Bio-metric Authentication #43
Comments
|
It should just work. I use it with a fingerprint reader on Windows 10 in conjunction with Windows Hello, and others have reported it works on recent Android with the fingerprint reader. It won’t work on iPhone at all as Safari doesn’t support webauthn, nor a Mac fingerprint reader, but a yubico or Titan security key works in chrome or Firefox on Mac. The code shouldn’t care what satisfies the authentication, though documentation is thin in the ground for some fields. I the case of Windows 10, my understanding is it is actually Windows Hello serving as intermediary between any device it supports and the webauthn interface in the browser. |
|
Thanks David for the update. I have tested this with One Plus 7 and Samsung S8 phone in both case it is not working as expected. I have tested both phone with webauthn.me and it is working fine. Just curious what might be wrong if you can help me I appreciate it. |
I maybe just don't get it right -> You just mean bio-metric authentication there? |
|
@schiederme The webauthn standard is not supported at all by Safari either on iOS or Mac, so you can't use an iPhone fingerprint reader or face detection with webauthn (yet) to authenticate on a website. On MacOS, Firefox and Chrome do support webauthn (not Safari) but they can't access the Mac's built-in fingerprint reader (if you have one), so they only work with separate devices, like USB security keys (Yubico/Titan). In short, Apple support for webauthn does not exist. |
|
@securewebsite Unfortunately I don't have an Android device I can test with. I do know that others reported earlier that it worked, at least on Android Pi. If you have set crossPlatform=TRUE in prepareChallengeForRegistration, try FALSE instead. Failing that, the most likely thing is that some other algorithm is used in $result->pubKeyCredParams. The thing to do is compare the code for one that is known to be working and see where the differences are. The documentation is very thin on the ground for waht you're supposed to do. |
|
@davidearl Thanks for the update. I did that but this does not work. I will compare the code and will update you here how this worked for me. Thanks a lot for your inputs. |
|
Just to pitch in, You can use Mac's built-in fingerprint reader in Firefox and Chrome (Tested on latest MacBook Air, unsure of MacOS version). I've managed to get it working along with Android biometric readers (Tested on OnePlus 5 and OnePlus 6T). I did have to create new code specific to the project I was working on due to key storage constraints so I wasn't able to use this package. I'd love to share the code but unfortunately it's under a proprietary licence. It may help if you give us some information about why it doesn't work? Are there any message? What things do you see? |
|
Thanks , I made this working but I found one issue with this. Though, in bio-metric it is used with one finger. I can use another finger and it authenticates the user. Even, I tried with same user with another person's finger print and it worked. I am still testing this and will update you soon. Is it issue with CORB or WebAuthn? |
|
This is an issue with the device you are using. WebAuthn knows nothing about the device or how it's authenticated. Only that it has been authenticated. If you're getting authenticated with a finger that you shouldn't you need to check the device settings. The device should reject the authentication which tells the web interface to reject it as well. |
|
Thanks but as client does not recognize the which Finger it has and Desktop OS does not store Finger print data like Android or iOS. I have to store Finger print data somewhere which would help me to identify the which finger print is used and use it to verify each time before completing authentication. |
|
That’s not the scope of Webauthn and to save them by yourself is a bad, bad idea.
Maxi
… On 13. Jul 2020, at 21:16, Gaurav Maniar ***@***.***> wrote:
Thanks but as client does not recognize the which Finger it has and Desktop OS does not store Finger print data like Android or iOS. I have to store Finger print data somewhere which would help me to identify the which finger print is used and use it to verify each time before completing authentication.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I think you might need to take a step back from your project and reevaluate the WebAuthn API and its intended uses |
Hello,
Please let me know what needs to be change to enable webauthn.php to accept bio-metric based authentication. Current script does not have that option available.
Regards,
Gaurav Maniar
The text was updated successfully, but these errors were encountered: