Recent content by jurgenhaas

  1. jurgenhaas

    Test suite for Drupal module

    Agreed, adding a test suite to the module would be nice. As there hasn't been any activity around SQRL during the last year or two and nobody knows if anything is going to happen eventually, it's difficult to justify even more hours going into the project. However, contributions always welcome.
  2. jurgenhaas

    Problem logging in

    So, the dependencies for the SQRL module have not been installed. If you install SQRL with composer - the recommended way for Drupal 8 and beyond - that will be installed automatically. If you install Drupal in other ways, then you need to take care of the dependencies manually. I'd encourage...
  3. jurgenhaas

    Problem logging in

    Thanks for the details, that looks alright. So, we need to debug your local installation. What's interesting that already the QR code doesn't get displayed. I went to https://hhost.me/user/login and even there, it doesn't show the QR code. It should be next to the SQRL logo. When I `curl -I...
  4. jurgenhaas

    Problem logging in

    @marcus7777 need some more information to be able to deal with this: where is this happening, on our demo site or on a self-installed Drupal version? what versions to you use: Drupal core SQRL module PHP version Browser SQRL browser plugin I'm asking because I can't reproduce. So you may...
  5. jurgenhaas

    Extra parameters in sqrl:// link

    The http protocol does allow any number of query arguments in an URL, there may be a URL max length constraint though. AFAIK that constraint is not strictly imposed by browsers. With regard to SQRL clients I would imagine that they look into the relevant query arguments for them and they should...
  6. jurgenhaas

    SQRL plugin where platform mandates Ids

    Hi @kalaspuffar That's very similar to what we are doing in Drupal too. We have had the interim screen with that question as well but recently removed it because we thought it's not really necessary to interrupt the sign-up process. Instead, if a user wanted to set their email address, name or...
  7. jurgenhaas

    Problem unique to Steve's Windows Client and possible fix: content-length header

    BTW, it turned out that content-type application/x-www-form-urlencoded works too, i.e. Apache is not messing with it. And it is in fact what is described in the SQRL docs. Although, like @kalaspuffar already pointed out, it is technically not correct because it is in fact plain text.
  8. jurgenhaas

    Dealing with hardlock when user account is linked to more than one SQRL id

    @PHolder yes, that's exactly what I was thinking about and the issue is quite visible in your "diagram": while either IDK1 or IDK2 does not request SQRL only, the hashed password is available in the database (the first table, not the offline records) and as the hashed PW is linked to the account...
  9. jurgenhaas

    Dealing with hardlock when user account is linked to more than one SQRL id

    Sorry for my ignorance, I must have missed the MSA feature. Can you point me in a direction where I can find more about it?
  10. jurgenhaas

    Dealing with hardlock when user account is linked to more than one SQRL id

    Your response is talking about one IDK linked to more than one account. However, my issue is about the opposite: multiple IDKs linked to one account. The security first approach would rule that if at least one of those IDKs sets the hard lock, then the account password has to be "deleted"...
  11. jurgenhaas

    SQRL plugin where platform mandates Ids

    @PHolder I'm about to implement the password encryption but ran into an issue with multiple SQRL ids linked to one user account. IN order to keep discussions more focussed I have started a new thread for this...
  12. jurgenhaas

    Dealing with hardlock when user account is linked to more than one SQRL id

    Let's assume a user account is linked to 2 SQRL identities. Initially both of them are not hardlocked. Then, one of the SQRL ids gets hardlocked, then the server will request a SIN, use it to encrypt the user password, move the password to a separate db table and delete the user password...
  13. jurgenhaas

    SQRL plugin where platform mandates Ids

    The reason why we started to discuss that was less driven by the fact that someone thought about authentication with them. It came more from the use case that when you sign-up for a platform traditionally, you provide an email address. When you sign-up with SQRL you don't. However, having an...
  14. jurgenhaas

    SQRL plugin where platform mandates Ids

    @ramriot long time no speak ;-) Yes, I have been working with most of those modules but to me they are no valid options. Using any one of them would be support for SSO but not support for SQRL, because when you deal with any SSO protocol you integrate "just" that protocol and how the user...
  15. jurgenhaas

    SQRL plugin where platform mandates Ids

    Good point, well made. Have to look into that still.