Updating FIDO U2F to WebAuthn

Back in 2018 I published a post on adding support for FIDO U2F second factor authentication to a flask application. At the time, FIDO U2F was a relatively new technology and, based in part on its development, work had already begun on a new standard. The Web Authentication (WebAuthn) proposal had been published as a draft in 2016 and reached the recommendation standard by 2019.

I recently revisited a project that included FIDO U2F support and realised that the packages I used in the original post were no longer supported with WebAuthn recommended as the successor.

When first searching for alternative packages I found this site and the associated python package. I then paired this with SimpleWebAuthn on the frontend. Unfortunately I was only able to get registering the device to work with this combination and the actual authentication failed.

A major driver between the switch from FIDO U2F to WebAuthn has been a desire to support alternative devices such as the fingerprint scanners on many laptops and phones. Although the demo on webauthn.io works with my device I was unable to create a working implementation. I suspect I may simply have some incompatible settings but I switched to the FIDO2 server implementation from Yubico and quickly had a working solution.

The code created in the original blog post has now been updated and can be found in the github repository.