wso2-extensions / identity-outbound-auth-push Goto Github PK
View Code? Open in Web Editor NEWAims at implementing biometric authentication for WSO2 IS.
License: Apache License 2.0
Aims at implementing biometric authentication for WSO2 IS.
License: Apache License 2.0
Description:
The current implementation of the push-based authenticator uses Firebase Cloud messaging to send the authentication data from IS to the mobile app. Add the capability for any other push notification service to be configured from the IS to be used for this purpose.
Description:
The current implementation handles requests to remove the device that is called from the mobile app using the servlet. Instead use an endpoint from the Me API to handle the scenario as it should align with the functionalities of the Me API.
Description:
Currently the feature does not consists of a function to send the mobile device a notification when device details have been altered or removed from the user portal. While the device should simply get notification when the device name is changed the notification sent when a device is removed should also remove the data from the device upon clicking the notification.
Description:
Discovery data can appear in many authenticator components leading to confusion as to its purpose. Refactor to a more meaningful name for this instance such as getRegistrationDiscoveryData()
Changes should be made in the components below
Description:
Currently the users do not have a secondary way of getting the details required for authentication through the mobile application in a scenario FCM fails. In order to avoid the issue a secondary method, preferably displaying a QR code containing the same data sent through firebase. The method used in the registration flow in order to scan the QR code can be modified and used for this function as well.
Description:
The device authentication status is currently stored in a variable on which the current polling mechanism relies on. It should be handled properly.
Possible solution:
Using a session datastore
Description:
Sign the challenge sent from Identity Server to the Device. This will be used by the device to verify that the push notification came from the Identity Server. Since we will be using a 3rd party service to send push notification this will be useful.
Description:
The remove device requests from the mobile app are completed from the server-side without any validations. Do the necessary validations prior to executing the remove device task.
Description:
The current implementation works with the table for Biometric authentication in the database. Change the table name and the required queries as Push authentication as the authenticator name has been changed.
Description:
Some of the fields in the request sent to Firebase cloud messaging to send the authentication push notification to the mobile device have been duplicated causing the push notification to not arrive, but the server to get a response code 200.
How to fix:
Adjust the request to take the following format
{
"notification": {
"body": "admin is trying to log into pickup-dispatch at localhost",
},
"content_available": true,
"data": {
"sessionDataKey": "f089dfe7-d789-491b-9296-bb34ad8d5dde",
"challenge": "2da478cd-ca29-4696-8b26-0451746d0612",
"body": "admin is trying to log into pickup-dispatch at localhost",
"click_action": "AuthenticateActivity",
"deviceId": "ac17f16f-c12c-4138-95ef-0af6e2c5824d"
},
"to": "fQrUKjM_TyWc2w4QrK8vyB:APA91bFsNHubZZJJnhrxD_VG....",
"priority": "high"
}
Changes should be made in identity-outbound-auth-biometric/components/org.wso2.carbon.identity.application.authenticator.biometric/src/main/java/org/wso2/carbon/identity/application/authenticator/biometric/notification/handler/impl/FirebasePushNotificationSenderImpl.java
Description:
Rename the repository to give a more meaningful name when the QR code authentication feature is added
Description:
Check if the push notification token generated by Firebase registered on an iOS device changes over a period of time as the app is used.
Description:
Add capability for the Identity Developer to define the exact method to be used for authentication (As adaptive authentication)
Ex: Fingerprint only
Related Issues:
#20
Description:
When the authorization request is sent the keyword "SUCCESSFUL" or "DENIED" should be given as auth_status. While the request gets denied only when the proper keyword is added, the request gets authorized with any keyword placed instead of "SUCCESSFUL"
Do proper validation on the server-side
Description:
The current implementation gets the list of devices using the username of the user which is used to get the User ID. While this implementation will work for the super tenant, conflicts may occur when more than 1 tenant is available as the same username may appear in multiple places.
The following changes will have to be made to fix the issue
Description:
Merge the opened pull requests related to biometric authentication
PRs to be merged
identity-outbound-auth-biometric
#5 "WSO2 Verify" Mobile Application
#12 Update pom files of the component
#9 Model classes of the bio-metric device handler component
#6 Biometric Device Handler Cache
#8 Device handler exceptions
#11 Device handler bundle activator and util classes
#7 Device handler dao
#10 Device handler core classes
#13 "WSO2 Verify" Android mobile application
#14 Modify Authentication flow to support device handler functions
#15 Extend the Android Mobile app to support device registration and Improve the Authentication Flow
identity-apps
Note
The version of the node modules for babel should be updated to v7.9.0 in the package.json file
identity-api-user
wso2/identity-api-user#91 Rest APIs for Biometric Device Registration
wso2/identity-api-user#94 Parent pom and pom files of the device handler component
wso2/identity-api-user#92 Utility classes for Biometric Device Handler Rest APIs
wso2/identity-api-user#93 Autogenerated classes of the Biometric device handler Rest API component
wso2/identity-api-user#97 Service class for biometric device handler Rest APIs
wso2/identity-api-user#98 Implementation of biometric device handler Rest APIs
wso2/identity-api-user#99 Resource files of the Biometric device handler Rest API component
identity-rest-dispatcher
Description:
Merge the pull request for adding the Biometric Authenticator rest api component to the identity-rest-dispatcher repo
Pull Request to merge
wso2/identity-rest-dispatcher#206
Description:
Attempting to register an already registered device throws a SQL exception on the server side and returns an error 500 to the mobile app. The device can be registered with only 1 user that is in the same database.
