Open Frooxius opened 11 months ago
Yes please. I also recommend allowing enrollment of a second FIDO token for backup purposes, in case users or staff lose their primary one.
Yes. The way this would be implemented is that you'll be able to add multiple keys and authentication methods to your account and be able to use any of them.
That way you can add as many keys as you want. Potentially you could also add multiple passwords as well.
Is your feature request related to a problem? Please describe.
Currently Resonite supports logging in through credential+password and SAML 2.0. It would be highly beneficial to support hardware keys such as Yubikey through the FIDO protocol, as these can provide increased security and are easier to use.
Describe the solution you'd like
Resonite's backend SkyFrost already has support for multiple authentication methods. We will need to add support for the FIDO flow for setting up key and subsequent login.
Once the key is setup, the login dialog will let the user login by simply plugging in the key and initiating the login action (e.g. by tapping the key).
This will require to build UI for managing login methods on user's account. We could potentially use the settings UI to handle account settings like this.
Describe alternatives you've considered
We can keep existing login methods, but there would be benefits to supporting more.
Additional Context
Once this is implemented we can also mandate support for team members and other people with access to parts of the platform (e.g. moderators) to increase overall security and lessen risks of attack.