Hi All, I’m currently working on making the WSO2 Identity Server support Biometric Authentication, which will provide the users with one of the most secure and convenient authentication mechanisms in the modern era.The device registration flow is being implemented as the second phase of the project.
The device registration flow is triggered by users opting to register a new mobile device as a biometric authenticator, from the user portal’s Multi-factor Authentication section. As the initial step of the flow a QR code containing the necessary details is displayed including a challenge to be signed by the mobile app in order to verify the integration of the registration request sent. A New Start-up screen has been introduced in the Mobile application in order to facilitate the registration functionality. Clicking the Register option out of the two options presented on the start-up screen navigates the user to a new screen where instructions to register the device are displayed. Clicking the scan button opens up the camera for the QR code to be scanned. Successfully Scanning the QR code triggers the Device registration function of the mobile app. A registration request is generated with device details such as the make and model of the device and the Firebase Cloud messaging instance ID. A Key pair is generated by the device and the public key is included in the request sent to the server while the private key is stored in the device itself along with key details retrieved from the QR code. Upon successful registration a message is prompted in the user portal along with the option to enter a unique name to identify the newly registered device. By default the device display name is set to the make and model of the device. The device handler module has been integrated with the Authentication flow, which was developed in the initial phase of the project.A new page has been introduced to the authentication endpoint in order to facilitate this. Given that biometric authentication is enabled, users are navigated to a page from which a device can be chosen to authenticate themselves. While the design and a detailed explanation of the flows of the feature can be found in my previous mail “Implementing Biometric Authenticator to integrate with Mobile devices”, the mail thread which refers to the initial phase of the project can be found in the link below. https://markmail.org/message/r2scjjbxfjfdd7yd Please note that the User interfaces are not finalized and that major improvements are yet to be done. Thank you, Regards, *Avishka Jayasundara* | Intern - Engineering | WSO2 Inc. <http://wso2.com/> (M)+94 770323035 | (E) avish...@wso2.com <shan...@wso2.com> <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
