from fido2.hid import CtapHidDevice from fido2.client import Fido2Client from fido2.server import Fido2Server from fido2.webauthn import PublicKeyCredentialRpEntity # Discover FIDO2 devices connected via USB devices = list(CtapHidDevice.list_devices()) if not devices: raise ValueError("No FIDO2 device found") device = devices[0] # Use the first available device client = Fido2Client(device, "https://example.com") rp = PublicKeyCredentialRpEntity("example.com", "Example RP") server = Fido2Server(rp) # Example: Registration user = {"id": b"user_id", "name": "john_doe", "displayName": "John Doe"} challenge = server.register_begin(user) # Prompt user to perform registration action on the device attestation_object, client_data = client.make_credential(challenge['publicKey']) # Finalize registration on the server auth_data = server.register_complete(challenge['state'], client_data, attestation_object) print("Registration complete. Credential ID:", auth_data.credential_data.credential_id) # Example: Authentication credentials = [auth_data.credential_data] challenge = server.authenticate_begin(credentials) # Prompt user to perform authentication action on the device assertion, client_data = client.get_assertion(challenge['publicKey']) assertion_response = assertion[0] # Assuming the first assertion (most common scenario) # Finalize authentication on the server server.authenticate_complete(challenge['state'], credentials, assertion_response, client_data) print("Authentication successful!")