FAIR

Federated and Independent Repositories

WebAuthn Provider for Two Factor

Plugin Banner

WebAuthn Provider for Two Factor

by Volodymyr Kolesnykov

Download
Description

This plugin adds support for WebAuthn into the Two Factor plugin.

Because the U2F API is deprecated and will be removed in February 2022, the plugin enables seamless support for the previously registered U2F security keys so that the users don’t have to re-register their keys and still be able to log in.

Notes:

  • please use GitHub issues to report bugs;
  • the full source code with all development files is available on GitHub.
  1. User profile settings showing the registered security keys.

    User profile settings showing the registered security keys.

  2. Plugin settings page.

    Plugin settings page.

Be the first to ask.

One touch 2FA is a dream

By Steven Gliebe (stevengliebe) on January 14, 2025

This is great. You can literally log into WordPress with 2FA using one touch (password manager with auto-login combined with this for 2FA). Beats using an authenticator app any day.

Works well for my use case but please provide unminified JS files.

By Rene Hermenau (ReneHermi) on October 26, 2024

This is helpful for evaluating purposes of the code. As this plugin is part of a security level all the code should be readable easily for auditors.

Besides that, well done.
Thank you.

Can’t register

By fakeologist on October 15, 2024

it worked last month perfectly, now I can’t register a new auth key.

FIDO U2F WebAuthn for Two Factor

By con (conschneider) on October 2, 2024

Thank you for bridging the gap while we wait for the PR. This is what Open Source is all about.

Fixes FIDO/U2F/WebAuthn functionality

By Olav Seyfarth (nurs0da) on June 4, 2023

WebAuthn could be included in Two Factor, there's a PR since Nov 22. Thanks for stepping in and even ENHANCING it. Very comprehensive!

Works great with yubi key

By khunglarsen on May 26, 2023

This works great and I use a yubi key.

PIN?

By mike2972 on April 13, 2023

Looks like a solid solution, but there is zero documentation. After adding my yubi-key it's not appearing in the list. So I cannot remove it or change it.

Two Factor works with hardware keys again!

By Andrew Wilder (eatingrules) on February 14, 2022

Thank you so much for this plugin!! In February 2022 Chrome changed things so hardware security keys would no longer work with the "Two Factor" plugin. Installing this add-on gets it working again. I had to change the "User Verification Requirement" to "Discouraged" in order to use my existing Yubikey (without re-adding it). Otherwise, it asked for a PIN but then wouldn't recognize my key. Hopefully it can get merged directly into the Two Factor plugin soon? 😁🙏

A Life Saver!

By lbdee on February 10, 2022

So close to proverbial midnight for the Chrome browser 2-factor security mandate, I'm thankful for the plugin, and appreciate the effort that went into its development. Such an elegant solution to the issue -- thank you again!

Excellent ad in for two factor plugin with webauthn

By Gahan Zwart (gahanzwart) on January 28, 2022

Consider it an add-on for the two factor plugin that lacks webauthn. Works immediatly with the assigned yubi keys registered in two factor. Thank you for all who contributed!

2.5.4

  • Platform requirements updated to PHP 8.1 and WordPress 6.0 (although the plugin still should work with older versions of PHP and WordPress)
  • GH-1008: better integration with Two Factor 0.13.0

2.5.3

  • Restore WebAuthn_Provider::get_instance() because WPVIP has an ancient version of Two Factor

2.5.2

  • Fix the conflict when another package loads a library that has autoload.files key (see https://github.com/sjinks/wp-two-factor-provider-webauthn/pull/980)

2.5.1

  • GH-898: do not show the UI if the plugin has failed to install its tables
  • GH-972: do not show the profile UI if the provider is disabled
  • drop official PHP 7.4 support

2.5.0

  • iCloud support for Firefox (props dd32)

2.4.1

  • GH-541: fix issues with YubiKeys (backported a patch by Markus Bauer from https://github.com/madwizard-org/webauthn-server/pull/23)

2.4.0

  • GH-830: introduce webauthn_register_key_use_nicename filter (props kat3samsin)

2.3.0

  • GH-827: Add webauthn_register_key_suppress_output filter
  • GH-826: Add webauthn_app_id filter to customize U2F AppID
  • GH-824: Initialize wpdb properties as early as possible
  • Update madwizard/webauthn to 0.10.0

2.2.0

  • Do not create user handles if they are not needed
  • Add a hook to customize WebAuthN server
  • Update dependencies
  • Refactor tests

2.1.0

  • GH-462: Use correct user ID when editing a user
  • GH-456: Set relying party ID to COOKIE_DOMAIN if it is available (props dd32)
  • Allow only for network-wide plugin activation (to match Two Factor)

2.0.3

  • Update translations (thank you, Copilot)
  • Add Ukrainian translation (thank you, Copilot)

2.0.2

  • Update madwizard/webauthn to 0.9.0
  • Update development dependencies
  • Update E2E tests

2.0.1

  • GH-295: fix client extensions validation
  • Update development dependencies

2.0.0

  • Put external dependencies into a unique namespace (GH-36, GH-53, GH-236)
  • Update madwizard/webauthn to 0.8.0
  • Update development dependencies

1.0.10

  • Add zh-tw translations (props Chun-Chih Cheng, Alex Lion)
  • GH-215, GH-33: Fix “Unable to save the key to the database” error for long public keys
  • Update development dependencies

1.0.9

  • Update madwizard/webauthn to 0.8.0
  • Update development dependencies
  • Add debug mode (activated with define( 'DEBUG_TFPWA', true );)

1.0.8

  • Security: Update guzzlehttp/guzzle to 7.4.5 (fix CVE-2022-31090 and CVE-2022-31091)
  • Do not load the plugin while WordPress is being installed

1.0.7.1

  • Fix deployment issue. It’s time to automate the process

1.0.7

  • GH-130: fix Network Installation issue
  • Update development dependencies
  • Add security-related workflows to CI
  • Improve tests

1.0.6.1

  • Fix deployment issue

1.0.6

  • GH-93: remove unnecessary required attribute from webauthn_key_name
  • Security: Update guzzlehttp/guzzle to 7.4.4 (fix CVE-2022-31042 and CVE-2022-31043)
  • Update development dependencies

1.0.5

  • Synchronize plugin version across all files

1.0.4

  • Update translations
  • GH-93: add an option to turn off the old U2F provider
  • Update dependencies
  • Add more E2E tests

1.0.3

  • GH-33: increase length of credential_id column to solve issues with Chrome on Mac
  • GH-38: fix bugs preventing plugin uninstallation
  • Make Settings::offsetGet() compatible with PHP 8.1

1.0.2

  • Added E2E tests
  • UI fixes

1.0.1

  • First public release.
Back to top