Registered passkey does not show in panel (Kirby 4 Beta 1)

[andreasba]

Hi @rasteiner

first of all huge thanks for creating this experimental plugin - it tested it on Kirby 4 current Beta 1 and it works! Almost fully :) When I register a passkey (Windows Hello) the user.en.txt is filled accordingly and I can login with it now.

However, in the panel, the key does not show:

Also, a question: are you planning to introduce FIDO support?

And last but not least: in the readme there is a typo: instead of site/users/admin.yml it should read site/blueprints/users/admin.yml

Thanks Andreas

[rasteiner]

Yeah, even the icon is broken... Seems like the interface to the <k-items> component changed.

I've created a kirby4 branch for you: https://github.com/rasteiner/k3-fido2/archive/refs/heads/kirby4.zip That should work :)

Thanks for the pointer to the readme mistake, corrected that.

What do you exactly mean by "introducing FIDO support"?

[andreasba]

Wow, big thanks @rasteiner that is awesome of you - it works now, yes :)

What I mean is that the dialog in Windows which opens up when I click "Register new" does not show me the Security Key aka FIDO key but only Windows Hello and PIN: But I am not sure whether this is my "topic" or the plugins - normally, I can choose between all three, that is why I am asking.

Thanks again Andreas

[rasteiner]

Oh, you mean like a physical usb key? I don't have one, and the whole subject is rather new to me. This was, after all, an experiment for me.

AFAIK, you probably don't see the option for the physical key because I disabled support for "cross platform attachments", because I don't really understand the implications. Also don't understand if I have to check attestations then or what...

I also wanted to support "discoverable credentials" (so that you don't have to provide a username to kirby when logging in), but since those usb sticks can "fill up" with resident keys when registering the same "relying party" multiple times (without the possibility to clear them, it seems) I didn't want to break anyone's usb key thingy... So I disabled them.

However, if you dare, I think you can enable it again by setting crossPlatformAttachment to true, here: https://github.com/rasteiner/k3-fido2/blob/kirby4/classes/Fido2.php#L73

[andreasba]

Thanks a lot for your detailed response @rasteiner - I totally get it, it is complicated so I am thankful someone else tried it out :) I was just confused because you named the package FIDO2 and for me this is a FIDO-Key mostly in the form of a physical Yubikey - not Passkeys. Anyway, thanks again!