Description:
Check on how consent approval can be done through the mobile app

Description:
Add capability for the Identity Developer to define the exact method to be used for authentication (As adaptive authentication)
Ex: Fingerprint only

Related Issues:
#20

Description:

Currently, the flow consists of

1. Check if 1 or more devices is registered
2. If more than 1 then redirect to the device selection page
3. When a device is selected it calls the sendRequest method through the servlet

It should be changed such that

1. Check if 1 or more devices is registered
2. Authentication instance is marked as incomplete and re-directed to device selection page
3. Send the selection back to the authenticator from commonauth API
4. Re-initialize auth at canHandle and call sendRequest from there

Description:
The current data payload structure doesn't support the required information that needs to be displayed for an authentication request. Update the data sent from the server-side to support the below requirement

• Connection code
• Username
• Email
• Organization
• Service Provide / Application
• SP URL
• Device accessing the SP
• Web browser used
• IP Address
• Location (approximate/optional)

Description:

The current implementation gets the list of devices using the username of the user which is used to get the User ID. While this implementation will work for the super tenant, conflicts may occur when more than 1 tenant is available as the same username may appear in multiple places.

The following changes will have to be made to fix the issue

• User ID passed as the argument from push authenticator class
• User ID passed as the argument from API

Description:
Merge the PR which adds the functionality for biometric authentication in the identity server found in the identity-apps repo.

Related Pull Request
wso2/identity-apps#973

Note
The version of the node modules for babel should be updated to v7.9.0 in the package.json file

Description:
Attempting to register an already registered device throws a SQL exception on the server side and returns an error 500 to the mobile app. The device can be registered with only 1 user that is in the same database.

The issue is caused by the PushID being considered as a unique value.

The response should be handled on the mobile app SDK and the QR code that should be scanned in order to register should be replaced with a message acknowledging the request was received and that it was for an already registered device.

Description:
The current implementation uses DSA as the signing algorithm. The libraries for React Native have a minimal support for DSA. The process can be aligned with TOTP standards by changing the signing algorithm to ECDSA or RSA.

Description:

The current implementation handles requests to remove the device that is called from the mobile app using the servlet. Instead use an endpoint from the Me API to handle the scenario as it should align with the functionalities of the Me API.

Currently when the authentication device sends the authentication service to the IS there is a jsp page polling for the result and completed the flow at the consumption device end.
Optionally give the capability to end the authentication flow at the authentication device end while handling consent as well at the authentication device end.

related to: #31

Description:
Create a Firebase account that can be used to have the test project for managing the push notifications sent to WSO2 Verify.

Description:
The current implementation of the push-based authenticator uses Firebase Cloud messaging to send the authentication data from IS to the mobile app. Add the capability for any other push notification service to be configured from the IS to be used for this purpose.

Description:
Currently only the 3-factor authentication (basic login + accept on app + biometric) is supported. Change the API to support 2-factor authentication (basic login + accept on app) as well.

Related Issues:
#20

Description:

If the user hasn't registered a device with the IS for push-based authentication, the devices page is displayed with no other links to either register a device or a message asking to register a device through my account.

Either

1. Add an option to register a device during the authentication
2. Display a message stating that a device should be registered in order to authenticate and give a hyperlink to my account

Description:
Merge the opened pull requests related to biometric authentication

PRs to be merged

identity-outbound-auth-biometric

• #5 "WSO2 Verify" Mobile Application

• #12 Update pom files of the component

• #9 Model classes of the bio-metric device handler component

• #6 Biometric Device Handler Cache

• #8 Device handler exceptions

• #11 Device handler bundle activator and util classes

• #7 Device handler dao

• #10 Device handler core classes

• #13 "WSO2 Verify" Android mobile application

• #14 Modify Authentication flow to support device handler functions

• #15 Extend the Android Mobile app to support device registration and Improve the Authentication Flow

identity-apps

• wso2/identity-apps#973 Implement New Module to support the Biometric Authenticator Device Management Functionalities

