Is there a way to get a value from a security key (such as YubiKey) in OutSystems?
Hi Kazuki,
Yes, you can get value from a security key in OutSystems by integrating with the APIs provided by the key's manufacturer. For YubiKey, you can use the YubiKey API or the FIDO Universal 2nd Factor (U2F) API to access the key's value. To access the APIs, you'll need to write custom code in OutSystems, either through an extension or by directly accessing the APIs through a REST API call
Hi
Thanks for the answer.
I want to use the FIDO Universal 2nd Factor (U2F) API to obtain values.
API not found.
If you know of any, could you please let us know?
Hi,
You can find the YubiKey API documentation on the Yubico website: https://developers.yubico.com/
The FIDO Universal 2nd Factor (U2F) API is available through the FIDO Alliance website: https://fidoalliance.org/
Both of these websites provide documentation and resources for developers to integrate with their APIs.
Thank you for your response.
Forge was also available, but can it be implemented using only the API without using it?
U2F:https://www.outsystems.com/forge/component-overview/1882/u2f
FIDO:https://www.outsystems.com/forge/component-overview/8953/webauthnfido2
I have already replied to that Question you can check that.
Yes, you can implement U2F and FIDO2 authentication in OutSystems without using the Forge components. The Forge components are pre-built modules that simplify the implementation process, but you can also write custom code to integrate with the U2F and FIDO2 APIs.
To implement U2F authentication in OutSystems without using the U2F Forge component, you will need to write custom code to communicate with the U2F API, generate challenges, handle the registration process, and verify the signed challenges.
Similarly, to implement FIDO2 authentication in OutSystems without using the WebAuthnFIDO2 Forge component, you will need to write custom code to communicate with the FIDO2 API, generate challenges, handle the registration process, and verify the signed challenges.
Please note that writing custom code to integrate with the APIs requires a higher level of technical expertise and may take more time to implement compared to using the Forge components. However, it provides greater flexibility and control over the authentication process.
Is your need to authenticate a user? If so i would suggest to integrate with an Identity Provider solution which also handles WebAuthn asf. (e.g. Auth0 (commerical), or KeyCloak (Open Source))
User authentication is required.
Sorry.I would love to hear more about it.
you can configure the OutSystems Users Provider (https://
Then you configure your Identity Provider to support WebAuthn MFA (thats the FIDO Key thing).
Users now trying to use an OutSystems application are now redirected to the Identity Provider and must login with credentials (dependant on the configuration of the Identity Provider the "Store" of credentials can be anything ranging from Database to other Identity Provider like Azure AD, Google asf). When loggin in for the first time then the Identity Provider forces the user to register a MFA device like a FIDO Key which is then used for all subsequent logins.
Best
Stefan