SindreBrurberg
commented
1 year ago Webauthn or fido2 might be a better goal. https://github.com/fxamacker/webauthn
Open SindreBrurberg opened 1 year ago
SindreBrurberg
commented
1 year ago Webauthn or fido2 might be a better goal. https://github.com/fxamacker/webauthn
SindreBrurberg
commented
1 year ago This is probably the best base. https://github.com/go-webauthn/webauthn
There could be good reasons to lock certain changes or all actions behind individual authentications. So that you will have to actually use the key when you want a new server or update a config or something like that.
Adding some good reading on how to implement. https://rodneylab.com/sveltekit-fido-u2f-login/ # Good for frontend https://github.com/tstranex/u2f # Seems to be simpel for backend, but might be outdated https://github.com/CaliOpen/gofido # Seems to be actively used, but something looks strange at first glance