question: add passkey support

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐

https://authcrunch.com/

Apache License 2.0

1.33k stars 69 forks source link

question: add passkey support #154

Closed gedw99 closed 1 week ago

gedw99 commented 1 year ago

A clear and concise description of what you want to accomplish.

Passkeys are coming . Microsoft, google and Apple are all working on it and it’s now in iOS and Mac

it would be cool if this can be supported. WebAuthn is already and so adding passkeys is likely to be the next step as passkeys are part of WebAuthn.

i found this example in golang . https://github.com/orgs/teamhanko/repositories

it might be a good resource and so posting it here if anyone else is interested

greenpau commented 1 year ago

@gedw99 , this is a long shot for now. I don’t have much time to invest in the research.

gedw99 commented 1 year ago

no worries.

I got it working as a hacky prototype. I hope to publish this so it can be a plugin for caddy security stuff your doing.

ptman commented 1 year ago

https://github.com/go-webauthn/webauthn made adding webauthn/passkey support to a go service easy

gedw99 commented 1 week ago

thanks @ptman

Hanko also uses that same Package. See https://github.com/teamhanko/hanko/blob/main/backend/handler/webauthn.go#L7

So not sure if I should use Hanko or just that package yet.

@greenpau

I am actively working on integrating this with NATS Jetstream, so that rules can be applied at Caddy level but also NATS topics and Subject wildcards as a type of Policy engine that can all be configured in a CaddyFile - both the URL but also the NATS Subjects using https://github.com/infogulch/xtemplate-caddy is a Caddy Module with NATS integration.

https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_callout is the Integration point and has good docs or here is a Video deep diving it: https://www.youtube.com/watch?v=VvGxrT-jv64

Have a look and reach out if your interested.

greenpau commented 1 week ago

The passkey should now work out of the box.

https://www.youtube.com/watch?v=6BWPu7127Bw

gedw99 commented 1 week ago

thanks @greenpau

I will try it out. The Config is daunting :)

gedw99 commented 1 week ago

hey @greenpau

Watched the Youtube demo. It seems to be designed for an Ops team, and not an End User.
An End User would find that daunting to use IMHO.. Know what I mean ?

greenpau commented 1 week ago

An End User would find that daunting to use IMHO.. Know what I mean ?

@gedw99 , not really. I onboarded passkeys from my iphone, ipad, windows hello and doing just fine. The key is onboarding app token first.

gedw99 commented 1 week ago

There is no way a user could do it imho .

greenpau commented 1 week ago

There is no way a user could do it imho .

@gedw99 , it is not geared towards ecommerce shopping cart solution.