You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice to be able to use FIDO2 tokens (or passkeys) to authenticate with the web interface instead of passwords. It can be made easy to set up with a gok auth command that runs the registration flow and adds the necessary data to the config file.
Even CLI authentication could be handled with the WebAuthN protocol, by having the CLI get an authentication response from the FIDO2 token. It might even be able to skip the roundtrip with the server by taking the necessary challenge data from the config.
Generally I’m a fan of hardware tokens, but my knowledge dates back to when they were still called U2F :)
I’m a bit wary of the complexity that FIDO/passkey integration entails (and, more generally speaking, of offering more than one authentication mechanism), though maybe I’m not estimating it correctly.
A (quick & dirty) proof of concept would be helpful if you feel like exploring this further.
It would be nice to be able to use FIDO2 tokens (or passkeys) to authenticate with the web interface instead of passwords. It can be made easy to set up with a
gok auth
command that runs the registration flow and adds the necessary data to the config file.Even CLI authentication could be handled with the WebAuthN protocol, by having the CLI get an authentication response from the FIDO2 token. It might even be able to skip the roundtrip with the server by taking the necessary challenge data from the config.
Related to #225.
The text was updated successfully, but these errors were encountered: