Library for Linux command-line clients

[Mortal]

I have a FIDO U2F USB key (Feitian ePass FIDO, USB 096e:085a) and I would like to pursue the following stack:

1. Server running node-ts and @simplewebauthn/server
2. Web frontend built in TypeScript using @simplewebauthn/browser for user registration
3. Command-line client built in node-ts that can use a USB key registered in step 2 to authenticate against the server from step 1

I already have a tiny proof of concept for step 1 and 2 running, but I'm a bit stumped as to step 3. I know it's possible to use my FIDO key with pam_u2f - I have it configured for sudo on my local machine, requiring me to go through an attestation flow to store a public key somewhere in /etc. I also know it's possible to use my FIDO key in the browser, as my tiny proof of concept demonstrates.

Does there already exist some kind of node-ts client library for interfacing with FIDO U2F USB keys and servers running @simplewebauthn/server?

[MasterKale]

I'm not aware of any Node libraries that would help you communicate with security keys over USB. One way that comes to mind is to use Node's node:child_process package to shell out to a CTAP2 library like Yubico's python-fido2. It's kinda cursed but that's the cleanest way that comes to mind short of writing your own JS CTAP2 library 😬

[Mortal]

Thanks for the reply. I managed to make a tiny proof of concept Python program using python-fido2 that can call my node-ts+simplewebauthn server. My next goal is to reduce the PoC to using @github/webauthn-json instead of @simplewebauthn/server, but I guess that is outside the scope of this repo :-) Here's my PoC repo

[MasterKale]

I'm curious how you're going to handle response verification if you don't use @simplewebauthn/server. afaik @github/webauthn-json only abstracts client-side WebAuthn API calls, but doesn't do anything to check the response for validity. Will you roll your own verification logic?