eBay/UAF eBay/UAF

  • Stars
    star
    276
  • Rank 146,016 (Top 3 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created almost 9 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
eBay/UAF
github

eBay

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

UAF - Universal Authentication Framework

Build Status Gitter

UAF - Universal Authentication Framework

UAF Architectural Overview

News & Release Notes

Vision

The main goal is the passwordless authentication experience

Values

  • Simple to authenticate using biometrics readings, such as fingerprint
  • More secure authentication using the cryptography

Methods

  • Standardize the messages, and the message exchange sequence
  • Standardize the way how biometric authenticators are receiving requests and giving out responses
  • Define how cryptography can be used to secure messages that are exchanged

Obstacles

  • Identifying all required data that needs to be part of the protocol messages
  • Correct implementation of message exchange sequence
  • Correct implementation of cryptography sign/verify operations
  • Correct implementation of encoding/decoding of the messages

Measures

  • Number of successful application of the protocol is high
  • Number of protocol adaptations in comparing with password authentication is higher
  • Number of security bugs equal to zero

Implementation details

The code presented here is divided into three groups:

  1. fido-uaf-core - UAF protocol implementation
  2. fidouaf - UAF server, a Jersey service application for demoing UAF protocol implementation use
  3. RP Client App - Android relying party client app for demoing UAF server

Steps for running the demo

  1. Build and run the UAF server as described in the Wiki page of the project (https://github.com/eBay/UAF/wiki/BuildingAndRunningUAFServer).
  2. Build and run the client (fidouafclient).
  3. Obtain the facetID of the client.

3.1. If the client program is run on an android device, pressing the button labelled "facetID" will display the string representing the facetID of the client program on the screen.

3.2. If the client program is run on an emulator, pressing the button labelled "facetID" will cause the string representing the facetID of the client program to be printed on the IDE console (Logcat). The string can be located by searching for the term "facetID:".

  1. In the file UAF/fidouaf/src/main/java/org/ebayopensource/fidouaf/res/config.properties, replace the example string representing the facetID of the client program with the value obtained in step 3.
  2. Set the Server Endpoint on the client by clicking on the settings menu on the upper right corner of the client application, filling in an appropriate IP address and port for the server (e.g., http://192.168.1.34:8080), then clicking on the checkmark to save the settings.
  3. The client and the server are now ready to be tested.

More Repositories

1

NMessenger

A fast, lightweight messenger component built on AsyncDisplaykit and written in Swift
Swift
2,424
star
2

nice-modal-react

A modal state manager for React.
TypeScript
1,949
star
3

akutan

A distributed knowledge graph store
Go
1,656
star
4

tsv-utils

eBay's TSV Utilities: Command line tools for large, tabular data files. Filtering, statistics, sampling, joins and more.
D
1,413
star
5

bayesian-belief-networks

Pythonic Bayesian Belief Network Package, supporting creation of and exact inference on Bayesian Belief Networks specified as pure python functions.
Python
1,122
star
6

NuRaft

C++ implementation of Raft core logic as a replication library
C++
966
star
7

restcommander

Fast Parallel Async HTTP client as a Service to monitor and manage 10,000 web servers. (Java+Akka)
Java
899
star
8

parallec

Fast Parallel Async HTTP/SSH/TCP/UDP/Ping Client Java Library. Aggregate 100,000 APIs & send anywhere in 20 lines of code. Ping/HTTP Calls 8000 servers in 12 seconds. (Akka) www.parallec.io
Java
810
star
9

HeadGazeLib

A library to empower iOS app control through head gaze without a finger touch
Swift
754
star
10

Sequence-Semantic-Embedding

Tools and recipes to train deep learning models and build services for NLP tasks such as text classification, semantic search ranking and recall fetching, cross-lingual information retrieval, and question answering etc.
Python
459
star
11

modanet

ModaNet: A large-scale street fashion dataset with polygon annotations
327
star
12

flutter_glove_box

Various eBay tools for Flutter development
Dart
317
star
13

Neutrino

Neutrino is a software load balancer(SLB)
Scala
306
star
14

KPRN

Reasoning Over Knowledge Graph Paths for Recommendation
Lua
279
star
15

griffin

Model driven data quality service
JavaScript
240
star
16

cors-filter

CORS (Cross Origin Resource Sharing) is a mechanism supported by W3C to enable cross origin requests in web-browsers. CORS requires support from both browser and server to work. This is a Java servlet filter implementation of server-side CORS for web containers such as Apache Tomcat.
Java
231
star
17

