francislavoie / Safari-FIDO-U2F

FIDO U2F support is possible in Safari, finally!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Safari FIDO U2F

FIDO U2F support is possible in Safari, finally!

Quick Start

  • Download release
  • Open it
  • Enable the Safari FIDO U2F Extension in Safari Preferences

This extension requires macOS 10.12 and later or macOS 10.11.5 when Safari 10 is installed.

How?

This extension uses the new Safari App Extensions API introduced in Safari 10, which allows Safari extension to communicate with native app.

The native part uses libu2f-host as the backend.

Only the high-level JavaScript API is implemented for now: register and sign (see FIDO U2F Javascript API Specification). A new object window.u2f is exported. Both the API 1.1 and API 1.0 specifications are supported.

Does it work in xxx.com?

Technically, this extension adds the full FIDO U2F Javascript API to safari.

But as stated in the specification, the interface (for now) is browser dependent, so each website is required to add support for it (by adding some code to test if browser is safari...).

Currently, most of the sites using U2F are using u2f-api.js to provide cross-browser support of U2F. This extension provides a JavaScript API that is compatible with it and will override it to seamlessly, so should support a large set of websites.

However, there are still websites that do not work properly.

The following sites working according to my latest tests (Using macOS 10.12 with Yubikey 4):

⚠️: You need to change Safari's User-Agent to chrome to make these sites work

The following websites do not work (yet):

  • Google Account (and all kinds of google sites)

Build

Just clone this project and build it with Xcode. You will need libu2f-host.a, libhidapi.a and libjson-c.a. I recommend installing them from homebrew. Note that hidapi stable version contains some bugs, HEAD version should be used.

Apple Developer ID may be needed (not tested).

Disclaimer

I am not an expert in neither swift or javascript, and definitely not an expert of cryptography, use it at your own risk. Contribution would be really appreciated.

About

FIDO U2F support is possible in Safari, finally!

License:GNU General Public License v3.0


Languages

Language:Swift 37.5%Language:JavaScript 32.7%Language:C 29.8%