ben-krieger
commented
1 week ago A PR related to auth is welcome. This is meant to be an opinionated server implementation (as opposed to the example in the go-fdo library repo), so one or more options (mTLS, OIDC, etc.) can be supported in this server, as needed. If the number of options grow, we should probably designate maintainers.
This can be as simple as having a flag on the server command for an api-key - that's shared with whoever is managing the client side as well. Except for DI, any other management task would benefit from the added security. Any reason why this should not be implemented? I'm happy to help here as well.