The issue is caused by the PushID being considered as a unique value.
The response should be handled on the mobile app SDK and the QR code that should be scanned in order to register should be replaced with a message acknowledging the request was received and that it was for an already registered device.
Description:
Create the UI elements required for the QR code authenticator as a component of the biometric authenticator.
Description:
Create a Firebase account that can be used to have the test project for managing the push notifications sent to WSO2 Verify.
Description:
Check on how consent approval can be done through the mobile app
Description:
The current data payload structure doesn't support the required information that needs to be displayed for an authentication request. Update the data sent from the server-side to support the below requirement
Description:
This will be a feature addition to the mobile application where we can use the session termination REST API to give the capability to terminate user sessions through the mobile application.
Description:
Merge the pull requests that are related to biometric authentication found in the identity-api-user repo
Pull Requests to be Merged
wso2/identity-api-user#91
wso2/identity-api-user#92
wso2/identity-api-user#93
wso2/identity-api-user#94
wso2/identity-api-user#97
wso2/identity-api-user#98
wso2/identity-api-user#99
Description:
Description:
Ability to select either biometric authentication or push notification only when prompting to authenticate
Description:
Add the capability for the user to select the preferred authentication methods to log into a given app from the user portal
Related Issues:
#20
Currently when the authentication device sends the authentication service to the IS there is a jsp page polling for the result and completed the flow at the consumption device end.
Optionally give the capability to end the authentication flow at the authentication device end while handling consent as well at the authentication device end.
related to: #31
Description:
Merge the PR which adds the functionality for biometric authentication in the identity server found in the identity-apps repo.
Related Pull Request
wso2/identity-apps#973
Note
The version of the node modules for babel should be updated to v7.9.0 in the package.json file
Description:
Design the UI/UX that will be used when developing the push-based authentication mobile app
Description:
The server throws an exception when polled to check if the device to be registered has got added to the database causing the exception to be thrown multiple times in the server with the full stack trace. The API returns 500 Internal server error
Handle the exception from the API component and return a 404 HTTP status code
for the API call to indicate that the device is not found.
Description:
WSO2 Verify is currently developed only for Android mobile devices. Develop the app for production using React Native to support both Android and iOS. As a first phase, have only the capability of authenticating users through push.
Description:
Ability to integrate app side capability as a library , so that any custom app can have push notification capability with WSO2 IS.
Description:
Currently the a GET request is used to poll the server for the authentication request. As an issue can arise when the get request is sent over and over again this function should be change to use a POST request instead.
Description:
Currently, the biometric authenticator is not supporting the CIBA flow, we need to improve it to handle it
Description:
The current implementation uses DSA as the signing algorithm. The libraries for React Native have a minimal support for DSA. The process can be aligned with TOTP standards by changing the signing algorithm to ECDSA or RSA.
Description:
If the user hasn't registered a device with the IS for push-based authentication, the devices page is displayed with no other links to either register a device or a message asking to register a device through my account.
Either
Description:
Currently only the 3-factor authentication (basic login + accept on app + biometric) is supported. Change the API to support 2-factor authentication (basic login + accept on app) as well.
Related Issues:
#20
Description:
Currently, the authenticator is written to be used with the firebase push notification service. We need to make the push notification provider configurable.
Description:
Creating the Rest API for the QR code authentication as a separate component.
Description:
The push notification message for an auth request is processed by the authenticator and sends the full text which gets processed there.
Modify it to send a key by which the developer can process the message on the app end to display when an auth request is received.
Description:
Add the capability for the app to send a list of available authentication methods in the device as part of the registration.
Eg: Fingerprint, Face ID, Iris, Pin, Pattern, etc
Related Issues:
#20
Description:
Currently, the QR code for registration contains multiple attributes that are not needed for the registration process but only required for storing the account information.
Have only the attributes required for the registration in the QR code and send all the account information back as the response to the registration request from the server when the request is completed.
Description:
Setup biometric authentication in the Identity Server and test its functionality using the mobile application by adding biometric as the outbound authentication method for an app using the identity server.
Suggested Labels:
Task, Milestone
Description:
The icons used in the app are from different packs and are saved as images. Import the icons in a suitable way and consistently use the icons from the same pack throughout the app.
Description:
The current implementation supports a key length of 2048 bits which reduces the performance of the React Native mobile app. Change the length of the keypair to 1024 bits in both the SDK and the server-side.
Description:
Add the capability for the device to give only the authentication methods defined by the user or the developer for the particular login.
Ex: Fingerprint to be the only biometric authentication method offered to verify the user
Should check if the required biometrics are recorded in the device to complete this task.
Related Issues:
#20
Description:
Currently, the flow consists of
It should be changed such that
Description:
Some of the functionalities in the UI component for push-auth device management have broken as a result of changes made to the APIs (eg: get a device by its device id).
Implement the changes as required for the components to work as before
Description:
The waiting page for authorization (until the login request is accepted in the mobile app) sends a large number of requests per second to the server which may affect the performance. Make changes to resolve this issue.
In the above screenshot 1992 requests have been sent to the IS within a span of 50s to check if the login has been authorized.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.