-
-
Notifications
You must be signed in to change notification settings - Fork 2
Tutorial
Martin Paljak edited this page Nov 22, 2016
·
2 revisions
hwcrypto.authenticate(nonce); // returns a Promise
- User navigates to a secure origin,
https://foobar.example.com/site/
- Application generates a page that includes an unique session identifier
- User clicks "Log me in" button
- JavaScript on the websites communicates with the browser extension, to initiate the authentication for the session identifier
- Browser extension utilizes Native Messaging (or alternatively, localhost service or mobile app), native companion application shows the user a list of possible X509 certificates (if there are many to choose from)
- User has the ability to cancel the authentication request or to chosen certificate and remember the choice
- Any local authentication procedures are made (PIN entry etc)
- Native companion application returns the signed X509 JWT ID Token to the browser extension, which binds the request (nonce) and origin (extension-verified "aud" field)
- Browser extension calls back to the website context, where the token gets posted back (resolving the Promise) to the application
- Application verifies the X509 JWT token and sets the authenticated state and identity of the session