User interface for approvals? about virtual-fido HOT 3 OPEN

Right now I am working on a frontend GUI to this system to make it more user friendly, but I am open to others also building potential frontends as well. Personally, I think it is important (and required by the FIDO spec) to get actual user approval, because otherwise any random process could request a login/assertion from the device and get it automatically. The FIDO spec requires that the device verify user presence (and potentially user authentication with a PIN) so I would default to doing that.

from virtual-fido.

Haven´t read the spec in detail. Was just curious whether really two user interactions are required. May be the firefox prompt could be turned off instead of doing auto-approval.
I don´t want to interfere with you implementing a GUI. Actually I am happy just to use software as provided. However, can you really do decent native UIs, assuming that notification mechanisms are usually OS-dependent? Which OSes are you going to tackle? Probably the first step is to define an API between the fido component and a notification component, and whether the notification component is launched on demand or not.

from virtual-fido.

The goal for this package is for that interface between FIDO and the frontend to be clearly defined with the FIDOClient interface, where this package handles all of the FIDO/USB protocol stuff and then people being able to build any secret storage or interface on top of it. I wouldn't say that interface is perfect, so I'm happy to take suggestions/feature requests for exactly how to define that interface. The current interface is mainly just built out of requirements for getting the demo up and running, as well as a few additional features for the separate GUI stuff I'm building.

The GUI that I'm building right now is essentially the software version of the hardware buttons you might find on a Yubikey; you can approve various requests to the device as well as view and manage the various credentials that are stored on the device. Unfortunately it seems like it might be hard to support Mac since Mac doesn't support USB/IP, but I'm taking a look at alternate USB emulation (that I would add to this project).

For the auto-approval/UX part, it's difficult since the various operating systems and browsers seem to be intent on adding extra clicks in front of the device, even with hardware devices like Yubikeys. For instance, on Chrome+Windows, you have to approve it inside Chrome, then approve it on Windows, then approve it on the Yubikey/Virtual FIDO device, which is an annoying user experience.

from virtual-fido.