描述

This plugin adds support for WebAuthn into the Two Factor plugin.

Because the U2F API is deprecated and will be removed in February 2022, the plugin enables seamless support for the previously registered U2F security keys so that the users don’t have to re-register their keys and still be able to log in.

Notes:

please use GitHub issues to report bugs;
the full source code with all development files is available on GitHub.

螢幕截圖

User profile settings showing the registered security keys.
Plugin settings page.

常見問題

Be the first to ask.

評價

Steven Gliebe 2025年1月14日

This is great. You can literally log into WordPress with 2FA using one touch (password manager with auto-login combined with this for 2FA). Beats using an authenticator app any day.

Rene Hermenau 2024年10月26日

This is helpful for evaluating purposes of the code. As this plugin is part of a security level all the code should be readable easily for auditors. Besides that, well done.Thank you.

fakeologist 2024年10月15日

it worked last month perfectly, now I can’t register a new auth key.

con 2024年10月2日

Thank you for bridging the gap while we wait for the PR. This is what Open Source is all about.

Olav Seyfarth 2023年6月4日

WebAuthn could be included in Two Factor, there’s a PR since Nov 22. Thanks for stepping in and even ENHANCING it. Very comprehensive!

khunglarsen 2023年5月26日

This works great and I use a yubi key.

閱讀全部10個評價

貢獻者及開發者

“WebAuthn Provider for Two Factor” 是一個開源的軟體。以下的人對這個外掛作出了貢獻。

Volodymyr Kolesnykov

WebAuthn Provider for Two Factor 外掛目前已有 5 個本地化語言版本。感謝所有譯者為這個外掛做出的貢獻。

將 WebAuthn Provider for Two Factor 外掛本地化為台灣繁體中文版。

對開發相關資訊感興趣？

任何人均可瀏覽程式碼、查看 SVN 存放庫，或透過 RSS 訂閱開發記錄。

修改日誌

2.5.4

Platform requirements updated to PHP 8.1 and WordPress 6.0 (although the plugin still should work with older versions of PHP and WordPress)
GH-1008: better integration with Two Factor 0.13.0

2.5.3

Restore WebAuthn_Provider::get_instance() because WPVIP has an ancient version of Two Factor

2.5.2

Fix the conflict when another package loads a library that has autoload.files key (see https://github.com/sjinks/wp-two-factor-provider-webauthn/pull/980)

2.5.1

GH-898: do not show the UI if the plugin has failed to install its tables
GH-972: do not show the profile UI if the provider is disabled
drop official PHP 7.4 support

2.5.0

iCloud support for Firefox (props dd32)

2.4.1

GH-541: fix issues with YubiKeys (backported a patch by Markus Bauer from https://github.com/madwizard-org/webauthn-server/pull/23)

2.4.0

GH-830: introduce webauthn_register_key_use_nicename filter (props kat3samsin)

2.3.0

GH-827: Add webauthn_register_key_suppress_output filter
GH-826: Add webauthn_app_id filter to customize U2F AppID
GH-824: Initialize wpdb properties as early as possible
Update madwizard/webauthn to 0.10.0

2.2.0

Do not create user handles if they are not needed
Add a hook to customize WebAuthN server
Update dependencies
Refactor tests

2.1.0

GH-462: Use correct user ID when editing a user
GH-456: Set relying party ID to COOKIE_DOMAIN if it is available (props dd32)
Allow only for network-wide plugin activation (to match Two Factor)

2.0.3

Update translations (thank you, Copilot)
Add Ukrainian translation (thank you, Copilot)

2.0.2

Update madwizard/webauthn to 0.9.0
Update development dependencies
Update E2E tests

2.0.1

GH-295: fix client extensions validation
Update development dependencies

2.0.0

Put external dependencies into a unique namespace (GH-36, GH-53, GH-236)
Update madwizard/webauthn to 0.8.0
Update development dependencies

1.0.10

Add zh-tw translations (props Chun-Chih Cheng, Alex Lion)
GH-215, GH-33: Fix “Unable to save the key to the database” error for long public keys
Update development dependencies

1.0.9

Update madwizard/webauthn to 0.8.0
Update development dependencies
Add debug mode (activated with define( 'DEBUG_TFPWA', true );)

1.0.8

Security: Update guzzlehttp/guzzle to 7.4.5 (fix CVE-2022-31090 and CVE-2022-31091)
Do not load the plugin while WordPress is being installed

1.0.7.1

Fix deployment issue. It’s time to automate the process

1.0.7

GH-130: fix Network Installation issue
Update development dependencies
Add security-related workflows to CI
Improve tests

1.0.6.1

Fix deployment issue

1.0.6

GH-93: remove unnecessary required attribute from webauthn_key_name
Security: Update guzzlehttp/guzzle to 7.4.4 (fix CVE-2022-31042 and CVE-2022-31043)
Update development dependencies

1.0.5

Synchronize plugin version across all files

1.0.4

Update translations
GH-93: add an option to turn off the old U2F provider
Update dependencies
Add more E2E tests

1.0.3

GH-33: increase length of credential_id column to solve issues with Chrome on Mac
GH-38: fix bugs preventing plugin uninstallation
Make Settings::offsetGet() compatible with PHP 8.1

1.0.2

Added E2E tests
UI fixes

1.0.1

First public release.

One touch 2FA is a dream

Works well for my use case but please provide unminified JS files.

Can’t register

FIDO U2F WebAuthn for Two Factor

Fixes FIDO/U2F/WebAuthn functionality

Works great with yubi key

描述