Jungle

An embedded key-value store library specialized for building state machine and log store
C++
219
star
18

ebayui-core

Collection of Marko widgets; considered to be the core building blocks for all eBay components, pages & apps
TypeScript
210
star
19

sbom-scorecard

Generate a score for your sbom to understand if it will actually be useful.
Go
209
star
20

jsonpipe

A lightweight AJAX client for chunked JSON responses
JavaScript
204
star
21

ebay-font

A small utility to efficiently load custom web fonts
JavaScript
175
star
22

skin

Pure CSS framework designed & developed by eBay for a branded, e-commerce marketplace.
JavaScript
171
star
23

accelerator

The Accelerator is a tool for fast and reproducible processing of large amounts of data.
Python
150
star
24

firebase-remote-config-monitor

Monitors firebase remote config values, posting changes to slack
JavaScript
136
star
25

maxDNN

High Efficiency Convolution Kernel for Maxwell GPU Architecture
C++
132
star
26

go-ovn

A Go library for OVN Northbound/Southbound DB access using native OVSDB protocol
Go
108
star
27

Gringofts

Gringofts makes it easy to build a replicated, fault-tolerant, high throughput and distributed event-sourced system.
C++
102
star
28

parallec-samples

Single file examples and ready-to-use servers show how to use parallec.io library. Examples to aggregate APIs and publish to Elastic Search and Kafka, and many more. www.parallec.io
Java
92
star
29

userscript-proxy

HTTP proxy to inject scripts and stylesheets into existing sites.
JavaScript
84
star
30

xcelite

Java
81
star
31

mindpatterns

HTML Accessibility Pattern Examples
HTML
79
star
32

embedded-druid

Java
75
star
33

figma-include-accessibility-annotations

Include is a tool built to make annotating for accessibility (a11y) easierβ€”easier for designers to spec and easier for developers to understand what is required.
JavaScript
73
star
34

RANSynCoders

Jupyter Notebook
72
star
35

ebay-oauth-python-client

Python OAuth SDK: Get OAuth tokens for eBay public APIs
Python
71
star
36

Design-Grid-Overlay

A Chrome extension to overlay a design grid on your web page; configurable to fit many design scenarios.
JavaScript
65
star
37

ebay-oauth-nodejs-client

πŸ”‘ Generate an OAuth token that can be used to call the eBay Developer REST APIs.
JavaScript
62
star
38

json-comparison

Powerful JSON comparison tool for identifying all the changes within JSON files
Java
60
star
39

bascomtask

Lightweight parallel Java tasks
Java
60
star
40

xFraud

Jupyter Notebook
60
star
41

DASTProxy

Java
57
star
42

jsonex

Java Object Serializer and Deserializer to JSON Format. Focuses on configuration friendliness, arbitrary object serialization and compact JSON format
Java
56
star
43

ebay-oauth-csharp-client

eBay OAuth C# Client Library
C#
54
star
44

nvidiagpubeat

nvidiagpubeat is an elastic beat that uses NVIDIA System Management Interface (nvidia-smi) to monitor NVIDIA GPU devices and can ingest metrics into Elastic search cluster, with support for both 6.x and 7.x versions of beats. nvidia-smi is a command line utility, based on top of the NVIDIA Management Library (NVML), intended to aid in the management and monitoring of NVIDIA GPU devices.
Go
53
star
45

ebay-oauth-java-client

eBay OAuth APIs client for Java
Java
48
star
46

nice-dag

nice-dag is a lightweight javascript library, which is used to present a DAG diagram.
TypeScript
47
star
47

SparkChamber

An event tracking framework for iOS
Swift
45
star
48

Winder

Winder is a simple state machine based on Quartz Scheduler. It helps to write multiple steps tasks on Quartz Scheduler. Winder derived from a state machine which is widly used in eBay Cloud. eBay Platform As A Service(PaaS) uses it to deploy software to hundreds of thousands virtual machines.
Java
45
star
49

AutoOpt

Automatic and Simultaneous Adjustment of Learning Rate and Momentum for Stochastic Gradient Descent
Python
44
star
50

