Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Bart de Water
    @bdewater
    https://developer.apple.com/documentation/ios_ipados_release_notes/ios_ipados_13_3_beta_2_release_notes is the changelog btw
    how did the presentation go? :)
    Braulio Martinez
    @brauliomartinezlm
    It was awesome, both in Boston yesterday and today in NY. People get really amazed and curious about it, ask good questions, come to us after the talk to know more. Truly a great experience for us. I'll send you our slides in an email for you to give us feedback if you want :). Feel free of course to take idea or use things if you got for it in Ottawa.rb

    https://developer.apple.com/documentation/ios_ipados_release_notes/ios_ipados_13_3_beta_2_release_notes is the changelog btw

    Nice, we were actually talking about that yesterday with Gonzalo :muscle: I think he saw it on Twitter yesterday

    Gonzalo Rodriguez
    @grzuy

    https://developer.apple.com/documentation/ios_ipados_release_notes/ios_ipados_13_3_beta_2_release_notes is the changelog btw

    This is awesome!

    also finished extracting the metadata client: https://github.com/bdewater/fido_metadata

    Thank you, nice work!

    haha! good luck :D

    Thank you very much! It went well. We got lot of positive feedback.
    People gets excited about WebAuthn which is cool.

    Bart de Water
    @bdewater
    I'm a bit frustrated with how conformance tool issues are handled. Either problems are ignored for months or straight closed because the issue is not understood well :/
    Bart de Water
    @bdewater
    https://github.com/bdewater/safety_net_attestation is up :)
    Gonzalo Rodriguez
    @grzuy

    I'm a bit frustrated with how conformance tool issues are handled. Either problems are ignored for months or straight closed because the issue is not understood well :/

    Bummer :-/

    https://github.com/bdewater/safety_net_attestation is up :)

    Nice! Thank you :-)

    callags
    @callags
    Hi All, I was invited to this gitter chat from Gonzalo earlier today. I was hoping to find some sort of walk-through guide or video on how to setup the Webauthn from your github page.
    Gonzalo Rodriguez
    @grzuy
    Hi @callags , welcome!
    Are you trying to add WebAuthn authentication to a Rails application?
    If so, are you trying to add it as a 2nd factor? I.e. this would be 2nd step after password authentication?
    callags
    @callags

    Yes, I would like this to work in hand with an admin account. The idea is that I would first sign in with username and password, followed by inserting a Yubikey as a multifactor sign in process.

    Now I did have this originally using devise-u2f gem, but since Microsoft only allowed Webauthn authentication through Windows 10, I've been forced to look at different solutions. I did email the guy who was running the devise-webauthn gem if he had a working version. However, he said he was caught up with other projects that he didn't know when he would get around to it. Which was what lead me to the webauthn-ruby gem since you guys had a really cool working demo.

    the admin account is built using the devise gem, incase that helps
    Gonzalo Rodriguez
    @grzuy

    Hi @callags ,

    There a bunch of WebAuthn tutorials in https://github.com/herrjemand/awesome-webauthn#resources. From that you can learn how WebAuthn works, what goes on the frontend and on the backend. Once you're ready to code the backend side, you can see https://github.com/cedarcode/webauthn-rails-demo-app to have as a reference implementation.

    Gonzalo Rodriguez
    @grzuy
    @bdewater Forgot to ask how did the WebAuthn talk in Ottawa.rb went?
    Bart de Water
    @bdewater
    it went well! thanks for asking :) after my talk (about 35 mins) we had another free form Q&A/discussion for another half hour, it was a very engaged audience. now that I'm back from travel to the Netherlands I'll submit it to Montreal.rb as well
    Gonzalo Rodriguez
    @grzuy
    Very nice!
    Braulio submitted for RailsConf yesterday. We'll see if it gets selected :-)
    Bart de Water
    @bdewater
    https://9to5mac.com/2020/02/11/fido-alliance/
    Gonzalo Rodriguez
    @grzuy

    https://9to5mac.com/2020/02/11/fido-alliance/

    Huge step forward :clap:

    Bart de Water
    @bdewater
    I'll keep my fingers crossed for you Braulio! I submitted a talk to RubyKaigi but it did not get accepted unfortunately
    Braulio Martinez
    @brauliomartinezlm
    Thank you Bart! Lets hope they accept it, but there are 443 so it will be hard as well. Sorry to hear about RubyKaigi, I'm sure you'll get another shot!
    Bart de Water
    @bdewater

    In one of the PRs for attestation I argued for being able to inject Time objects as a dependency so you could easily later re-verify attestation statements to see if authenticators are still reliable. Today I saw an article about Intel TPM flaws which illustrate why I feel it's a legit use case that ought to be supported :) https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html

    doesn't need to be part of #304 which big enough as it is I think. Trying to find some time soon to test it by resurrecting https://github.com/cedarcode/webauthn-rails-demo-app/pull/113/

