# FidoMetadata A Ruby gem for the [FIDO Alliance Metadata Service (MDS)](https://fidoalliance.org/metadata/). The MDS is a way to retrieve data about FIDO2 and U2F authenticators such as make, model, biometric capabilities, security status and the manufacturer root certificate(s). See [FIDO TechNotes: The Truth about Attestation](https://fidoalliance.org/fido-technotes-the-truth-about-attestation/) for a generic overview. This gem provides a HTTP client for the MDS that performs the necessary security checks, parses the data into objects, and caches the results for speed and resiliency. It is intended to be used by WebAuthn relying parties wishing to verify attestation statement during registration. ## Installation Add this line to your application's Gemfile: ```ruby gem 'fido_metadata' ``` And then execute: $ bundle Or install it yourself as: $ gem install fido_metadata ## Usage First, you need to [register for an access token](https://mds2.fidoalliance.org/tokens/) and configure a cache backend. The cache interface is compatible with Rails' [`ActiveSupport::Cache::Store`](https://api.rubyonrails.org/classes/ActiveSupport/Cache/Store.html), which means you can configure the gem to use your existing cache or a separate one: ```ruby FidoMetadata.configure do |config| config.metadata_token = "your token" config.cache_backend = Rails.cache # or something like `ActiveSupport::Cache::FileStore.new(...)` end ``` Then you can query the table of contents (TOC): ```ruby store = FidoMetadata::Store.new toc = store.table_of_contents # returns a FidoMetadata::TableOfContents object. `toc.entries` returns an array of FidoMetadata::Entry objects, see # https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-metadata-service-v2.0-ps-20170927.html#metadata-toc-payload-entry-dictionary ``` Retrieve metadata statement via the authenticator `aaguid` (FIDO2) or `attestation_certificate_key_id` (U2F): ```ruby store.fetch_statement(aaguid: "0132d110-bf4e-4208-a403-ab4f5f12efe5") # returns a FidoMetadata::Statement object, see # https://fidoalliance.org/specs/fido-v2.0-ps-20170927/fido-metadata-statement-v2.0-ps-20170927.html#types ``` ### Custom cache backend It is possible to implement your own backend for using any datastore you'd like, such as your database. The interface you need to implement is as follows: ```ruby class CustomMetadataCacheStore def read(name, _options = nil) # deserialize and return `value` end def write(name, value, _options = nil) # serialize and store `value` so it can be looked up using `name` end end # and configure the gem to use it: FidoMetadata.configure do |config| config.cache_backend = CustomMetadataCacheStore.new end ``` ## Development After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/rspec` to run the tests. You can also run `MDS_TOKEN=yourtoken bin/console` for an interactive prompt that will allow you to experiment. It is configured to use a simple in-memory cache. If you don't supply the token via the environment variable, the prompt will print instructions to set it in another way. To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/bdewater/fido_metadata. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct. ## License The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). The gem and its authors are unaffiliated with the FIDO Alliance. The FIDO and FIDO ALLIANCE trademarks and logos are trademarks of FIDO Alliance, Inc.