Some progress with FIDO2 Authenticator
Last (and previous) weekends I’ve spent on the real implementation of FIDO2 WebAuthN protocol. In reality, the problem is more deep and difficult than I was thinking before, so I have re-implemented the GATT server on Android to have higher-level language and libraries and better debugging capabilities.
At the moment I have fully working “Make Credential” workflow with proper certificate generation and response signing. Here’s short video with demonstration of the process
While implementing I’ve found one inconsistency in the documentation. When you’re sending back response with new credential the specification defines indexes of
0x02 respectively, while Chrome requires these parameters swapped -
0x01 should be
0x02 should be
As well I think the user’s interface is quite misleading if you work with BLE protocol. The Chrome asks the user which authenticator should be used while the actual communication with the device is already going in the background. User has no clue they should open up the device and perform next authentication steps with it.
So, the project is slowly moving forward.