    Gonzalo Rodriguez
    @grzuy
    Hi @bdewater , sounds good to me. As long as we have the default being the current time we should be good.
    Bart de Water
    @bdewater

    congrats in finalizing the MDS work Gonzalo! have you submitted the test results using the conformance tool? :)

    hope y'all are staying safe in these weird times

    Braulio Martinez
    @brauliomartinezlm
    Hi @bdewater ! We have gone full home remote for a while to stay inside, as most software companies. We're all good so far, thanks caring and for sending good vibes. I hope you and the Shopify crew are doing great and staying safe as well.
    callags
    @callags
    So I'm not sure if this was mentioned earlier as I don't check this regularly, but has there been any strides to improve the devise-webauthn gem? I'm having some trouble how to setup webauthn-ruby gem to work with my app as I do use devise gem for basic authentication (username/password)
    Gonzalo Rodriguez
    @grzuy

    congrats in finalizing the MDS work Gonzalo! have you submitted the test results using the conformance tool? :)

    hope y'all are staying safe in these weird times

    Hi @bdewater Congrats to you too! I practically recycled what your implementation and adapted it to master! :-) Haven't submitted yet

    callags
    @callags
    Good afternoon. I was wondering if there was anyone here or know anyone who I could reach out to help setup webauthn using this gem. Please let me know when you get the chance. Thank you.
    Bart de Water
    @bdewater
    if the gem readme or the demo app don't have answers, asking here would be a good start :)
    Bart de Water
    @bdewater
    https://github.com/jeremyevans/rodauth/blob/master/doc/webauthn.rdoc cool
    Gonzalo Rodriguez
    @grzuy

    https://github.com/jeremyevans/rodauth/blob/master/doc/webauthn.rdoc cool

    Nice!!

    Braulio Martinez
    @brauliomartinezlm
    Thank you so much for herrjemand/awesome-webauthn#37 @bdewater !!!
    Bart de Water
    @bdewater
    we earned the bragging rights don't you think? haha
    Braulio Martinez
    @brauliomartinezlm
    haha no doubt! It was a tremendous effort to get there :rocket:
    Bart de Water
    @bdewater
    some interesting notes on the caBLE proposal to make Android phones usable as an authenticator for laptops/desktops: https://github.com/w3c/webauthn/issues/1381#issuecomment-624808667
    Braulio Martinez
    @brauliomartinezlm

    I have been playing around for the new RelyingParty based model in the context of the PR we have open. I wrote a functional test to see the different usages we might have with the new interface and the transition we would go through as well as folks staying on the old interface (the one in the README, not an older one :smile: ).

    Showing it here to get early feedback and bc I don't have a PR open for it as I'm waiting on the SignatureVerifier removal to get in for the main topic branch.

    https://github.com/cedarcode/webauthn-ruby/blob/d4850baf4e268b54d1ab906d9ab8bc681101878e/spec/webauthn/relying_party_spec.rb

    Braulio Martinez
    @brauliomartinezlm

    some interesting notes on the caBLE proposal to make Android phones usable as an authenticator for laptops/desktops: https://github.com/w3c/webauthn/issues/1381#issuecomment-624808667

    Interesting. This would allow much more flexibility specially for desktops computers and people that want to rely on their phones instead of security keys. Hope they make progress there! Given we're usually on laptops with fingerprints and sec. keys, etc I haven't put much thought about desktop computers and how limited they probably are to use only keys... Thanks for sharing!

    Braulio Martinez
    @brauliomartinezlm
    Re the RelyingParty PR, my next step is start working on a new version of the usage documentation in the README. Hopefully will have it ready next weekend :pray:
    Bart de Water
    @bdewater
    sorry I missed this - don't come here too often 😅
    wanted to share the good news: "Added a Web Authentication platform authenticator using Face ID or Touch ID, depending on which capability is present." https://developer.apple.com/documentation/safari-release-notes/safari-14-beta-release-notes
    Josh Buker
    @athix
    Hey @grzuy
    Gonzalo Rodriguez
    @grzuy
    Hey @athix , welcome!
    Mathieu Jobin
    @mathieujobin
    Hi there, I'm just an enthusiast about webauthn and rubyonrails. so I thought of joining the conversation here.
    Braulio Martinez
    @brauliomartinezlm
    Hi @mathieujobin :wave: , welcome! Thanks for joining!
    Braulio Martinez
    @brauliomartinezlm

    Hey folks ! It's been a while!

    After almost a year in 3.0.0.alpha1 and several issues/pulls from people using multiple RPs I think it's time to finally release an oficial 3.0.0 while keep a 2-stable release to keep adding features/fixes to latest version of 2.X. I think that having a 3-dev branch for it was fine but as we add more features, if we don't have it in master, we're gonna have a hard time keeping up the development that consider the RelyingParty API in v3. Specially those that involve things in the configuration.

    We didn't get any feedback about the new API, but we know that people that created issues didn't complain about it neither.

    Anyways, open for feedback and thoughts from our small community. If I don't hear any concerns in the future week/s my plan is to proceed on releasing it.

    Thank you in advance!
    cc @bdewater