mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-06 11:23:48 -05:00
c26a596839
The flow of the code is roughly as follows: user clicks button on webauthn page js sends GET request python reads GET request, sets up login challenge python returns login challenge in response js reads GET response, passes login challenge to browser browser asks user to touch yubikey browser returns yubikey challenge response data to js js sends POST request with yubikey challenge response data python reads yubikey challenge and compares with users creds from db if its a match, python signs user in The login challenge is a PublicKeyCredentialRequestOptions: [1] The browser function we call is navigator.credentials.get(): [2] The response to the challenge from the browser is a PublicKeyCredential: [3] The python server does all the work setting those up and tearing them back down again (and checking them against the values we have stored in the database), but we need to do work to convert them to-and-from CBOR. [1] https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialRequestOptions [2] https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get [3] https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredential