New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add regular fido service #2184
base: master
Are you sure you want to change the base?
Add regular fido service #2184
Conversation
1cdb499
to
5afc954
Compare
play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/regular/Fido2RegularService.kt
Outdated
Show resolved
Hide resolved
I have updated the feature for the privileged fido api and use static features. I have not yet tested the later change, I'll do it later if I've time (and if no one else can) I have seen that the libraries doesn't use the features for the request. Side note: Some actions I have seen that aren't in microG:
|
@p1gp1g |
@ale5000-git 3 features for the privileged service, 2 for the regular one, 1 in common : there are 4 features :) |
@p1gp1g when I was asking for them to be static, I was thinking of how we do it at other places like GmsCore/play-services-core/src/main/kotlin/org/microg/gms/auth/account/data/GoogleAuthService.kt Lines 28 to 44 in df6f331
It may seem weird to declare features to a service that are not provided by it, but Google does the same in original Play Services (services are declared in groups that share their set of features) and in the past Google was even requiring this for some APIs (the client library was requiring that service A announced a feature of service B). We want to prevent a small update to the client library breaking support because of not announcing a feature (we had those issues in the past). I can check the full list of services that Google announces on FIDO APIs later and provide it here (it can be extracted from the chimera manifest in the assets of play services apk). |
The full set of feature is not used by these 2 services. There is a declaration of the full set, and it is used for the zeroparty or the firstparty one. I haven't added other features because I though it would better fit a PR introducing those services (if needed). Regular Fido and Privileged Fido use the set with respectively 2 and 3 features |
Here's the content of the chimera manifest of play services 24.05.15, with the module for the fido already highlighted: https://gist.github.com/mar-v-in/1cb40abe41ed751d3ab8f78ef6843b7f#file-chimeramanifest-L12804-L13243 When connecting to this version of play services, all the API services listed in the module (with prefix |
c1a4a7b
to
a65067d
Compare
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialCreationOptions; | ||
import com.google.android.gms.fido.fido2.api.common.PublicKeyCredentialRequestOptions; | ||
|
||
interface IFido2RegularService { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little confused about these interfaces, because they don't match what Google's services expect:
- The name should be
IFido2AppService
(IFido2AppCallbacks
respectively) - The AIDL shouldn't carry a
getCredentialList
function on the regular service (such function also doesn't exist in the corresponding public API)
Not sure where this mismatch comes from. If you only ever tested the client library from this PR against the service from this PR, it would certainly work, but would be incompatible with Google's client library or service.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That may be why. I have converted to a draft until this is tested against a google client lib, and this fixed.
Build fails:
|
Sorry again, I'll take the time to do it properly this weekend --' |
eb59663
to
399f9f8
Compare
I don't know why the CI fails. Is there a cache or something ? An app using the lib can now communicate with PlayServices for the regular functions. I have tested it until the Play Services failed because of missing authorization server side (the demo I used don't have assetslinks.json). I have to test a proper login tomorrow, with a service I will host. |
These are the errors:
|
I don't know it too much but I think this type of code is deprecated, look at the changes here: 48e0b00#diff-09c7aa118b786f685aa2ead8f15b3824e83a97235b82f5bec93357f0d8959ee3L85 |
399f9f8
to
349a3d8
Compare
@ale5000-git Thanks I've rebased the branch & updated the code for the lifecycle |
Well, after some tests, it doesn't work from this microg fido library (this PR) to the Google Play services. I don't have a test phone with me atm with signature spoofing to try from GPlay lib to microG. This app makes it easy to test: https://github.com/android/codelab-fido2 . Does someone wants to try ? I don't have all the internal microG/play services in mind, so help is welcomed. I have observed this difference, I don't know if that's relevant: with microg lib
with gplay lib
|
@p1gp1g have you been testing on Android 14? FIDO/Passkeys works entirely different since Android 14 and microG's implementation is currently not fully compatible with the Android 14 APIs. |
This check was on Android 13. [Edit: I said it was on Android 14 but no the last check, sorry] |
It adds support for regular FIDO service.
Edit: This PR is not based on the other PR (#2183) any more. Old branch can be found here: p1gp1g:feat/regular_fido_v1