npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

webauthn-simple-app

v2.0.0

Published

webauthn-simple-app

Downloads

1,113

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

apowers313apowers313

Keywords

webauthnfidofido2

Readme

Sauce Test Status

node.js: Build Status

This module makes passwordless (or second-factor) W3C's Web Authentication simple. The primary interface is the WebAuthnApp class, with the register() and login() methods for registering new devices and / or logging in via WebAuthn. The interface takes care of communicating with your WebAuthn server, validating server responses, calling the browser's WebAuthn API with the right options, and everything else.

There is much more functionality available for debugging or more granular control, but it probably isn't needed for most applications.

The module is also exported as a npm module, allowing the Msg class to be used in node.js servers for creating, validating, and converting all the communications with a browser.

For a live demo of this project, see webauthn.org.

Documentation for all classes and advanced options is available online.

Install

npm

npm install webauthn-simple-app

CDN

ES6 Module

<script src="https://cdn.jsdelivr.net/npm/webauthn-simple-app/dist/webauthn-simple-app.esm.js"></script>

Universial Module (UMD)

<script src="https://cdn.jsdelivr.net/npm/webauthn-simple-app/dist/webauthn-simple-app.umd.js"></script>

GitHub

git clone https://github.com/apowers313/webauthn-simple-app

Download .zip and .tgz downloads are available from the releases page.

Simple Example

Register:

// register a new device / account
var waApp = new WebAuthnApp()
waApp.username = "me";
waApp.register()
    .then(() => {
        alert("You are now registered!");
    })
    .catch((err) => {
        alert("Registration error: " + err.message);
    });

Log in:

// log in to a previously registered account
var waApp = new WebAuthnApp()
waApp.username = "me";
waApp.login()
    .then(() => {
        alert("You are now logged in!");
    })
    .catch((err) => {
        alert("Log in error: " + err.message);
    });

Real Example

Here is a more complete example, using jQuery to do things like get inputs from forms and respond to various events that are fired.

JavaScript

// override some of the default configuration options
// see the docs for a full list of configuration options
var webAuthnConfig = {
    timeout: 30000
};

// when user clicks submit in the register form, start the registration process
$("#register-form").submit(function(event) {
    event.preventDefault();
    webAuthnConfig.username = $(event.target).children("input[name=username]")[0].value
    new WebAuthnApp(webAuthnConfig).register();
});

// when user clicks submit in the login form, start the log in process
$("#login-form").submit(function(event) {
    event.preventDefault();
    webAuthnConfig.username = $(event.target).children("input[name=username]")[0].value
    new WebAuthnApp(webAuthnConfig).login();
});

// do something when registration is successful
$(document).on("webauthn-register-success", () => {
    window.location = "https://example.com/sign-in-page";
});

// do something when registration fails
$(document).on("webauthn-register-error", (err) => {
    // probably do something nice like a toast or a modal...
    alert("Registration error: " + err.message);
});

// do something when log in is successful
$(document).on("webauthn-login-success", () => {
    window.location = "https://example.com/my-profile-page";
});

// do something when log in fails
$(document).on("webauthn-login-error", (err) => {
    // probably do something nice like a toast or a modal...
    alert("Log in error: " + err.message);
});

// gently remind the user to authenticate when it's time
$(document).on("webauthn-user-presence-start", (err) => {
  // probably do something nice like a toast or a modal...
    alert("Please perform user verification on your authenticator now!");
});

HTML

<html>
    <!-- A very simple registration form -->
    <form id="register-form">
        <input type="text" id="username" name="username" placeholder="Username" autofocus="autofocus">
        <input type="submit" id="registerButton" class="btn btn-success" value="Register">
    </form>

    <!-- A very simple log in form -->
    <form id="login-form">
        <input type="text" id="username" name="username" placeholder="Username" autofocus="autofocus">
        <input type="submit" id="loginButton" class="btn btn-success" value="Login">
    </form>
</html>

Complete Example

For a complete example using jQuery and Bootstrap, refer to the code at the webauthn-yubiclone project, specifically index.html and ux-events.js.

Theory of Operation

Here's what's going on inside when you call register or login:

WebAuthnApp.register():

  • getRegisterOptions()
    • client --> CreateOptionsRequest --> server
    • client <-- CreateOptions <-- server
  • create()
    • CredentialAttestation = navigator.credentials.create(CreateOptions)
  • sendRegisterResult()
    • client --> CredentialAttestation --> server
    • client <-- ServerResponse <-- server

WebAuthnApp.login():

  • getLoginOptions()
    • client --> GetOptionsRequest --> server
    • client <-- GetOptions <-- server
  • get()
    • CredentialAssertion = navigator.credentials.get(GetOptions)
  • sendLoginResult()
    • client --> CredentialAssertion --> server
    • client <-- ServerResponse <-- server

Sponsor

Note that while I used to be Technical Director for FIDO Alliance (and I am currently the Technical Advisor for FIDO Alliance), THIS PROJECT IS NOT ENDORSED OR SPONSORED BY FIDO ALLIANCE.

Work for this project is supported by my consulting company: WebAuthn Consulting.