Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #492 from goldenauge/master
fix luxon validation
- Loading branch information
{{ message }}
76c66b8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding support for WebAuthn
WebAuthn is a new API to, basically, remove passwords from websites and use Apple Touch ID / Face ID / Android Fingerprints / Windows Hello / etc. instead.
https://webauthn.io/
How WebAuthn works
Basically the device (like your Phone) has a credential repository with Public and Private key pairs. This repository is keep safe by the device and only used to encrypt a piece of information using the private key (in your device) that can be decrypted by the server using the public key.
This piece of information is called the challenge and is a random string generated by the server. When the server receives the encrypted challenge he can be sure of your identity, because only you have the private key. At no point the a shared secret (like a password) is sent through the wire.
All this looks complicated, but it's very simple to the end user: In order to open this credential repository and encrypt the challenge he only needs to use a device-specific authentication mechanism like Touch-ID, Face-ID, Windows Hello or a Yubico key. If his device has no such capabilities, then probably will fallback to your log-in PIN.
But this simplicity for the user is also very secure, since the key pair is stored in the device, you already have a two factor authentication for free.
Why now?
WebAuth has already good browser support, but the important thing is that iOS 14 has now support for it: https://www.theverge.com/2020/6/24/21301509/apple-safari-14-browser-face-touch-id-logins-webauthn-fido2. I think this will make it a popular technology.
I have tested it in Windows 10 and iOS 14 successfully.
Changes in Extensions
This diff shows the changes in Signum Extensions that implement this awesome new feature signumsoftware/extensions@03cfe5a...5201dde
It's using the library /~https://github.com/abergs/fido2-net-lib that contains an interactive demo here: https://www.passwordless.dev/
How it works for the user
Registration
Once logged in, there is a new option in the Login drop-down
Then a device-specific popup comes (Windows PIN in this case)
Finally the public key is upload to the server and associated with the current user
Log-in
There is a new Login with X button in the Login page
If the username is not set, and there is more than one key available for this domain, a device specific selector appears to choose the user:
Finally a device-specific popup comes (Windows PIN in this case)
And that's it! You're logged in.
Note: The "Login with Windows Hello / PIN" message depends on a hard-coded heuristic to detect Windows / iPhone / AndroidHow to Migrate your App
Check the changes in Southwind: signumsoftware/southwind@ced4b8a...c087853
Conclusion
Next times hackers will steal your eye :)
76c66b8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
76c66b8There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect! Fantastic Feature! 👏 👏 Thank you