WebAuthn (Passkey) support?

[h3ndrik]

trafficstars

This is more or less just a question: Is support for WebAuthn planned, somewhere on the agenda or even within scope for this project? Thanks for your time.

[ThiefMaster]

That's a very good question! I think 2FA and webauthn support would be great (I don't like the concept of sole-factor passkeys tbh, since it's used by the big tech vendors to lock you in even more into their ecosystems).

Unfortunately it's not trival at all to support it (regardless of being a first or second factor). Quoting my own comment in the Indico forum from a few weeks ago:

It will need quite a bit of thinking how to best implement it though, since unlike with logging in there need to be many more interactions with the application itself (ie Indico), and it needs to provide some UI for things like MFA setup/reset etc., and it’s up to the application to store the data (OTP secret, whatever is stored for webauthn, scratch/recovery keys).