WebAuthn-practice works as WebAuthn/FIDO2 RP Server and can be used as testing tool for WebAuthn Authenticator and Client. i.e.) Windows10 Edge, Chrome, Firefox and macOS Touch Id, Android Chrome.
The app outputs and records logs of Attestation and Assertion's Response and Options.
If you are WebAuthn/FIDO2 developer, Their output and logs will be useful well.
- Registration(Attestation) and Authentication(Assertion).
- Support Attestation Statement Type ('packed(Basic and Self)', 'android-saftynet', 'fido-u2f' and 'none', expect 'tpm', 'android-key' and 'packed(ECDAA)').
- Support signature algorithm EC256 and RS256.
- Change request options(Credential and Assertion).
- Register users with credential info.
- Records Attestation Response and View details.
- python >=2.7 + Flask >=1.0.2 (Not support python3 yet)
[NOTICE] WebAuthn RP Server need HTTPS Web server as FrontEnd. Because of WebAuthn's security cause. You MUST setup HTTPS Web server (i.e. Nginx, Apache httpd) after setting RP server up.
- Windows10 >= 1809
- Browser
- Edge
- Chrome >= 70
- Firefox >= 63
- Devices
- Face-Camera and Fingerprint-Sensor on Windows Hallo
- YubiKey
- FIDO U2F Security Key
- Browser
- macOS >= 10.14
- Browser
- Chrome >= 70
- Firefox >= 63
- Devices
- TouchID
- YubiKey
- FIDO U2F Security Key
- Browser
- Android >= N
- Browser
- Chrome >= 70
- Devices
- Fingerprint-Sensor
- YubiKey
- FIDO U2F Security Key
- Browser
I do not guarantee of a suitable operation at all.
1.Download source from GitHub to your app's directory.
$ cd /var/www/webauthn-practice
$ git clone https://github.com/snakaya/WebAuthn-practice.git .
2.Install required python modules.
$ pip install -r requirements.txt
3.Setup Database.
$ cd /var/www/webauthn-practice/app
$ python create_db.py
4.Start WebAuthn-practice
$ python app.py
You can access to http://localhost:5000/ .
Please refer sample/.env.sample
Please set Database connection info via Environment Variables.
$ export WEBAUTHN_DB_TYPE=mysql
$ export WEBAUTHN_DB_USERID=scott
$ export WEBAUTHN_DB_PASSWORD=tiger
$ export WEBAUTHN_DB_HOST=127.0.0.1
$ export WEBAUTHN_DB_NAME=sampledb
- WEBAUTHN_DB_TYPE
- (Required) set your DB Type the followings:
- SQLite: 'sqlite' (default)
- MySQL: 'mysql'
- PostgreSQL: 'postgresql'
- Oracle: 'oracle'
- (Required) set your DB Type the followings:
- WEBAUTHN_DB_USERID
- set DB UserID.
- WEBAUTHN_DB_PASSWORD
- set DB UserID's Password.
- WEBAUTHN_DB_HOST
- set Database HostName or IP Address.
- WEBAUTHN_DB_NAME
- set Database Name (SID in Oracle, DB FileName in SQLite).
if you change DB Type, Please retry to create db.
WebAuthn RP need to be set RP ID and Origin URL before of startup via Environment Variables.
$ export WEBAUTHN_RP_ID=www.example.com
$ export WEBAUTHN_ORIGIN=https://www.example.com
- WEBAUTHN_RP_ID
- (Required) set your RP ID. i.e.) 'www.example.com'
- WEBAUTHN_ORIGIN
- (Required) set your origin URL. It MUST be match to your site's canonical URL. i.e.) 'https://www.example.com'
Yes, It is good idea. Please refer sample/uwsgi.ini.sample. Edit it and copy to your app directory.
$ uwsgi --ini uwsgi.ini
-[ ] Support Python3
-[ ] make docker-compose
Seiji Nakaya / LOOSEDAYS (snakaya-(^^)-loosedays.jp)