Replies: 4 comments
-
|
Generic code could probably live in this gem. |
Beta Was this translation helpful? Give feedback.
-
|
@grzuy I also mentioned this on cedarcode/webauthn-rails-demo-app#116, but I'm currently working on Sorcery v1 and plan on adding WebAuthn support as a plugin. Perhaps Sorcery could fill the role of managing credential storage in those use-cases? Let me know what you think! 😄 Also a question if you don't mind: How much of the authentication stack does WebAuthn cover? I'm looking at it primarily to provide U2F support for Rails applications, but it looks like it's a little more comprehensive than just providing 2FA. |
Beta Was this translation helpful? Give feedback.
-
|
@athix that's great to hear! Rodauth also recently added support for WebAuthn. On the subject of this issue: IMO storage is better handled completely outside of this gem, I have a hard time imagining what a useful abstraction here would look like for external consumers.
U2F is the legacy browser API, not to be confused with 2FA. WebAuthn can be used for second factor and multi-factor authentication without a username and password. The FIDO Alliance recently released the How to FIDO document to provide additional implementation guidance beyond the W3C standard. |
Beta Was this translation helpful? Give feedback.
-
|
Ah, it seems I've confused U2F and FIDO 2nd-factor! Thanks for clarifying that, and the great documentation link. I'll give the How to FIDO README a thorough look-through this weekend. |
Beta Was this translation helpful? Give feedback.
-
As a webauthn gem user
I want the gem to provide some sort of automatic credential storage management
So that I don't have to manually code that myself in my ruby app
This maps to steps 22, 23 and 24 of the Registering a new credential in the WebAuthn spec.
Beta Was this translation helpful? Give feedback.
All reactions