webauthn_components icon indicating copy to clipboard operation
webauthn_components copied to clipboard

Published 20 hours ago verified publisher icon liveshowy

Document Implementation in Existing Apps

Open type1fool opened this issue 1 year ago • 4 comments

As of v0.6.0, WebauthnComponents can be used to easily scaffold Passkey authentication in new Phoenix apps. For existing applications with password-based authentication or 0Auth, more extensive documentation is needed.

type1fool avatar Sep 19 '23 01:09 type1fool

Hi @type1fool. In a hobby project, I very recently replaced a standard phx.gen.auth password system with the current wac.install code.

To do it, I created a brand new phoenix project, ran mix format, committed to git and then ran wac.install and committed the diff again. By exporting the diff, I went through all the modified, created and deleted files 1-by-1 and changed what was needed in my hobby project.

One of the big sticking points for me was the use of OLID. I experimented with migrations that would generate new primary keys and such but it became quite difficult (for me). I ended up reverting to standard :binary_id. Hopefully someday the standard binary_id in generators will be UUIDv7.

Anyway, would you accept a "How To" guide written by an enthusiastic noob who discards the use of OLID? If OLID usage is to be conserved then I am unable to write such a guide.

peaceful-james avatar Jun 25 '24 12:06 peaceful-james

@peaceful-james ULID may indeed be a bad fit for the package. It was carried over from the application where I started developing Passkey support, but I recognize it's possibly not ubiquitous enough to be a default.

UUIDv7 would be preferred once it's supported by Ecto. There are a few packages floating around which could help, but I would wait till support is baked into Ecto proper.

Your contributions would be welcome whether they're focused on documentation or enhancements. I appreciate your feedback. 🙏

type1fool avatar Jun 27 '24 04:06 type1fool

I agree it would be wise to wait until UUIDv7 is native to Ecto.

I will do my best to write up a guide for replacing a phx.gen.auth project. I might open a few other PRs along the way, to address any issues I open here. I'm still knee-deep in my own implementation. The devil is in the details!

peaceful-james avatar Jun 27 '24 16:06 peaceful-james

There is a robust UUIDv7 lib https://elixirforum.com/t/uuidv7-a-uuid-v7-implementation-and-ecto-type-for-elixir-based-on-rust/56666/8

I think it would be acceptable for the generator to add this lib to the deps.

peaceful-james avatar Jun 27 '24 19:06 peaceful-james