We like to use Yubico/Yubikeys to enable users to use a 2nd factor in our applications. For this, an administrator has to provision yubikeys to users.
We want to do this in .net and found this library: https://developers.yubico.com/yubico-dotnet-client/
Now according to this site, we need to register first to get a clientid and an apikey (https://upgrade.yubico.com/getapikey/)
My question is: Do I have to automate this website call for every Yubikey I want to provision? Isnt there a supported way to do this via code? How do I un-register a key (if it gets lost or breaks)?
thx Michi
No, you don't need to to create a new clientId/apiKey for each Yubikey. You only need that for using Yubico's API (YubiCloud) in your application.
To identify a Yubikey, you will use the publicId.
OTPs Explained
So for register a new or remove a old (or lost) Yubikey, you will add or remove that Yubikey from your application.
You can use Yubico's PublicId after you validate the OTP.
https://github.com/Yubico/yubico-dotnet-client