Add support for FIDO / hardware authentication keys (e.g. Yubikey)

[Frooxius]

Is your feature request related to a problem? Please describe.

Currently Resonite supports logging in through credential+password and SAML 2.0. It would be highly beneficial to support hardware keys such as Yubikey through the FIDO protocol, as these can provide increased security and are easier to use.

Describe the solution you'd like

Resonite's backend SkyFrost already has support for multiple authentication methods. We will need to add support for the FIDO flow for setting up key and subsequent login.

Once the key is setup, the login dialog will let the user login by simply plugging in the key and initiating the login action (e.g. by tapping the key).

This will require to build UI for managing login methods on user's account. We could potentially use the settings UI to handle account settings like this.

Describe alternatives you've considered

We can keep existing login methods, but there would be benefits to supporting more.

Additional Context

Once this is implemented we can also mandate support for team members and other people with access to parts of the platform (e.g. moderators) to increase overall security and lessen risks of attack.

[shininghero]

Yes please. I also recommend allowing enrollment of a second FIDO token for backup purposes, in case users or staff lose their primary one.

[Frooxius]

Yes. The way this would be implemented is that you'll be able to add multiple keys and authentication methods to your account and be able to use any of them.

That way you can add as many keys as you want. Potentially you could also add multiple passwords as well.