Pepperminty-Wiki icon indicating copy to clipboard operation
Pepperminty-Wiki copied to clipboard

Published 20 hours ago verified publisher icon sbrl

Webauthn support

Open sbrl opened this issue 5 years ago • 2 comments

Now that I've got a hardware security key, it would be really cool if Pepperminty Wiki supported passwordless login with Webauthn. We'll have to get our crypto hat on though, because it's sure to be a bit of a challenge to work with.

Thankfully, @My1 on Twitter has provided some sample code for us to analyse as a starting point: https://gist.github.com/My1/7ab5c4b154164331ac2ef18a65fd8a64

sbrl avatar Oct 07 '19 14:10 sbrl

to be honest it is kinda dirty and meant to be as easy as possible for me (no object classes outside the one(s) from the library and unneeded functions, just a "pull the trigger and go" thing

also since it was for a sandbox implementation that isnt meant to be abused I do not have any exception checking yet and so on just a VERY basic limitation on the userid and check on the credentialid to stop the most obvious sql injection ideas

My1 avatar Oct 07 '19 14:10 My1

Thanks for the info, @My1!

Indeed, as part of the analysis and implementation I'll look at extensively improving and refactoring it, so get it to fit with Pepperminty Wiki's programming style - and to handle all the edge cases.

I'm quite busy at the moment though, so it may have to wait a while :confused:

sbrl avatar Oct 08 '19 23:10 sbrl