Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIDO2 support over USB-C #138

Open
MichaelBuckley opened this issue Nov 2, 2023 · 5 comments
Open

FIDO2 support over USB-C #138

MichaelBuckley opened this issue Nov 2, 2023 · 5 comments

Comments

@MichaelBuckley
Copy link

Hello,

With the iPhone 15 using a USB-C port instead of a lightning port, our users can no longer authenticate using FIDO2 within our app, except when using an NFC YubiKey. However, this leaves YubiKey 5ci users unable to authenticate.

Because this is SSH authentication instead of web authentication, we cannot embed a WKWebView to provide authentication. We've tried many things in an attempt to get this to work, but ultimately, since FIDO2 isn't supported over the smart card interface, it appears to not be possible.

I suspect this would require writing a DriverKit driver for YubiKey 5ci devices. I would be happy to help in this effort, but while I have some experience writing DriverKit code, I don't know anything about the internals of the YubiKey, and I don't know where to find any documentation, if it exists.

https://developer.apple.com/documentation/driverkit
@jensutbult
Copy link
Contributor

We've investigated writing a USBDriverKit driver for the SDK. Unfortunately we've come to the conclusion that the user experience that comes along with installing the driver is pretty bad and it's not really worth the effort. With that being said if you implemented the driver and we got an api similar to the TKSmartCard one it should be a fairly small effort integrating it in the SDK.

@MichaelBuckley
Copy link
Author

@jensutbult Thank you for responding.

It makes sense that you explored this option already, and yes, I'm aware how terrible the driver install experience is. However, for our product, users are already going through a lot to set up their Yubikeys. Generating SSH keys on a computer, copying the private key file over to the phone, and importing it into our app. Even with a bad driver install experience, our customers that are upgrading to iPhone 15 are losing funcionality, and my feeling is that they're willing to jump through the driver install to get it back.

Are you aware of any YubiKey-specific documentation that would help write the driver? I've written DriverKit drivers for HIG joysticks, but that's the extent of my experience. I don't know where to start writing drivers for the YubiKey specifically.

@jensutbult
Copy link
Contributor

I think the easiest way forward is looking into how the YKFAccessoryConnection is implemented in the SDK.

@jensutbult
Copy link
Contributor

Did you make any progress @MichaelBuckley? Anything I can assist you with?

@MichaelBuckley
Copy link
Author

@jensutbult Sorry, not yet. Because of how much work it was going to take, the feature got delayed to a later release, so I've been working on other things.

But thank you for asking. I will let you know when I make progress.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelBuckley @jensutbult