Git Product home page Git Product logo

webauthn-rs's Introduction

WebAuthn

WARNING: This crate is experimental and not ready for production use; it does not currently implement any of the necessary crypto and does not provide any authentication guarantees.

The webauthn crate provides Rocket handlers to implement a Relying Party supporting passwordless or two-factor authentication using security keys according to the Web Authentication specification.

webauthn-rs's People

Contributors

tiziano88 avatar senden9 avatar

Stargazers

Base avatar Deirdre Connolly avatar Cab Morris avatar Igor Bernstein avatar

Watchers

avatar Deirdre Connolly avatar James Cloos avatar avatar

Forkers

senden9

webauthn-rs's Issues

[security]: please remove this crate from crates.io until crypto is implemented

Hi there,

I noticed this crate while I was trying to implement my own rust webauthn server for actix. I was following your code, and I have noticed that you don't seem to implement any of the cryptographic operations required for webauthn.

I could be missing something, but if this is the case, I think it's a security risk to publish this to crates.io until you have verification of the security robustness and correctness of this crate. Can I please ask you yank the crate from crates.io until you have implemented the correct cryptographic handling of webauthn keys?

Thanks,

https://crates.io/crates/webauthn

State of this crate

Hi!

What is the state of this crate? Is it useable? Asking because I possible want to start an small (toy) project that could use webauthn.

Code pieces like

webauthn-rs/src/lib.rs

Lines 67 to 72 in 518d63a

if client_data.challenge != "xx" {
//return false;
}
if client_data.origin != "ll" {
//return false;
}

let me think about the completeness of this crate.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.