Module webauthn_authenticator_rs::bluetooth
source · bluetooth only.Expand description
BluetoothTransport communicates with a FIDO token over Bluetooth Low Energy, using btleplug.
This module should work on most platforms with Bluetooth Low Energy support, provided that the user has permissions.
§Warning
There are API design issues with Transport which make BluetoothTransport extremely flaky and timing sensitive. These have been partially addressed, but there is still some way to go.
The long term goal is that this API (and its UI) will become as easy to use as Windows WebAuthn API, but it’s not there just yet.
§caBLE support
To use a caBLE / hybrid authenticator, use the cable module
(avaliable with --features cable) instead.
§Linux support
Seems to be extremely flakey.
§macOS support
Works fine.
Non-paired (but discoverable) Bluetooth FIDO tokens do not appear in the System Settings Bluetooth pane – it can only be triggered by an application attempting to connect to an authenticator.
This will attempt to connect to any nearby FIDO token.
§Windows support
Windows’ WebAuthn API (on Windows 10 build 1903 and later) blocks non-Administrator access to BTLE FIDO tokens, and will return “permission denied” errors when accessed via normal Bluetooth APIs. This does not impact use of caBLE authenticators.
Use Win10 (available with --features win10) on
Windows instead.
You’ll need to manually pair your authenticator in Device Manager before using it with this or Windows’ WebAuthn API.