Skip to content
Lyo Kato edited this page Nov 25, 2018 · 41 revisions

WIP

I'll translate this document into English, later.

Description

This library provides you a way to handle WebAuthn flow easily.

https://www.w3.org/TR/webauthn/

Features

Not implemented yet

  • Token Binding
  • Extensions
  • BLE Authenticator
  • BLE Roaming Service

Key Algorithm Support

  • ES256

Resident Key

This library force to use resident-key

Getting Started

Info.plist

Beforehand, modify your Info.plist for FaceID permission.

Add Privacy - Face ID Usage Description (NSFaceIDUsageDescription) item, and write your purpose.

webauthn_plist

Setup your WebAuthnClient

At first, compose your client object like following.

import WebAuthnKit

let userConsentUI = UserConsentUI(viewController: self)
let authenticator = InternalAuthenticator(ui: userConsentUI)
        
self.webAuthnClient = WebAuthnClient(
    origin:        "https://example.org",
    authenticator: authenticator
)

Credential Registration Flow

With a flow which is described in following documents, WebAuthnClient creates a credential if success.

var options = PublicKeyCredentialCreationOptions()
options.challenge = Bytes.fromHex(challenge) // must be Array<UInt8>
options.user.id = Bytes.fromString(userId) // must be Array<UInt8>
options.user.name = userName
options.user.displayName = displayName
options.user.icon = iconURL  // Optional
options.rp.id = "https://example.org"
options.rp.name = "your_service_name"
options.rp.icon = yourServiceIconURL // Optional
options.attestation = .required // (choose from .required, .preferred, .discouraged)
options.addPubKeyCredParam(alg: .es256)
options.authenticatorSelection = AuthenticatorSelectionCriteria(
    requireResidentKey: requireResidentKey, // this flag is ignored by InternalAuthenticator
    userVerification: verification
)

client.create(options).then { credential in
  // sent parameters to your server
}.catch { error in
  // error handling
}

Each option-parameter corresponds to JavaScript API implemented on web-browsers.

Flow with PromiseKit

WebAuthnKit currently adopt PromiseKit, so, whole registration process can be written like this.

import PromiseKit

firstly {

  self.yourServiceHTTPClient.getRegistrationOptions()

}.then { response in

  let options = self.createOptionsFromResponse(response)
  self.webAuthnClient.create(options)

}.then { credential in

  let requet = self.createHTTPRequestFromCredential(credential)
  self.yourServiceHTTPClient.postdRegistrationCredential(request)

}.done { resp

   // show completion message on UI

}.catch { error in

  // error handling

}

If you would like to stop while client is in progress, you can call cancel method.

self.webAuthnClient.cancel()

WAKError.cancelled will be dispatched as an Error of waiting Promise.

AUTHENTICATION

認証時も登録時と同じように、ほぼJavaScriptのAPIと同じような書き方が出来ます。

firstly {

  YourServiceHTTPClient.getAuthenticationOptions()

}.then { options in

  fidoClient.get(options)

}.then { assertion in

  YourServiceHTTPClient.postAssertion(assertion)

}.done {

  // 認証成功をUIに反映させる

}.catch { error in

  // ...エラー処理

}

LICENSE

MIT-LICENSE

Author

Lyo Kaot <lyo.kato at gmail.com>

Clone this wiki locally