Replies: 4 comments
-
|
Generic code could probably live in this gem. |
Beta Was this translation helpful? Give feedback.
-
|
@grzuy I also mentioned this on cedarcode/webauthn-rails-demo-app#116, but I'm currently working on Sorcery v1 and plan on adding WebAuthn support as a plugin. Perhaps Sorcery could fill the role of managing credential storage in those use-cases? Let me know what you think! 😄 Also a question if you don't mind: How much of the authentication stack does WebAuthn cover? I'm looking at it primarily to provide U2F support for Rails applications, but it looks like it's a little more comprehensive than just providing 2FA. |
Beta Was this translation helpful? Give feedback.
-
|
@athix that's great to hear! Rodauth also recently added support for WebAuthn. On the subject of this issue: IMO storage is better handled completely outside of this gem, I have a hard time imagining what a useful abstraction here would look like for external consumers.
U2F is the legacy browser API, not to be confused with 2FA. WebAuthn can be used for second factor and multi-factor authentication without a username and password. The FIDO Alliance recently released the How to FIDO document to provide additional implementation guidance beyond the W3C standard. |
Beta Was this translation helpful? Give feedback.
-
|
Ah, it seems I've confused U2F and FIDO 2nd-factor! Thanks for clarifying that, and the great documentation link. I'll give the How to FIDO README a thorough look-through this weekend. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
As a webauthn gem user
I want the gem to provide some sort of automatic credential storage management
So that I don't have to manually code that myself in my ruby app
This maps to steps 22, 23 and 24 of the Registering a new credential in the WebAuthn spec.
Beta Was this translation helpful? Give feedback.
All reactions