Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support WebAuthn for Login. #794

Open
dharrigan opened this issue Feb 26, 2021 · 3 comments
Open

Support WebAuthn for Login. #794

dharrigan opened this issue Feb 26, 2021 · 3 comments
Labels

Comments

@dharrigan
Copy link

WebAuthn, as defined here https://en.wikipedia.org/wiki/WebAuthn is a web standard used to secure authentication to web sites and services. It has been an W3C official standard since 2019. A very common example is the use of so-called security keys such as Yubico Yubikey, Google's Titan Security Key, and various other open source implementation such as Solo and so on.

WebAuthn is supported by all modern browsers, such as Firefox, Chromium, Safari, Brave and so on.

Presently, Clojars Web supports the use of 2FA via TOTP tokens - which is most excellent - for authentication to the "admin" area of each user's profile.

It would be very good if, in addition to TOTP, the user had the ability to register a FIDO/FIDO2 compatible key against their profile, thus allowing users to authenticate via the security key instead of the TOTP token (the user can choose which one to authenticate by on login).

Since WebAuthn is "built-in" to modern browsers, the APIs are already there to implement it.

More research would be required to determine how precisely it would fit into Clojars Web and how to properly obtain authentication against existing and new users.

@JohnnyJayJay
Copy link
Contributor

If this is up for grabs, I would give implementing this a shot next month 😄

@tobias
Copy link
Member

tobias commented Oct 4, 2022

@JohnnyJayJay That would be great! I don't know anything about WebAuthn (other than what @dharrigan taught me above :)), but would be happy to provide any guidance needed relating to the Clojars codebase.

@JohnnyJayJay
Copy link
Contributor

That would be much obliged. I joined the clojars Channel on the Clojurians Slack, I'll give you a heads up there when I need assistance. At first glance, it seems like there are a lot of components that need to be adjusted to implement this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants