Git Product home page Git Product logo

line-fido2-server's Introduction

LINE FIDO2 SERVER

Stars Repo Size License Apache-2.0 Top Language Spring Boot Java version Data base Last Commit

FIDO2(WebAuthn) Server officially certified by FIDO Alliance

Overview

FIDO (Fast IDentity Online) is an open standard for online authentication. It is designed to solve the password problems stemming from a lot of security problems as we are suffering today.

Rather than relying on symmetric credentials (like passwords or PINs, typically which is a knowledge-based factor), FIDO is based on a public-key cryptography algorithm that is based on asymmetric credentials.

Simply, the device generates the key pair and stores the private key within the secure area, and sends the corresponding public key (as the name implies it is okay to be public) to the server.

Then, if the authentication is needed, the server sends challenges to the device and the device generates the digital signature with the private key and sends it to the server.

Finally, the server can validate the signature with the registered public key.

What is FIDO2

FIDO2 is an improved standard for use on the web and other platforms as well as mobile. Various web browsers and OS platforms currently support the FIDO2 standard API.

Basically, FIDO2 has the following operations - Registration, Authentication.

Registration

  • The user is prompted to choose an available FIDO authenticator that matches the online service’s acceptance policy.
  • User unlocks the FIDO authenticator using a fingerprint reader, a button on a second–factor device, securely–entered PIN, or other methods.
  • The user’s device creates a new public/private key pair unique for the local device, online service, and user’s account.
  • The public key is sent to the online service and associated with the user’s account. The private key and any information about the local authentication method (such as biometric measurements or templates) never leave the local device.

Authentication

  • Online service challenges the user to log in with a previously registered device that matches the service’s acceptance policy.
  • User unlocks the FIDO authenticator using the same method as at Registration time.
  • The device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge.
  • The client device sends the signed challenge back to the service, which verifies it with the stored public key and lets the user log in.

Screenshots

Chrome on Mac with TouchId

registration_flow

Chrome on Mac with Secret Key (2FA)

registration_flow

Chrome on Android with Fingerprint (Reg)

registration_flow

Chrome on Android with Fingerprint (Auth)

registration_flow

Modules

  • server: The FIDO2 server implementation conforming to the FIDO2 standard
  • common: FIDO2 related common models
  • rp-server: The sample application with a FIDO2 RP implementation
  • spring-boot-stater: The spring-boot-starter version of the LINE FIDO2 server application that can be easily integrated into a Spring Boot environment

Features

  • Supported attestation types
    • Basic
    • Self
    • Attestation CA (a.k.a Privacy CA)
    • None
    • Anonymization CA
  • Supported attestation formats
    • Packed (FIDO2)
    • Tpm (Windows10 devices)
    • Android key attestation
    • Android SafetyNet (Any Android devices running 7+)
    • FIDO U2F (Legacy U2F authenticators)
    • Apple Anonymous
    • None
  • Metadata service integration
    • FIDO MDSv2

How to run

You need to run the FIDO2 server and RP Server first.

If you want to integrate your own RP Server, please implement APIs by referring to the sample codes. Regarding client sides, you may implement the web app for communicating with the RP server.

We also provide our server in the form of a spring boot starter. Check out the spring-boot-starter directory.

Manual

# Start RP Server
cd rpserver
./gradlew bootRun

# Start FIDO2 Server or Line-fido2-spring-boot Demo
cd server
./gradlew bootRun

cd spring-boot-starter/line-fido2-spring-boot-demo
./gradlew bootRun

Docker for demo

If the Docker environment is configured, You can easily run applications with docker-compose.

# Start both RP Server and FIDO2 Server
docker-compose up

After running the applications, you can open the test page at the link below.

http://localhost:8080/

Local DB

FIDO2 Server running on local environments uses h2 as an embedded DB. This needs to be replaced with commercial standalone DB for other environments such as staging, beta or real.

In the case of the local environment, you can use the h2 console. Add the following path /h2-console to the fido server URL to access the h2 web console.

e.g., http://localhost:8081/h2-console

If the below error occurs while logging in to h2-console,

No suitable driver found for 08001/0

try to remove or comment out logbook-spring-boot-starter from build.gradle.

implementation('org.zalando:logbook-spring-boot-starter:1.8.1')

Lombok

This project utilizes Lombok to reduce implementing getter/setter/constructors. You need the Lombok plugin to build with IntelliJ and Eclipse. See the following web pages to get information.

https://projectlombok.org/

Issues

  • If data.sql doesn't work well in an IntelliJ environment, try commenting on this part in build.gradle.
jar {
  processResources {
    exclude("**/*.sql")
  }
}
  • If Fido2StarterDemoApplication doesn't work well, try commenting on this part in build.gradle.
task dockerBuild() {
  jar.enabled = false
  dependsOn(bootJar)
}

API Guides

After running the applications, you can view API guide documents at the link below.

Spring REST Docs

Swagger UI

References

LINE Engineering Blogs

LINE DevDay Videos

Internal

External

line-fido2-server's People

Contributors

ericlai616 avatar gmulhearn avatar kj84park avatar seachicken avatar syleeeee avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hoangtuanictvn arasia qqq-tech gwonsoolee r-kagaya marie673 yoshihiro4218 scribble-project return2ne samsu nov gtenham kieun terragona jakerorg prosperitypartnerscompany vicevil4 yitakura731 ric-sapasap simple zengxingbin enhakkore seachicken diablejdy webstorage119 justinwangjp youngiyong darguelles ediboko1980 gsprdev brianjang bellmit sarmiley ericlai616 harrycjy1 nakasho-dev mohannaidu friedrta seung-hwan285 runnz121 reyes-park avpdiver sky9743 kihwankim dev-lemontree kj84park silver-deer wlsdn93 badewolf ilyoungkim smoker21 asurabalbalta areiter parkjeonghee devosonder seungyeonpark letusfly85 pinzolo rperng adropofliquid mitonize hobakc cinari4 aashay-chapatwala buraki hyuncho1 losmos sat0tabe ekowessu robertchoi liangxiao0315 saritha18 gbprojectbr 0x0i0r0i kbitc zzkoro techxbase navigator117 akagitsunetw 8ubkgz insoobae isaacoo pudepang

line-fido2-server's Issues

Getting error while running spring boot demo

I am getting class not found error while running spring boot demo, can someone guide me what I am doing wrong here? I am able to run rpserver and server modules fine.

Used below command:
cd spring-boot-starter/line-fido2-spring-boot-demo
./gradlew bootRun

Below is the error:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'challengeController': Resoluti
on of declared constructors on bean Class [com.linecorp.line.auth.fido.fido2.springboot.controller.ChallengeController
] from ClassLoader [org.springframework.boot.devtools.restart.classloader.RestartClassLoader@10c25cdb] failed; nested
exception is java.lang.NoClassDefFoundError: com/linecorp/line/auth/fido/fido2/server/service/ChallengeService

docker-compose up - error

Hello. When I use docker, I got error below.
I use window 10 and docker.

D:\line-fido2-server>docker-compose up
[+] Running 0/3

  • fido2 Warning 4.3s
  • build Warning 3.1s
  • rp Warning 4.4s
    [+] Building 4.1s (14/20)
    ...
    ...

[rp:latest] FROM docker.io/library/build-image:latest:

failed to solve: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

D:\line-fido2-server>

Improve message validation check

When a message is entered into the controller,
The controller calls the following logic to verify the message.

ReqMsgVerifier.validateRegOptionRequest(regOptionRequest);

We expect this logic to be improved with Spring Boot Bean Validation.

fido2-server is not accept because Error creating bean with name 'embeddedRedisServerConfig': Invocation of init method failed; nested exception is java.lang.RuntimeException: Can't start redis server.

Thank you for the great project.
I would like to set up a fido2-server with M1 Macbook and Docker.
I have followed the following steps to compose Docker but fido2-server does not start up because it seems not to start redis.
I can access rp-server(:8080),but I can't access fido2-server(:8081).
Is there anything I should set up?

$ docker build -t build-image .   
$ docker compose build
$ docker compose up
...
fido2-server  | Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
fido2-server  | 2023-06-19 14:59:13.785 ERROR 1 --- [           main] o.s.boot.SpringApplication               : Application run failed
fido2-server  | 
fido2-server  | org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'embeddedRedisServerConfig': Invocation of init method failed; nested exception is java.lang.RuntimeException: Can't start redis server. Check logs for details.
fido2-server  | 	at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:160) ~[spring-beans-5.3.4.jar!/:5.3.4]
fido2-server  | 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:422) ~[spring-beans-5.3.4.jar!/:5.3.4]

Environment

Apple M1
Ventura 13.4
docker desktop 4.20.1

Unsupported class file major version 62

Do the Gradle files need updating or is there a specific version of JDK/JRE desired?

C:\Gradle\line-fido2-server\rpserver>gradlew bootRun

FAILURE: Build failed with an exception.

  • Where:
    Settings file 'C:\Gradle\line-fido2-server\settings.gradle'

  • What went wrong:
    Could not compile settings file 'C:\Gradle\line-fido2-server\settings.gradle'.

startup failed:
General error during semantic analysis: Unsupported class file major version 62

java.lang.IllegalArgumentException: Unsupported class file major version 62
at groovyjarjarasm.asm.ClassReader.(ClassReader.java:196)
at groovyjarjarasm.asm.ClassReader.(ClassReader.java:177)
at groovyjarjarasm.asm.ClassReader.(ClassReader.java:163)
at groovyjarjarasm.asm.ClassReader.(ClassReader.java:284)
at org.codehaus.groovy.ast.decompiled.AsmDecompiler.parseClass(AsmDecompiler.java:81)
at org.codehaus.groovy.control.ClassNodeResolver.findDecompiled(ClassNodeResolver.java:251)
at org.codehaus.groovy.control.ClassNodeResolver.tryAsLoaderClassOrScript(ClassNodeResolver.java:189)
at org.codehaus.groovy.control.ClassNodeResolver.findClassNode(ClassNodeResolver.java:169)
at org.codehaus.groovy.control.ClassNodeResolver.resolveName(ClassNodeResolver.java:125)
at org.codehaus.groovy.ast.decompiled.AsmReferenceResolver.resolveClassNullable(AsmReferenceResolver.java:57)
at org.codehaus.groovy.ast.decompiled.AsmReferenceResolver.resolveClass(AsmReferenceResolver.java:44)
at org.codehaus.groovy.ast.decompiled.AsmReferenceResolver.resolveNonArrayType(AsmReferenceResolver.java:79)
at org.codehaus.groovy.ast.decompiled.AsmReferenceResolver.resolveType(AsmReferenceResolver.java:70)
at org.codehaus.groovy.ast.decompiled.MemberSignatureParser.createMethodNode(MemberSignatureParser.java:57)
at org.codehaus.groovy.ast.decompiled.DecompiledClassNode$2.get(DecompiledClassNode.java:234)
at org.codehaus.groovy.ast.decompiled.DecompiledClassNode$2.get(DecompiledClassNode.java:231)
at org.codehaus.groovy.ast.decompiled.DecompiledClassNode.createMethodNode(DecompiledClassNode.java:242)
at org.codehaus.groovy.ast.decompiled.DecompiledClassNode.lazyInitMembers(DecompiledClassNode.java:199)
at org.codehaus.groovy.ast.decompiled.DecompiledClassNode.getDeclaredMethods(DecompiledClassNode.java:122)
at org.codehaus.groovy.ast.ClassNode.getMethods(ClassNode.java:912)
at org.codehaus.groovy.ast.ClassNode.tryFindPossibleMethod(ClassNode.java:1280)
at org.codehaus.groovy.control.StaticImportVisitor.transformMethodCallExpression(StaticImportVisitor.java:252)
at org.codehaus.groovy.control.StaticImportVisitor.transform(StaticImportVisitor.java:113)
at org.codehaus.groovy.ast.ClassCodeExpressionTransformer.visitExpressionStatement(ClassCodeExpressionTransformer.java:142)
at org.codehaus.groovy.ast.stmt.ExpressionStatement.visit(ExpressionStatement.java:40)
at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitClassCodeContainer(ClassCodeVisitorSupport.java:110)
at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitConstructorOrMethod(ClassCodeVisitorSupport.java:121)
at org.codehaus.groovy.ast.ClassCodeExpressionTransformer.visitConstructorOrMethod(ClassCodeExpressionTransformer.java:53)
at org.codehaus.groovy.control.StaticImportVisitor.visitConstructorOrMethod(StaticImportVisitor.java:89)
at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitConstructor(ClassCodeVisitorSupport.java:128)
at org.codehaus.groovy.ast.ClassNode.visitContents(ClassNode.java:1099)
at org.codehaus.groovy.ast.ClassCodeVisitorSupport.visitClass(ClassCodeVisitorSupport.java:54)
at org.codehaus.groovy.control.StaticImportVisitor.visitClass(StaticImportVisitor.java:83)
at org.codehaus.groovy.control.CompilationUnit$14.call(CompilationUnit.java:708)
at org.codehaus.groovy.control.CompilationUnit.applyToPrimaryClassNodes(CompilationUnit.java:1084)
at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:640)
at org.codehaus.groovy.control.CompilationUnit.processPhaseOperations(CompilationUnit.java:618)
at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:595)
at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:401)
at groovy.lang.GroovyClassLoader.access$300(GroovyClassLoader.java:89)
at groovy.lang.GroovyClassLoader$5.provide(GroovyClassLoader.java:341)
at groovy.lang.GroovyClassLoader$5.provide(GroovyClassLoader.java:338)
at org.codehaus.groovy.runtime.memoize.ConcurrentCommonCache.getAndPut(ConcurrentCommonCache.java:147)
at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:336)
at org.gradle.groovy.scripts.internal.DefaultScriptCompilationHandler.compileScript(DefaultScriptCompilationHandler.java:139)
at org.gradle.groovy.scripts.internal.DefaultScriptCompilationHandler.compileToDir(DefaultScriptCompilationHandler.java:95)
at org.gradle.groovy.scripts.internal.BuildOperationBackedScriptCompilationHandler$2.run(BuildOperationBackedScriptCompilationHandler.java:54)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:56)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$run$1(DefaultBuildOperationExecutor.java:71)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.runWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:45)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:71)
at org.gradle.groovy.scripts.internal.BuildOperationBackedScriptCompilationHandler.compileToDir(BuildOperationBackedScriptCompilationHandler.java:51)
at org.gradle.groovy.scripts.internal.FileCacheBackedScriptClassCompiler$CompileToCrossBuildCacheAction.execute(FileCacheBackedScriptClassCompiler.java:190)
at org.gradle.groovy.scripts.internal.FileCacheBackedScriptClassCompiler$CompileToCrossBuildCacheAction.execute(FileCacheBackedScriptClassCompiler.java:170)
at org.gradle.groovy.scripts.internal.FileCacheBackedScriptClassCompiler$ProgressReportingInitializer.execute(FileCacheBackedScriptClassCompiler.java:211)
at org.gradle.groovy.scripts.internal.FileCacheBackedScriptClassCompiler$ProgressReportingInitializer.execute(FileCacheBackedScriptClassCompiler.java:194)
at org.gradle.cache.internal.DefaultPersistentDirectoryCache$Initializer.initialize(DefaultPersistentDirectoryCache.java:100)
at org.gradle.cache.internal.FixedSharedModeCrossProcessCacheAccess$1.run(FixedSharedModeCrossProcessCacheAccess.java:86)
at org.gradle.cache.internal.DefaultFileLockManager$DefaultFileLock.doWriteAction(DefaultFileLockManager.java:215)
at org.gradle.cache.internal.DefaultFileLockManager$DefaultFileLock.writeFile(DefaultFileLockManager.java:205)
at org.gradle.cache.internal.FixedSharedModeCrossProcessCacheAccess.open(FixedSharedModeCrossProcessCacheAccess.java:83)
at org.gradle.cache.internal.DefaultCacheAccess.open(DefaultCacheAccess.java:139)
at org.gradle.cache.internal.DefaultPersistentDirectoryStore.open(DefaultPersistentDirectoryStore.java:89)
at org.gradle.cache.internal.DefaultPersistentDirectoryStore.open(DefaultPersistentDirectoryStore.java:43)
at org.gradle.cache.internal.DefaultCacheFactory.doOpen(DefaultCacheFactory.java:103)
at org.gradle.cache.internal.DefaultCacheFactory.open(DefaultCacheFactory.java:68)
at org.gradle.cache.internal.DefaultCacheRepository$PersistentCacheBuilder.open(DefaultCacheRepository.java:126)
at org.gradle.groovy.scripts.internal.FileCacheBackedScriptClassCompiler.compile(FileCacheBackedScriptClassCompiler.java:116)
at org.gradle.groovy.scripts.internal.CrossBuildInMemoryCachingScriptClassCache.getOrCompile(CrossBuildInMemoryCachingScriptClassCache.java:50)
at org.gradle.groovy.scripts.internal.BuildScopeInMemoryCachingScriptClassCompiler.compile(BuildScopeInMemoryCachingScriptClassCompiler.java:50)
at org.gradle.groovy.scripts.DefaultScriptCompilerFactory$ScriptCompilerImpl.compile(DefaultScriptCompilerFactory.java:49)
at org.gradle.configuration.DefaultScriptPluginFactory$ScriptPluginImpl.apply(DefaultScriptPluginFactory.java:125)
at org.gradle.configuration.BuildOperationScriptPlugin$1.run(BuildOperationScriptPlugin.java:65)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:56)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$run$1(DefaultBuildOperationExecutor.java:71)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.runWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:45)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:71)
at org.gradle.configuration.BuildOperationScriptPlugin.lambda$apply$0(BuildOperationScriptPlugin.java:62)
at org.gradle.configuration.internal.DefaultUserCodeApplicationContext.apply(DefaultUserCodeApplicationContext.java:43)
at org.gradle.configuration.BuildOperationScriptPlugin.apply(BuildOperationScriptPlugin.java:62)
at org.gradle.initialization.ScriptEvaluatingSettingsProcessor.applySettingsScript(ScriptEvaluatingSettingsProcessor.java:74)
at org.gradle.initialization.ScriptEvaluatingSettingsProcessor.process(ScriptEvaluatingSettingsProcessor.java:67)
at org.gradle.initialization.SettingsEvaluatedCallbackFiringSettingsProcessor.process(SettingsEvaluatedCallbackFiringSettingsProcessor.java:34)
at org.gradle.initialization.RootBuildCacheControllerSettingsProcessor.process(RootBuildCacheControllerSettingsProcessor.java:47)
at org.gradle.initialization.BuildOperationSettingsProcessor$2.call(BuildOperationSettingsProcessor.java:50)
at org.gradle.initialization.BuildOperationSettingsProcessor$2.call(BuildOperationSettingsProcessor.java:47)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
at org.gradle.initialization.BuildOperationSettingsProcessor.process(BuildOperationSettingsProcessor.java:47)
at org.gradle.initialization.DefaultSettingsLoader.findSettingsAndLoadIfAppropriate(DefaultSettingsLoader.java:127)
at org.gradle.initialization.DefaultSettingsLoader.findAndLoadSettings(DefaultSettingsLoader.java:65)
at org.gradle.initialization.SettingsAttachingSettingsLoader.findAndLoadSettings(SettingsAttachingSettingsLoader.java:35)
at org.gradle.internal.composite.CommandLineIncludedBuildSettingsLoader.findAndLoadSettings(CommandLineIncludedBuildSettingsLoader.java:34)
at org.gradle.internal.composite.ChildBuildRegisteringSettingsLoader.findAndLoadSettings(ChildBuildRegisteringSettingsLoader.java:53)
at org.gradle.internal.composite.CompositeBuildSettingsLoader.findAndLoadSettings(CompositeBuildSettingsLoader.java:35)
at org.gradle.initialization.DefaultSettingsPreparer.prepareSettings(DefaultSettingsPreparer.java:36)
at org.gradle.initialization.BuildOperationFiringSettingsPreparer$LoadBuild.doLoadBuild(BuildOperationFiringSettingsPreparer.java:62)
at org.gradle.initialization.BuildOperationFiringSettingsPreparer$LoadBuild.run(BuildOperationFiringSettingsPreparer.java:57)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:29)
at org.gradle.internal.operations.DefaultBuildOperationRunner$1.execute(DefaultBuildOperationRunner.java:26)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.run(DefaultBuildOperationRunner.java:56)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$run$1(DefaultBuildOperationExecutor.java:71)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.runWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:45)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:71)
at org.gradle.initialization.BuildOperationFiringSettingsPreparer.prepareSettings(BuildOperationFiringSettingsPreparer.java:45)
at org.gradle.initialization.DefaultGradleLauncher.prepareSettings(DefaultGradleLauncher.java:218)
at org.gradle.initialization.DefaultGradleLauncher.doClassicBuildStages(DefaultGradleLauncher.java:159)
at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:148)
at org.gradle.initialization.DefaultGradleLauncher.executeTasks(DefaultGradleLauncher.java:124)
at org.gradle.internal.invocation.GradleBuildController$1.create(GradleBuildController.java:72)
at org.gradle.internal.invocation.GradleBuildController$1.create(GradleBuildController.java:67)
at org.gradle.internal.work.DefaultWorkerLeaseService.withLocks(DefaultWorkerLeaseService.java:213)
at org.gradle.internal.invocation.GradleBuildController.doBuild(GradleBuildController.java:67)
at org.gradle.internal.invocation.GradleBuildController.run(GradleBuildController.java:56)
at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:31)
at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)
at org.gradle.launcher.exec.BuildOutcomeReportingBuildActionRunner.run(BuildOutcomeReportingBuildActionRunner.java:63)
at org.gradle.tooling.internal.provider.ValidatingBuildActionRunner.run(ValidatingBuildActionRunner.java:32)
at org.gradle.tooling.internal.provider.FileSystemWatchingBuildActionRunner.run(FileSystemWatchingBuildActionRunner.java:77)
at org.gradle.launcher.exec.BuildCompletionNotifyingBuildActionRunner.run(BuildCompletionNotifyingBuildActionRunner.java:41)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner$3.call(RunAsBuildOperationBuildActionRunner.java:49)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner$3.call(RunAsBuildOperationBuildActionRunner.java:44)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:200)
at org.gradle.internal.operations.DefaultBuildOperationRunner$CallableBuildOperationWorker.execute(DefaultBuildOperationRunner.java:195)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:75)
at org.gradle.internal.operations.DefaultBuildOperationRunner$3.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:153)
at org.gradle.internal.operations.DefaultBuildOperationRunner.execute(DefaultBuildOperationRunner.java:68)
at org.gradle.internal.operations.DefaultBuildOperationRunner.call(DefaultBuildOperationRunner.java:62)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.lambda$call$2(DefaultBuildOperationExecutor.java:76)
at org.gradle.internal.operations.UnmanagedBuildOperationWrapper.callWithUnmanagedSupport(UnmanagedBuildOperationWrapper.java:54)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:76)
at org.gradle.launcher.exec.RunAsBuildOperationBuildActionRunner.run(RunAsBuildOperationBuildActionRunner.java:44)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.lambda$execute$0(InProcessBuildActionExecuter.java:54)
at org.gradle.composite.internal.DefaultRootBuildState.run(DefaultRootBuildState.java:86)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:53)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:29)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.lambda$execute$0(BuildTreeScopeLifecycleBuildActionExecuter.java:33)
at org.gradle.internal.buildtree.BuildTreeState.run(BuildTreeState.java:49)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.execute(BuildTreeScopeLifecycleBuildActionExecuter.java:32)
at org.gradle.launcher.exec.BuildTreeScopeLifecycleBuildActionExecuter.execute(BuildTreeScopeLifecycleBuildActionExecuter.java:27)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:104)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:55)
at org.gradle.tooling.internal.provider.SubscribableBuildActionExecuter.execute(SubscribableBuildActionExecuter.java:64)
at org.gradle.tooling.internal.provider.SubscribableBuildActionExecuter.execute(SubscribableBuildActionExecuter.java:37)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.lambda$execute$0(SessionScopeLifecycleBuildActionExecuter.java:54)
at org.gradle.internal.session.BuildSessionState.run(BuildSessionState.java:67)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.execute(SessionScopeLifecycleBuildActionExecuter.java:50)
at org.gradle.tooling.internal.provider.SessionScopeLifecycleBuildActionExecuter.execute(SessionScopeLifecycleBuildActionExecuter.java:36)
at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:36)
at org.gradle.tooling.internal.provider.GradleThreadBuildActionExecuter.execute(GradleThreadBuildActionExecuter.java:25)
at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:59)
at org.gradle.tooling.internal.provider.StartParamsValidatingActionExecuter.execute(StartParamsValidatingActionExecuter.java:31)
at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:55)
at org.gradle.tooling.internal.provider.SessionFailureReportingActionExecuter.execute(SessionFailureReportingActionExecuter.java:41)
at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:47)
at org.gradle.tooling.internal.provider.SetupLoggingActionExecuter.execute(SetupLoggingActionExecuter.java:31)
at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:65)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:39)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:29)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:35)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.create(ForwardClientInput.java:78)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.create(ForwardClientInput.java:75)
at org.gradle.util.Swapper.swap(Swapper.java:38)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:75)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:63)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:84)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:37)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:104)
at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:52)
at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:297)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
at java.base/java.lang.Thread.run(Thread.java:833)

1 error

  • Try:
    Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

  • Get more help at https://help.gradle.org

BUILD FAILED in 945ms

Error: ReferenceError: PublicKeyCredential is not defined

When accessing the test website at "localhost:8080", all functions work normally.

However, when accessing the test website at 10.0.0.xxx:8080 (my IP address, with the same browser), an error occurs when making Registration challenge:

Error: ReferenceError: PublicKeyCredential is not defined

I attempted to add some configurations to the RPServer and Server's application.yml & application-local.yml files:

spring:
cors:
allowed-origins:
- http://localhost:8080/ #8080 for RPServer, 8081 for Server
- http://10.0.0.xxx:8080/ #8080 for RPServer, 8081 for Server
server:
address: 0.0.0.0

Despite the RPServer and Server being built successfully, but the issue persisted and could not be resolved.

Error: ReferenceError: PublicKeyCredential is not defined

RP ID not found. InternalErrorCode:46

The error message I received was as follows:

Error: {"serverResponse":{"description":"RP ID not found: localhost","internalError":"RPID_NOT_FOUND","internalErrorCode":46,"internalErrorCodeDescription":null},"aaguid":null}

I encountered this error when attempting to perform a certain action within the project. From the error message, it seems that the RP ID "localhost" could not be found. I have checked my configuration settings and everything seems to be in order.

Best regards.

image

Aaguid obtained doesn't match with the Aaguid registered

Some of the Aaguid doesn't come correctly. For eg: Mac Touch using Safari gives the Aaguid as "00000000-0000-0000-0000-000000000000" whereas with Chrome comes as "adce0002-35bc-c60a-648b-0b25f1f05503"

Same issues with YubiKey

Attestation certificate verification for YUBICO - FIDO U2F (Legacy U2F authenticator)

Hi. Team -

I'm looking into the line-fido2-server project (link: line-fido2-server), and have some queries related to the verification of attestation certificates.

In the AttestationServiceImpl class, there's a method called verifyAttestationCertificate() that includes a step to fetch attestation root certificates from a database table called METADATA_YUBICO. However, it seems that this table is always empty, and I couldn't find any implementation in line-fido2-server to populate the METADATA_YUBICO table with the necessary metadata.

In particular, the issue arises when the attestation format is "fido-u2f" and the x509 certificate contains the issuer DN name "yubico". The method verifyAttestationCertificate() calls getLatestMetadata() in MetadataYubicoServiceImpl, but since the METADATA_YUBICO table is empty, no attestation root certificates are retrieved. Consequently, the verifyAttestationCertificate() method throws a METADATA_NOT_FOUND exception, as it cannot find the required metadata.

Should the METADATA_YUBICO table be manually populated with the relevant attestation root certificates for "yubico"?

Any assistance or insight would be greatly appreciated. Thank you!

EdDSA authentication not functioning due to UserKeyServiceImpl convert function

the convert function in UserKeyServiceImpl does not handle the EdDSA case. It only handles RSA and ECDSA, this can be seen below:

try {
            if (algorithm.isRSAAlgorithm()) {
                keyFactory = KeyFactory.getInstance("RSA");
            } else {
                keyFactory = KeyFactory.getInstance("ECDSA");
            }
            publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw FIDO2ServerRuntimeException.makeCryptoError(e);
}

Because of this, when the x509 encoded EdDSA algo key spec is input into the keyFactor.generatePublic method, an InvalidKeySpecException is thrown because the keyFactory assumed it was a ECDSA instance. This means that, from what I've seen, all EdDSA algo keys are unable to authenticate...

I have asserted this is an issue with the RP and not the authenticator, because I tested if this error is thrown on an official YubiKey authenticator. To do that, I injected some javascript into my browser such that the pubKeyCredParams passed into navigator.credentials.create(..) only included the -8 algorithm (i.e. force the YubiKey to use EdDSA). This results in a successful registration with the server using -8, however on authentication the InvalidKeySpecException is thrown.

I believe the fix to this is just to handle the isEDDSAAlgorithm() case with a KeyFactory instance of "EdDSA". My MR shows this fix and I have confirmed it to work on a custom authenticator running locally where it previously did not.
Fix:

try {
            if (algorithm.isRSAAlgorithm()) {
                keyFactory = KeyFactory.getInstance("RSA");
            } else if (algorithm.isEdDSAAlgorithm()) {
                keyFactory = KeyFactory.getInstance("EdDSA");
            } else {
                keyFactory = KeyFactory.getInstance("ECDSA");
            }
            publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw FIDO2ServerRuntimeException.makeCryptoError(e);
}

Inappropriate logging level affects performance on high traffic

It appears that current logs in the FIDO server are mainly for debugging purpose, but they are logged in info level.

As a result, even if info level is configured in logback, they are always logged. When traffic rate is high, the server becomes busy for logging.

On the other hand, some logs passes parameters with manual string construction instead of {} placeholder, so the impact is even larger. (See https://www.slf4j.org/faq.html#logging_performance for details)

Add aaguid as a member of Assertion responses to distinguish authenticator

During authentication, when the RP receives an assertion result from the FIDO server, it may need to know from which Authenticator it came.

To do that, when authentication is successful, RP should get aaguid from VerifyCredentialResult.

and when it's ASSERTION_SIGNATURE_VERIFICATION_FAIL fail, the result should also have aaguid.

TPM attestation parser does not correctly handle ECC keys in pubArea

When parsing the unique field from pubArea during an attestation verification, unique is a TPM2B_PUBLIC_KEY_RSA only if the TPMI_ALG_PUBLIC is TPM_ALG_RSA. If TPMI_ALG_PUBLIC is TPM_ALG_ECC, unique is a TPMS_ECC_POINT. See TPM Rev 2.0 part 2, structures, section 12.2.3.2.

Relevant code is at

line-fido2-server/server/src/main/java/com/linecorp/line/auth/fido/fido2/server/attestation/tpm/TpmParser.java

Line 152 in 7ad6e86

// read unique (key value)
.

Set User Handle to a salted hash or random

The current User Handle (a.k.a user ID) is a hash of the user name.

line-fido2-server/rpserver/src/main/java/com/linecorp/line/auth/fido/fido2/rpserver/controller/CredentialController.java

Line 147 in 22d5aa9

byte[] digest = Digests.sha256(username.getBytes(StandardCharsets.UTF_8));

The documentation appears to recommend it with salted hash or random, so should we change that?

This includes hash values of personally identifying information, unless the hash function is salted with salt values private to the Relying Party, since hashing does not prevent probing for guessable input values. It is RECOMMENDED to let the user handle be 64 random bytes, and store this value in the user’s account.

https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-user-handle-privacy

"docker-compose up" broken?

Hi there,
I cloned your repo successfully and tried to run it using "docker-compose up", but I get the following error: "failed to solve: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed". I am logged in hub.docker.com, but to no avail.

Full error message:


[+] Running 0/3
 ⠿ build Warning                                                                                                                                            2.2s
 ⠿ rp Warning                                                                                                                                               2.2s
 ⠿ fido2 Warning                                                                                                                                            2.2s
[+] Building 5.8s (13/20)                                                                                                                                        
 => [rp:latest internal] load build definition from Dockerfile                                                                                              0.0s
 => => transferring dockerfile: 248B                                                                                                                        0.0s
 => [fido2:latest internal] load build definition from Dockerfile                                                                                           0.0s
 => => transferring dockerfile: 32B                                                                                                                         0.0s
 => [build-image:latest internal] load build definition from Dockerfile                                                                                     0.0s
 => => transferring dockerfile: 158B                                                                                                                        0.0s
 => [rp:latest internal] load .dockerignore                                                                                                                 0.0s
 => => transferring context: 2B                                                                                                                             0.0s
 => [fido2:latest internal] load .dockerignore                                                                                                              0.0s
 => => transferring context: 2B                                                                                                                             0.0s
 => [build-image:latest internal] load .dockerignore                                                                                                        0.0s
 => => transferring context: 2B                                                                                                                             0.0s
 => [rp:latest internal] load metadata for docker.io/library/openjdk:8-jdk-alpine                                                                           3.3s
 => [fido2:latest internal] load metadata for docker.io/library/openjdk:8-jdk-slim                                                                          3.1s
 => [auth] library/openjdk:pull token for registry-1.docker.io                                                                                              0.0s
 => ERROR [fido2:latest] FROM docker.io/library/build-image:latest                                                                                          2.3s
 => => resolve docker.io/library/build-image:latest                                                                                                         2.2s
 => CANCELED [fido2:latest stage-0 1/2] FROM docker.io/library/openjdk:8-jdk-slim@sha256:19578a1e13b7a1e4cab9b227fb7b5d80e14665cf4024c6407d72ba89842a97ed   2.2s
 => => resolve docker.io/library/openjdk:8-jdk-slim@sha256:19578a1e13b7a1e4cab9b227fb7b5d80e14665cf4024c6407d72ba89842a97ed                                 0.0s
 => => sha256:19578a1e13b7a1e4cab9b227fb7b5d80e14665cf4024c6407d72ba89842a97ed 549B / 549B                                                                  0.0s
 => => sha256:ecb89bb055c1ee4db9da38713b953f6daafefe575c77c6439eabbb85e3168402 1.16kB / 1.16kB                                                              0.0s
 => => sha256:80e75f92be33ca2bd4b933633dafc72aa82a34792f9b769063a474e97e163b8b 7.51kB / 7.51kB                                                              0.0s
 => => sha256:1efc276f4ff952c055dea726cfc96ec6a4fdb8b62d9eed816bd2b788f2860ad7 23.07MB / 31.37MB                                                            2.3s
 => => sha256:a2f2f93da48276873890ac821b3c991d53a7e864791aaf82c39b7863c908b93b 1.58MB / 1.58MB                                                              0.4s
 => => sha256:1a2de4cc94315f2ba5015e6781672aa8e0b1456a4d488694bb5f016d8f59fa70 210B / 210B                                                                  0.4s
 => => sha256:9013b84ebbe7aec8b587e257266770d2ac6ec3fce4c27415e74fbaf5928b4549 7.34MB / 106.19MB                                                            2.3s
 => CANCELED [build-image:latest stage-0 1/2] FROM docker.io/library/openjdk:8-jdk-alpine@sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f22833  2.4s
 => => resolve docker.io/library/openjdk:8-jdk-alpine@sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3                               0.0s
 => => sha256:a3562aa0b991a80cfe8172847c8be6dbf6e46340b759c2b782f8b8be45342717 3.40kB / 3.40kB                                                              0.0s
 => => sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3 1.64kB / 1.64kB                                                              0.0s
 => => sha256:44b3cea369c947527e266275cee85c71a81f20fc5076f6ebb5a13f19015dce71 947B / 947B                                                                  0.0s
 => => sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10 2.76MB / 2.76MB                                                              1.0s
 => => extracting sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10                                                                   0.9s
 => => sha256:f910a506b6cb1dbec766725d70356f695ae2bf2bea6224dbe8c7c6ad4f3664a2 238B / 238B                                                                  1.4s
 => => sha256:c2274a1a0e2786ee9101b08f76111f9ab8019e368dce1e325d3c284a0ca33397 3.42MB / 70.73MB                                                             2.4s
 => => extracting sha256:f910a506b6cb1dbec766725d70356f695ae2bf2bea6224dbe8c7c6ad4f3664a2                                                                   0.0s
 => [build-image:latest internal] load build context                                                                                                        2.1s
 => => transferring context: 31.77MB                                                                                                                        2.1s
 => [auth] library/build-image:pull token for registry-1.docker.io                                                                                          0.0s
------
 > [fido2:latest] FROM docker.io/library/build-image:latest:
------
failed to solve: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed```

AuthenticatorTransport option "hybrid" is missing

I tried to test it as below

image

I used my mobile device(Galaxy21) as a authenticator

and I found out following error in rpserver log.

Could not resolve parameter [1] in public com.linecorp.line.auth.fido.fido2.rpserver.model.transport.AdapterServerResponse com.linecorp.line.auth.fido.fido2.rpserver.controller.AdapterController.sendRegistrationResponse(java.lang.String,com.linecorp.line.auth.fido.fido2.rpserver.model.AdapterRegServerPublicKeyCredential,javax.servlet.http.HttpServletRequest): JSON parse error: Cannot construct instance of `com.linecorp.line.auth.fido.fido2.common.AuthenticatorTransport`, problem: No value present; nested exception is com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance of `com.linecorp.line.auth.fido.fido2.common.AuthenticatorTransport`, problem: No value present

the problem was the missing option "hybrid".

after I added it, everything was fine.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.