flutter-passkeys icon indicating copy to clipboard operation
flutter-passkeys copied to clipboard

Published 20 hours ago verified publisher icon corbado

Support for roaming authenticator/hardware security key

Open lauravuo opened this issue 1 year ago • 5 comments

Have you considered to add support for roaming authenticators to ios/android?

When using the javascript webauthn APIs (through iOS webview), a following dialog is shown: Screenshot 2024-02-02 at 13 11 12 This provides an easy way to use same client code for both passkeys and security keys. However, when using the flutter library, as shown in your example app, there is only the passkeys option.

Thanks anyway for publishing the library, it has helped me greatly with my experiments on flutter and passkeys 👍

lauravuo avatar Feb 02 '24 11:02 lauravuo

Hey @lauravuo,

Thanks for raising this issue!

In the current implementation, we intentionally omitted the security key (roaming authenticator) option. This decision was based on our experience, as it often led to confusion among non-technical users. However, we are currently revamping our device and passkeys management in our hosted backend and plan to incorporate a feature toggle that will enable you to provide security keys as an option. This will also necessitate an update to the Flutter package, allowing you to offer security keys as well.

I'll keep you posted / update this GitHub issue as soon as there are any news.

vincentdelitz avatar Feb 02 '24 11:02 vincentdelitz

Hi @vincentdelitz any updates on this?

It's a make or break option for this library for us, even if there's a workaround or patch we can apply that'd be fantastic.

J-tt avatar Feb 21 '24 10:02 J-tt

Hi @vincentdelitz any updates on this?

It's a make or break option for this library for us, even if there's a workaround or patch we can apply that'd be fantastic.

Hey @J-tt, Would you use your own relying party server or a Corbado-hosted one? In general, this feature is still under development, maybe I can provide a workaround though.

vincentdelitz avatar Feb 21 '24 21:02 vincentdelitz

@vincentdelitz were using our own server, it's an internal facing app so there's less concern about user confusion.

J-tt avatar Feb 22 '24 00:02 J-tt

I made a very rough workaround to support just hardware keys (applying this patch will mean you can't use normal passkeys).

You can then override just the passkey_ios dependancy in your flutter pubspec.yaml to a local copy.

0001-Replace-mentions-of-Platform-with-SecurityKey.patch

J-tt avatar Feb 22 '24 06:02 J-tt