenticateError>;
}

Implementing get_device_id

For get_device_id, we'll need to get an [u8; 32] that represents the PublicKeyCredentials object, encoded in the device parameter. The method returns Some if the device is able to be authenticated by this authenticator (i.e. this device is an actual encoded representation of some PublicKeyCredentials).

Implementing authenticate

For authenticate, the method returns a Result with a unit (()) success whenever the payload sent by the device resolves the challenge given by pallet-pass, using a device provided by the user trying to authenticate, or an error when the challenge can't correctly be resolved by the given device.

For example, Alice sends an authentication request with a given device: the public key ABC, and a payload that is the signature of the challenge, using the private key that derives this public key. The result for this method should be a success.

On the other hand, Bob sends an authentication request, with a given device: the public key DEF, but the payload is a signature of the challenge using a different private key from the one that produced DEF. In this case, the signature is not correctly assesed, and the challenge fails, therefore the method returns an error.

Finally, Charlie sends an authentication request, with a given device: the sub id 123456. This is not a PublicKeyCredentials representation, but something else. The method should return an error.
@olanod olanod added this to Kreivo Q3 Jun 11, 2024
@olanod olanod moved this to Backlog in Kreivo Q3 Jun 11, 2024
@pandres95 pandres95 moved this from Backlog to In progress in Kreivo Q3 Jun 26, 2024
@olanod olanod moved this from In progress to Backlog in Kreivo Q3 Jul 5, 2024
@pandres95 pandres95 assigned pandres95 and unassigned olanod Aug 9, 2024
@pandres95 pandres95 linked a pull request Oct 14, 2024 that will close this issue
feat: add cargo workpaces + add pass-webauthn virto-network/webauthn#1
Merged
@github-project-automation github-project-automation bot moved this from In progress to Done in Kreivo Q3 Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pandres95 pandres95

@jgutierrezre jgutierrezre

Labels
None yet
Projects
No open projects
Kreivo Q3
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add cargo workpaces + add pass-webauthn virto-network/webauthn
3 participants
@olanod @pandres95 @jgutierrezre