刚开始玩Yubiky,我的问题基于以下假设:
- Passwordless不需要知道基于以下演示的用户名
- 基于此文档,可以省略
allowedCredentials
我使用django包django-fido注册了Yubiky
我在使用navigator.credentials.get(publicKey)从yubiky获取凭据时遇到问题,我正在传递的公钥参数如下:
{challenge: Uint8Array(32), rpId: 'localhost'}
上面说Yubiky没有在这个网站上注册,但我很确定我注册了,因为如果我不使用无密码的方法,通过指定allowedCredentials,我可以找到密钥:
{challenge: Uint8Array(32), rpId: 'localhost', allowCredentials: Array(1)}
OK,深入django-fido包views.py发现我需要指定resident_key=True来将凭证存储在密钥上
def create_fido2_request(self) -> Tuple[Dict, Dict]:
"""Create and return FIDO 2 registration request.
@raise ValueError: If request can't be created.
"""
user = self.get_user()
assert user.is_authenticated, "User must not be anonymous for FIDO 2 requests."
credentials = self.get_credentials(user)
return self.server.register_begin(self.get_user_data(user), credentials, user_verification=self.user_verification, resident_key=True)