As a user, I want to use webauthn when I authenticate with Homechart so I can avoid using passwords

[thequailman]

Requirements

• [ ] Allow users to use web authn for authentication
• [ ] Allow users to have various auth methods for their account:
  • [ ] Create table auth_account_auth_provider
    • [ ] auth_account_id
    • [ ] provider (enum)
    • [ ] oidc_provider_name
    • [ ] data (password_hash, or totp_secret, totp_backup, oidc_id, webauthn)
  • [ ] Infer 2fa options (password_hash + totp_secret, mainly) or allow users to require 2 factor for specific providers?
  • [ ] Change OIDC config to be a map[string] with the OIDC settings becoming provider agnostic
  • [ ] Add docs for OIDC
• [ ] Allow households to configure custom OIDC providers?
• [ ] Use push notifications and QR codes to login/dual factor auth
• [ ] Change admin to require elevated auth
  • [ ] admin property for auth_session becomes admin_expires or null
  • [ ] if admin_expires is < now, no admin
  • [ ] if admin_expires is > now, admin
  • [ ] have user re-authenticate to get admin (do a check in the UI and redirect)
• [x] https://github.com/candiddev/engineering/issues/281

ToDo

• [ ] Add WebAuthn enrollment to Settings > Account > Security
• [ ] Add WebAuthn checks during signin

[thequailman]

https://github.com/w3c/webauthn/issues/151

[thequailman]

Holding off on this until Level 3 stuff is more widely adopted and the implementation becomes easier