I'm interested in hearing people's thoughts on adopting FIDO2 platform APIs on Linux, akin to Windows Hello, or Android's Fido2ApiClient -- which Firefox already delegates to on those platforms.
I've written a FIDO2 (WebAuthn) and FIDO U2F platform library in Rust [1], for Linux. It's a WiP, but it already supports the main FIDO2 ceremonies, both FIDO2 PIN protocols, and downgrading WebAuthn for U2F devices (as per specs). I've tested this with as many security keys I could get my hands on so far [2]. It's designed to have pluggable transports, currently supporting HID and BLE (via Bluez), and plans for NFC and caBLE. As mentioned before, whilst it could be used directly as a library, the main objective is to provide a backend for new D-Bus platform APIs. Secondary goals include supporting TPM platform authenticators, and supporting containerised applications (e.g. Flatpaks[3]), without requiring access to the USB stack, or BLE adapters. I'm trying to gauge interest in Firefox delegating U2F and FIDO2 to the platform. If this sounds feasible, as the next step I will try and reach out to GNOME shell folks. I reached out earlier to some System76 engineers working on the Cosmic DE, as they may also be interested. [1] https://github.com/AlfioEmanueleFresta/xdg-credentials-portal [2] https://github.com/AlfioEmanueleFresta/xdg-credentials-portal/wiki/Verified-hardware [3] https://github.com/flatpak/flatpak/issues/2764 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1877038 Title: [upstream] Firefox lacks FIDO2 support with Yubikeys Status in Mozilla Firefox: Confirmed Status in firefox package in Ubuntu: Triaged Bug description: Ubuntu LTS versions affected. "Passwordless" authentications with Yubikeys using Firefox don't work with FIDO2. Tested both with the yubikey software packages from the bionic/universe repo and those from the vendor https://www.yubico.com/ To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1877038/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
