Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebAuthN authentication #247

Open
FiloSottile opened this issue Jan 27, 2024 · 1 comment
Open

WebAuthN authentication #247

FiloSottile opened this issue Jan 27, 2024 · 1 comment

Comments

@FiloSottile
Copy link

It would be nice to be able to use FIDO2 tokens (or passkeys) to authenticate with the web interface instead of passwords. It can be made easy to set up with a gok auth command that runs the registration flow and adds the necessary data to the config file.

Even CLI authentication could be handled with the WebAuthN protocol, by having the CLI get an authentication response from the FIDO2 token. It might even be able to skip the roundtrip with the server by taking the necessary challenge data from the config.

Related to #225.
@stapelberg
Copy link
Contributor

Generally I’m a fan of hardware tokens, but my knowledge dates back to when they were still called U2F :)

I’m a bit wary of the complexity that FIDO/passkey integration entails (and, more generally speaking, of offering more than one authentication mechanism), though maybe I’m not estimating it correctly.

A (quick & dirty) proof of concept would be helpful if you feel like exploring this further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stapelberg @FiloSottile