刚开始玩yubikey,我的问题是基于以下假设:
我使用 django 包注册了 yubikeydjango-fido
我在使用navigator.credentials.get(publicKey)从 yubikey 获取凭证时遇到问题,我传入的 publicKey 参数如下:
{challenge: Uint8Array(32), rpId: 'localhost'}
它说 yubikey 没有在这个网站上注册,但我很确定我这样做了,因为如果我不使用无密码方法,通过指定 allowedCredentials,我可以找到密钥:
{challenge: Uint8Array(32), rpId: 'localhost', allowCredentials: Array(1)}
OK,钻进django-fido包views.py发现我需要指定resident_key=True在key上存储凭证
def create_fido2_request(self) -> Tuple[Dict, Dict]:
"""Create and return FIDO 2 registration request.
@raise ValueError: If request can't be created.
"""
user = self.get_user()
assert user.is_authenticated, "User must not be anonymous for FIDO 2 requests."
credentials = self.get_credentials(user)
return self.server.register_begin(self.get_user_data(user), credentials, user_verification=self.user_verification, resident_key=True)