Note
The version of the node modules for babel should be updated to v7.9.0 in the package.json file

identity-api-user

• wso2/identity-api-user#91 Rest APIs for Biometric Device Registration

• wso2/identity-api-user#94 Parent pom and pom files of the device handler component

• wso2/identity-api-user#92 Utility classes for Biometric Device Handler Rest APIs

• wso2/identity-api-user#93 Autogenerated classes of the Biometric device handler Rest API component

• wso2/identity-api-user#97 Service class for biometric device handler Rest APIs

• wso2/identity-api-user#98 Implementation of biometric device handler Rest APIs

• wso2/identity-api-user#99 Resource files of the Biometric device handler Rest API component

identity-rest-dispatcher

• wso2/identity-rest-dispatcher#206 Add the Biometric Authenticator Rest Api Component

Description:
Currently, the biometric authenticator is not supporting the CIBA flow, we need to improve it to handle it

Description:
Rename the repository to give a more meaningful name when the QR code authentication feature is added

Description:
Currently the a GET request is used to poll the server for the authentication request. As an issue can arise when the get request is sent over and over again this function should be change to use a POST request instead.

Description:
Check if the push notification token generated by Firebase registered on an iOS device changes over a period of time as the app is used.

Description:
The current implementation supports a key length of 2048 bits which reduces the performance of the React Native mobile app. Change the length of the keypair to 1024 bits in both the SDK and the server-side.

Description:
Creating the Rest API for the QR code authentication as a separate component.

Description:
Currently, the authenticator is written to be used with the firebase push notification service. We need to make the push notification provider configurable.

Description:
WSO2 Verify is currently developed only for Android mobile devices. Develop the app for production using React Native to support both Android and iOS. As a first phase, have only the capability of authenticating users through push.

• Implement the ability to integrate app side capability as a library

Description:
Setup biometric authentication in the Identity Server and test its functionality using the mobile application by adding biometric as the outbound authentication method for an app using the identity server.

Suggested Labels:
Task, Milestone

Description:
The device authentication status is currently stored in a variable on which the current polling mechanism relies on. It should be handled properly.

Possible solution:
Using a session datastore

Description:

The remove device requests from the mobile app are completed from the server-side without any validations. Do the necessary validations prior to executing the remove device task.

Description:
Ability to integrate app side capability as a library , so that any custom app can have push notification capability with WSO2 IS.

Description:

The current implementation works with the table for Biometric authentication in the database. Change the table name and the required queries as Push authentication as the authenticator name has been changed.

Description:
The waiting page for authorization (until the login request is accepted in the mobile app) sends a large number of requests per second to the server which may affect the performance. Make changes to resolve this issue.

In the above screenshot 1992 requests have been sent to the IS within a span of 50s to check if the login has been authorized.

Description:
Currently the users do not have a secondary way of getting the details required for authentication through the mobile application in a scenario FCM fails. In order to avoid the issue a secondary method, preferably displaying a QR code containing the same data sent through firebase. The method used in the registration flow in order to scan the QR code can be modified and used for this function as well.

Description:
Merge the pull requests that are related to biometric authentication found in the identity-api-user repo

Pull Requests to be Merged
wso2/identity-api-user#91
wso2/identity-api-user#92
wso2/identity-api-user#93
wso2/identity-api-user#94
wso2/identity-api-user#97
wso2/identity-api-user#98
wso2/identity-api-user#99

Description:

Currently, the QR code for registration contains multiple attributes that are not needed for the registration process but only required for storing the account information.

Have only the attributes required for the registration in the QR code and send all the account information back as the response to the registration request from the server when the request is completed.

Description:
Some of the fields in the request sent to Firebase cloud messaging to send the authentication push notification to the mobile device have been duplicated causing the push notification to not arrive, but the server to get a response code 200.

