Phido2 is a library for authentication by Fast IDentity Online (FIDO) 2.0credential, written in PHP and JavaScript.

Bạn đang xem:

Dependencies

Server-side, the only dependencies are on PHP & its OpenSSL extension.

Client-side, the only known FIDO 2.0 implementation is the Windows Helloauthenticator in Microsoft Edge.

Usage

Two workflows are defined: credential creation & assertion validation.

Initialization

Instantiate an instance of the Phido2Phido2 class on the server. Ittakes two arguments: the site"s display and server names.


Generate request parameters using the getParams method of the Phido2object. It takes two arguments: the user"s tài khoản name, & an optionallist of existing credentials known to belong lớn the user; and returns a JSONstring.


function callback(response)document.getElementById("response-input").value = response;document.getElementById("response-form").submit();

Credential Creation

In the browser, hotline the makeCredential method of the Phido2 object with therequest parameters & callback constructed previously. This will cause thebrowser to authenticate its current user & provide the public authenticationcredentials to the callback.

Xem thêm: Vụ Kiện Thần Đồng Đất Việt Chính Thức Thắng Kiện, Họa Sĩ Lê Linh Thắng Kiện Vụ “Thần Đồng Đất Việt”


On the server, JSON-decode the credentials & validate them using thevalidateCredential method of the Phido2 object. This method is currently ano-op, but attestation validation would take place therein were anyauthenticators presently returning attestation information, and invalidcredentials would be indicated by raising an exception.


error)) raise new Exception($credential->error);$phido2->validateCredential($params, $credential);">

$credential = json_decode($_POST<"response-input">);if (isset($credential->error)) raise new Exception($credential->error);$phido2->validateCredential($params, $credential);
Store the validated credential in a database.

Assertion Validation

In the browser, điện thoại tư vấn the getAssertion method of the Phido2 object with therequest parameters & callback constructed previously. This will cause thebrowser to authenticate its current user và issue an assertion signed bythat user"s credential"s private key.


On the server, JSON-decode the attestation, retrieve the identifiedcredential"s public key from the database, & validate the assertion.An exception is raised if the given credential"s public key fails tovalidate the assertion"s signature.


error)) raise new Exception($assertion->error);$pkey = get_credential_from_database($assertion->id)->publicKey;$phido2->validateAssertion($params, $assertion, $pkey);">

$assertion = json_decode($_POST<"response-input">);if (isset($assertion->error)) raise new Exception($assertion->error);$pkey = get_credential_from_database($assertion->id)->publicKey;$phido2->validateAssertion($params, $assertion, $pkey);

License

This program is không tính phí software: you can redistribute it and/or modifyit under the terms of the GNU Affero General Public License aspublished by the không lấy phí Software Foundation, either version 3 of theLicense, or (at your option) any later version.

This program is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public Licensealong with this program. If not, see http://www.gnu.org/licenses/.


You signed in with another tab or window. Reload to lớn refresh your session. You signed out in another tab or window. Reload khổng lồ refresh your session.

Chuyên mục: Tin Tức