GZinga

Java
43
star
51

YiDB

Java
43
star
52

collectbeat

Beats with discovery capabilities for environments like Kubernetes
Go
41
star
53

block-aggregator

C++
40
star
54

Jenkins-Pipeline-Utils

Global Jenkins Pipeline Library with common utilities.
Groovy
39
star
55

cassandra-river

Cassandra river for Elastic search.
Java
38
star
56

bsonpatch

A BSON implementation of RFC 6902 to compute the difference between two BSON documents
Java
38
star
57

arc

adaptive resources and components
JavaScript
35
star
58

regressr

A command line regression testing framework for testing HTTP services
Scala
34
star
59

ebashlib

A bash script battery which gathers several generic helper scripts for other repositories.
Shell
30
star
60

modshot

Takes screenshot of UI modules and compare with baselines using PhantomCSS
JavaScript
29
star
61

visual-html

Visual regression testing without the flakiness.
TypeScript
29
star
62

FeedSDK-Python

eBay Python Feed SDK - SDK for downloading large gzipped (tsv) item feed files and applying filters for curation
Python
29
star
63

accessibility-ruleset-runner

eBay Accessibility Ruleset Runner automates 20% of WCAG 2.0 AA recommendations, saving time on manual testing.
JavaScript
27
star
64

crossdomain-xhr

JavaScript
27
star
65

oink

REST based interface for PIG execution
Java
27
star
66

bonsai

open source version of the Bonsai library
Scala
26
star
67

ebayui-core-react

eBayUI React components
TypeScript
25
star
68

geosense

Self-contained jar to lookup timezone by lat+lon
Java
25
star
69

browser-telemetry

A Telemetry module for collecting errors, logs, metrics, uncaught exceptions etc on browser side.
JavaScript
25
star
70

oja

Lightweight Dependency Injection Framework for Node.JS Apps - Structure your application business logic
JavaScript
25
star
71

SketchSVG

Have icons in a Sketch file but don't want to manually extract and compress them as SVGs? Let our SketchSVG tool do it!
JavaScript
25
star
72

CustomRippleView

The Custom Ripple View library provides Android developers an easy way to customize and implement a Ripple Effect view.
Kotlin
24
star
73

FGrav

Dynamic Flame Graph Visualizations from raw data in your browser
JavaScript
24
star
74

nodash

Lightweight replacement for subset of Lodash
JavaScript
24
star
75

FeedSDK

Java SDK for downloading large gzipped (tsv) item feed files and applying filters for curation
Java
23
star
76

kube-credentials-plugin

A Jenkins plugin to store credentials in kubernetes
Java
21
star
77

releaser

A declarative API that syncs specs from git to kubernetes
Go
20
star
78

airflow-rest-api-plugin

A plugin of Apache Airflow that exposes REST endpoints for custom REST APIs.
Python
20
star
79

mtdtool

The Manual Test Demultiplexer is a desktop app (Mac and Windows) that provides an interface for driving manual testing on multiple physical devices.
Java
20
star
80

nice-form-react

A meta based form builder for React.
TypeScript
19
star
81

EBNObservable

A block-based Key-Value Observing (KVO) implementation with observable collections.
Objective-C
19
star
82

HomeStore

Storage Engine for block and key/value stores.
C++
19
star
83

skin-react

Skin components built with React (Typescript)
TypeScript
18
star
84

accelerator-project_skeleton

Python
18
star
85

taxonomy-sdk

An SDK designed to bring transparency to the rapid evolution of our aspects metadata for our partners.
Java
18
star
86

ebay-oauth-android-client

eBay OAuth Android Client library
Kotlin
17
star
87

wextracto

Python
17
star
88

myriad

Java
17
star
89

event-notification-nodejs-sdk

NodeJS SDK designed to simplify processing of eBay notifications.
JavaScript
17
star
90

TDD-Albums

A Hands-On Tutorial for iPhone Developers Learning TDD
17
star
91

fluid

Fluid Web Components
JavaScript
16
star
92

ostara

Java
16
star
93

lightning

Lightning is a Java based, super fast, multi-mode, asynchronous, and distributed URL execution engine from eBay
HTML
16
star
94

RTran

Road to Continous Upgrade
Scala
15
star
95

NautilusTelemetry

An iOS implementation of OpenTelemetry
Swift
15
star
96

hadoop-tsdb-connector

Java
15
star
97

Pine

Pine: Machine Learning Prediction As A Service
Scala
15
star
98

pynetforce

Network infrastructure automation service
Python
15
star
99

Vivid

A visual testing tool to compare two web pages visually and generate the pixel difference they have.
JavaScript
14
star
100

sisl

High Performance C++ data structures and utilities
C++
14
star