How to fix:
Adjust the request to take the following format

{
    "notification": {
        "body": "admin is trying to log into pickup-dispatch at localhost",
    },
    "content_available": true,
    "data": {
        "sessionDataKey": "f089dfe7-d789-491b-9296-bb34ad8d5dde",
        "challenge": "2da478cd-ca29-4696-8b26-0451746d0612",
        "body": "admin is trying to log into pickup-dispatch at localhost",
        "click_action": "AuthenticateActivity",
        "deviceId": "ac17f16f-c12c-4138-95ef-0af6e2c5824d"
    },
    "to": "fQrUKjM_TyWc2w4QrK8vyB:APA91bFsNHubZZJJnhrxD_VG....",
    "priority": "high"
}

Changes should be made in identity-outbound-auth-biometric/components/org.wso2.carbon.identity.application.authenticator.biometric/src/main/java/org/wso2/carbon/identity/application/authenticator/biometric/notification/handler/impl/FirebasePushNotificationSenderImpl.java

Description:
Add the capability for the device to give only the authentication methods defined by the user or the developer for the particular login.
Ex: Fingerprint to be the only biometric authentication method offered to verify the user

Should check if the required biometrics are recorded in the device to complete this task.

Related Issues:
#20

Description:

• Discuss if the mobile application development is going to be continued on native platforms when implementing for iOS as well or whether the development is going to be restarted using a cross platform framework.

Description:
The icons used in the app are from different packs and are saved as images. Import the icons in a suitable way and consistently use the icons from the same pack throughout the app.

Description:

The server throws an exception when polled to check if the device to be registered has got added to the database causing the exception to be thrown multiple times in the server with the full stack trace. The API returns 500 Internal server error

Handle the exception from the API component and return a 404 HTTP status code for the API call to indicate that the device is not found.

Description:
Ability to select either biometric authentication or push notification only when prompting to authenticate

• #33 - Change API to support the authentication method
• #34 - Add capability to the device to send at registration the authentication method it supports
• #35 - Add capability for an Identity Developer to define authentication methods to be used
• #36 - Add capability to login portal UI for a user to select the authentication method at login time
• #37 - Add capability to send the selected login method data to the device and to make the device honor the selection

Description:

Some of the functionalities in the UI component for push-auth device management have broken as a result of changes made to the APIs (eg: get a device by its device id).

Implement the changes as required for the components to work as before

Description:
Add the capability for the user to select the preferred authentication methods to log into a given app from the user portal

Related Issues:
#20

Description:
Add the capability for the app to send a list of available authentication methods in the device as part of the registration.
Eg: Fingerprint, Face ID, Iris, Pin, Pattern, etc

Related Issues:
#20

Description:
Design the UI/UX that will be used when developing the push-based authentication mobile app

Description:

The push notification message for an auth request is processed by the authenticator and sends the full text which gets processed there.
Modify it to send a key by which the developer can process the message on the app end to display when an auth request is received.

Description:
This will be a feature addition to the mobile application where we can use the session termination REST API to give the capability to terminate user sessions through the mobile application.

Description:
Sign the challenge sent from Identity Server to the Device. This will be used by the device to verify that the push notification came from the Identity Server. Since we will be using a 3rd party service to send push notification this will be useful.

Description:
Create the UI elements required for the QR code authenticator as a component of the biometric authenticator.

Description:
Currently the feature does not consists of a function to send the mobile device a notification when device details have been altered or removed from the user portal. While the device should simply get notification when the device name is changed the notification sent when a device is removed should also remove the data from the device upon clicking the notification.

Description:

Discovery data can appear in many authenticator components leading to confusion as to its purpose. Refactor to a more meaningful name for this instance such as getRegistrationDiscoveryData()

Changes should be made in the components below

• Device handler component
• API component where the method gets called

Description:
Merge the pull request for adding the Biometric Authenticator rest api component to the identity-rest-dispatcher repo

Pull Request to merge
wso2/identity-rest-dispatcher#206

Description:

When the authorization request is sent the keyword "SUCCESSFUL" or "DENIED" should be given as auth_status. While the request gets denied only when the proper keyword is added, the request gets authorized with any keyword placed instead of "SUCCESSFUL"

Do proper validation on the server-side