Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add YubiKey authentication functionality #1378

Open
wants to merge 6 commits into
base: master
Choose a base branch
from

Conversation

ThatOneCamel
Copy link

@ThatOneCamel ThatOneCamel commented Sep 8, 2023

Adds ability to use a YubiKey security key to generate OTP codes and use them to login.

Please also consider this corresponding pull request on the faq repo: #89

  • This guide outlines what a YubiKey is and how a user would setup their own to work with XIVLauncher.

Additions:

SettingsControl

  • Adds a new CheckBox that enables usage of YubiKey hardware [this requires OTP macros to be enabled]
  • Added way for users to setup their YubiKey credentials in-app (See: SecurityKeySetupDialog)

YubiAuth

  • Finds and maintains reference to physical YubiKey device
  • Handles most methods that retrieve information from the security key and perform operations

OtpInputDialog

  • If YubiKey setting is enabled, will attempt to login if device is plugged in or, if applicable, prompt the user to touch their device before authentication occurs
  • Made so security key authentication doesn't block the main thread and normal login can occur if user desires

SecurityKeySetupDialog

  • A dialog that allows users to enter their authentication key and create a credential on their security key
  • User can also decide if they want to use touch prior to authentication

Directory.Build.targets

  • Made to ensure the proper DLL is selected for the proper system architecture
    • This was incorrectly imported using the default Yubico.YubiKey implementation

@KazWolfe
Copy link
Member

KazWolfe commented Sep 8, 2023

Peanut gallery commentary (and not something necessary for this PR):

This would be a great opportunity to implement some kind of authentication plugin logic to XL so that people can load in all sorts of custom behavior (e.g. this, 1Password, the TOTP webserver, highly insecure homebaked DLLs with hardcoded TOTP secrets, etc.) that can provide credentials or TOTP to XL.

Otherwise, this is a very interesting PR and an awesome new feature. Thanks for making it!!

@NotNite
Copy link
Contributor

NotNite commented Sep 8, 2023

+1 for that idea @KazWolfe mentioned (but neither of us are XL team so don't take it as official word). Perhaps just exchanging messages over stdin/stdout in an executable you can configure sounds good.

@KazWolfe
Copy link
Member

KazWolfe commented Sep 8, 2023

And an actual comment:

At present, this does not appear to support multiple accounts. Would it be possible to tweak the behavior slightly to encode the SE username into the credential so that we can gracefully handle multi-service-account cases?

@ThatOneCamel
Copy link
Author

ThatOneCamel commented Sep 8, 2023

And an actual comment:

At present, this does not appear to support multiple accounts. Would it be possible to tweak the behavior slightly to encode the SE username into the credential so that we can gracefully handle multi-service-account cases?

Thanks for the feedback! Yes this is possible and I've gone ahead and tweaked the implementation so that this could happen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants