Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIDO UAF Client (Android) is not handling UAFIntentType.DISCOVER properly #21

Open
emersonmello opened this issue May 20, 2016 · 6 comments
Open

FIDO UAF Client (Android) is not handling UAFIntentType.DISCOVER properly #21

emersonmello opened this issue May 20, 2016 · 6 comments

Comments

@emersonmello
Copy link
Contributor

According to FIDO UAF Application API and Transport Binding Specification:

Android intent invokes the FIDO UAF Client to discover the available authenticators and capabilities. The FIDO UAF Client generally will not show a UI associated with the handling of this intent, but immediately return the JSON structure. The calling application cannot depend on this however, as the FIDO UAF Client MAY show a UI for privacy purposes, allowing the user to choose whether and which authenticators to disclose to the calling application.

This intent MUST be invoked with startActivityForResult().

Current ExampleFidoUafClient class is not handling UAFIntentType properly and there is nothing to catch UAFIntentType.DISCOVER. As consequence a 3rd party Android RP App is not able to discovery and use Marvin UAF Client.

It is my suggestion to be included in finishWithResult method:

Bundle extras = getIntent().getExtras();
        if (extras != null) {
            String data = (String) extras.get("UAFIntentType");
            if (data != null) {

                if (data.equals(UAFIntentType.DISCOVER)) {
                    extras = new Bundle();
                    extras.putString("UAFIntentType", UAFIntentType.DISCOVER_RESULT.name());
                    extras.putShort("errorCode", ErrorCode.NO_ERROR.getID());
                    extras.putString("discoveryData", DiscoveryData.getFakeDiscoveryData());
                    intent.putExtras(extras);

                    setResult(Activity.RESULT_OK, intent);
                    finish();
                }

                if (data.equals(UAFIntentType.UAF_OPERATION.name())) {
                    String message = (String) extras.get("message");
                    String channelBindings = (String) extras.get("channelBindings");
                    String inMsg = extract(message);
                    String response = "";
                }

            }
        }

But it will implicate in a lot of modifications in onActivityResult method in MainActivity class.
@npesic
Copy link
Contributor

npesic commented May 24, 2016

Hi Emerson,

This is a good point. It would be nice to have implemented handling of the DISCOVER UAF intent type.

It looks like you are on the way to implement it. Let me know if you run into any issues.

Thanks,
Neb.

@emersonmello
Copy link
Contributor Author

Hi Neb,

Yes, I already did that in a "new FIDO UAF Client", but I can do that on Marvin UAF Client. Probably this new code will imply in some changes on Android RP Client as well. I guess that is a good opportunity to split Marvin from RP Client.

What do you think?

BTW, should I get/work UAFClient from master branch or from f_android_uaf_client branch?

Cheers,

@silverstar235
Copy link

Hi, I have fix the use permission in manifest and android Intent as https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-client-api-transport-v1.0-ps-20141208.html#android-intent-api: Why when i use conformance test tool from fido, i alway meet this error and can not get the return result JSON from my uaf server (this is an FIDO UAF server have certified): "E/UAFClientAPI: Malformed response: mandatory field IEN_COMPONENT_NAME is missing". Can you help me? Is there any more configuration for UAF Intent?

@yackermann
Copy link

@silverstar235 your app response missing componentName in extra

The component name of the responding FIDO UAF Client. It must be serialized using ComponentName.flattenString()

@silverstar235
Copy link

silverstar235 commented Jun 15, 2017 via email

@yackermann
Copy link

Try to look at intent response and check that it's actually contains componentName field

ngs-mtech pushed a commit to ngs-mtech/UAF that referenced this issue Feb 28, 2018
@Steppschuh
Merge pull request eBay#21 from neXenio/bug-fix/014-missing-fields
3c8c0ab 
Bug fix/014 missing fields
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@npesic @yackermann @emersonmello @silverstar235