Easily implement WebAuthn in your ruby web server

• WebAuthn article with Google IO 2018 talk
• Web Authentication API draft article by Mozilla
• W3C Draft Recommendation

So far, the only browser that have web authentication support are:

• Mozilla Firefox Quantum 60+ (Enabled by default).
• Google Chrome 65+ (Disabled by default, go to chrome:https://flags to enable Web Authentication API feature). Note: it is enabled by default in 67+ as stated here.

These USB keys from Yubico were used as authenticator devices during the development of this gem. Firefox states (Firefox 60 release notes) they only support USB FIDO2 or FIDO U2F enabled devices in their current implementation (version 60). It's up to the gem's user to verify user agent compatibility if any other devise wants to be used as the authenticator component.

Add this line to your application's Gemfile:

gem 'webauthn'

And then execute:

$ bundle

Or install it yourself as:

$ gem install webauthn

credential_creation_options = WebAuthn.credential_creation_options

# Store the newly generated challenge somewhere so you can have it
# for the validation phase.
#
# You can read it from the resulting options:
credential_creation_options[:challenge]

# Send `credential_creation_options` to the browser, so that they can be used
# to call `navigator.credentials.create({ "publicKey": credentialCreationOptions })`

attestation_object = "..." # As came from the browser
client_data_json = "..." # As came from the browser

attestation_response = WebAuthn::AuthenticatorAttestationResponse.new(
  attestation_object: attestation_object,
  client_data_json: client_data_json
)

# This value needs to match `window.location.origin` evaluated by
# the User Agent as part of the validation phase.
original_origin = "https://www.example.com"

if attestation_response.valid?(original_challenge, original_origin)
  # 1. Register the new user and
  # 2. Keep Credential ID and Credential Public Key under storage
  #    for future authentications
  #    Access by invoking:
  #      `attestation_response.credential.id`
  #      `attestation_response.credential.public_key`
else
  # Handle error
end

Currently under development

Currently under development

After checking out the repo, run bin/setup to install dependencies. Then, run rake to run the tests and code-style checks. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Bug reports and pull requests are welcome on GitHub at https://github.com/cedarcode/webauthn-ruby.

The gem is available as open source under the terms of the MIT License.