57 lines
1.7 KiB
Python
57 lines
1.7 KiB
Python
from fido2.server import Fido2Server
|
|
from fido2.webauthn import (PublicKeyCredentialRpEntity, PublicKeyCredentialUserEntity,
|
|
PublicKeyCredentialParameters, PublicKeyCredentialCreationOptions)
|
|
from fido2.client import Fido2Client
|
|
from fido2.hid import CtapHidDevice
|
|
import os
|
|
|
|
# Setup the relying party (RP) entity
|
|
rp = PublicKeyCredentialRpEntity("auth.eggtech.net", "Example RP")
|
|
|
|
# Setup the user entity
|
|
user = PublicKeyCredentialUserEntity(
|
|
id=b'user_id', # User ID as bytes
|
|
name="user@example.com",
|
|
display_name="User Display Name"
|
|
)
|
|
|
|
# Define the public key credential parameters
|
|
cred_params = [
|
|
PublicKeyCredentialParameters("public-key", -7), # ES256
|
|
PublicKeyCredentialParameters("public-key", -257) # RS256
|
|
]
|
|
|
|
# FIDO2 Server setup
|
|
server = Fido2Server(rp)
|
|
|
|
# Generate a random challenge
|
|
challenge = os.urandom(32)
|
|
|
|
# Manually create the PublicKeyCredentialCreationOptions
|
|
options = PublicKeyCredentialCreationOptions(
|
|
rp=rp,
|
|
user=user,
|
|
challenge=challenge,
|
|
pub_key_cred_params=cred_params
|
|
)
|
|
|
|
# Start the registration process (adjust this method if needed)
|
|
registration_data, state = server.register_begin(
|
|
user=user,
|
|
challenge=challenge
|
|
)
|
|
|
|
# Assuming the device is the first one connected
|
|
device = next(CtapHidDevice.list_devices(), None)
|
|
if device is None:
|
|
raise ValueError("No FIDO device found")
|
|
|
|
# Client instance for the device
|
|
client = Fido2Client(device, "auth.eggtech.net")
|
|
|
|
# Use the manual options we created for make_credential
|
|
attestation_object, client_data = client.make_credential(options)
|
|
|
|
# Finalize the registration to validate the response and store the credentials
|
|
auth_data = server.register_complete(state, client_data, attestation_object)
|